[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
Also, would it help to include a table of contents at the beginning of the email? This would make the email message longer, but might make it easier to jump to the sections you are interested in. Send an email to mail@paulgdavis.com if you think it is a good idea.
So onto the news:
Cisco’s 2016 Security Report: Attacks getting stronger, defender confidence dropping
One of the top findings from this year’s report was that defender confidence is dropping, with only 45% of global organizations worldwide confident in their security relative to today’s threats.
However, many executive said they expect greater transparency on security in the future.
According to a company press release: “This points to security as a growing boardroom concern.”
Aging infrastructure also played a role in poor security posture with 92% of internet devices operating with known vulnerabilities.
Jason Brvenik, principal engineer for the Security Business Group at Cisco, said that some were running with up to 26 vulnerabilities.
Additionally, 31% of devices are running with no vendor support.
Cisco’s report also identified another, relational threat to enterprisesâSMBs.
Based on the report’s finding, SMBs use fewer tools to identify and defend against security threats.
These “structural weaknesses” present a potential risk to enterprises that may be working with SMBs in some capacity.
However, SMBs are improving their security due, in part, to outsourcing security services.
All in all, outsourcing security is on the rise across the board with more than half of all larger organizations outsourcing consulting services, as well as a good number of businesses outsourcing auditing, monitoring, incident response, and more.
Between February and October 2015, the number of WordPress domains that were being used by cybercriminals grew by a staggering 221%, according to the report.
Another growing risk is the browserâspecifically, malicious browser extensions that have impacted more than 85% in terms of data leakage.
Craig Williams, senior technical leader at Cisco, said that he wasn’t surprised by this number, though.
Being that most cybersecurity issues involve the internet, of course Cisco had to take a look at DNS risks.
Of “known bad” malware, the Cisco report found that almost 92% used DNS to carry out their campaigns.
While he wasn’t totally surprised by the number, Williams said he would have originally guessed it to be closer to 85%.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=94195d0002&e=20056c7556
Oracle releases a record 248 patches
Five of the vulnerabilities have the highest severity rating according to the Common Vulnerability Scoring System (CVSS), wrote ERPScan, a security company that specializes in SAP and Oracle systems.
Most of those vulnerabilities related to Java SE, Oracles’s platform for running Java applications on servers and desktops.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0fcd456f78&e=20056c7556
Breach Investigations: Who’s Accountable?
In a nutshell, the PCI Council’s Professional Forensic Investigator program sets rules and requirements relating to the eligibility, selection and performance of companies that provide digital forensic investigation services.
For example, it states that investigators must work for a PCI-certified Qualified Security Assessor firm that provides a dedicated digital forensic investigation practice.
The council also notes that investigations will rely on proven investigative methodologies and tools, as well as leverage relationships with law enforcement agencies to help with criminal investigations.
But here’s a crucial point: professional forensic investigators should be expected to investigate – but not remediate – data breaches, the PCI Council tells ISMG.
While experts say the PCI Council has implemented new programs that aim to more thoroughly vet QSAs and PFIs, they add that there’s little the council can do to control how QSAs market their products and services, including digital forensics investigations.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a772749c2c&e=20056c7556
Use Servers Impenetrable to Hackers: Government to Departments
BHUBANESWAR: The Odisha Government on Wednesday issued an advisory to its administrative departments and agencies to use secured servers and environment for hosting their websites to safeguard against hacking.
As per the advisory, Government of Indian domains and servers such as gov.in and NIC services like nic.in are ideal for hosting official websites of the Government.
Besides, the secured servers of State Data Centre (SDC) and cloud servers of Meghraj are also prescribed.
The departments have been instructed to use servers which are certified by agencies empanelled by CERT-In.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=79f32ebc35&e=20056c7556
National Cyber Security Alliance Reminds Organizations of All Sizes that “Privacy is Good for Business”
The National Cyber Security Alliance (NCSA), the nation’s leading non-profit promoting cybersecurity, is growing its STOP.
THINK.
CONNECT. campaign to include privacy awareness and education to better help consumers and businesses be thoughtful about the use and protection of data.
“Data Privacy Day and NCSA’s ongoing efforts are designed to raise awareness about the critical role that businesses play in the privacy landscape.
Businesses should be aware that consumers are paying attention to their online privacy â specifically how information is being used and how it’s protected,” said Michael Kaiser, NCSA’s Executive Director. “Establishing a culture of privacy awareness for your customers and employees builds trust between businesses and their customers.
When organizations focus on good data stewardship by strengthening privacy and security practices, they build a safer, more trusted Internet for everyone.”
Another great way for organizations and individuals to officially show support is to become a Data Privacy Day Champion.
Champions represent those dedicated to respecting privacy, safeguarding data and enabling trust.
Being a Champion is easy and does not require any financial support.
Champions can include companies and organizations of all sizes; schools and school districts; colleges and universities; nonprofits; government organizations and individuals.
For more information on how to become a Data Privacy Day 2016 Champion, visit http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5b4794e104&e=20056c7556.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a21daae9a1&e=20056c7556
Cyber crime fastest growing fraud risk in India: EY
âCybercrime is perceived as the fastest growing fraud risk (40%), followed by bribery and corruption (36%) in India,â said Arpinder Singh, partner and national leader, Fraud Investigation & Dispute Services, EY.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9979e70bfb&e=20056c7556
Australia seems ill-equipped for cyberwar ‘rapid catch-up’
China is rapidly expanding its capability for cyber-enabled war, as are other nations.
A leading defence scholar said Australia is ‘badly lagging’.
We need to catch up.
Fast.
But we seem poorly equipped to face that challenge.
“For a quarter of a century, successive Australian governments have been unable to come to terms with the full import of the digital revolution transforming the world,” wrote Professor Greg Austin in his report, Australia Rearmed: Future Capabilities for Cyber-enabled Warfare, released on Tuesday.
“The concept of ‘information society’ as framed around the world does not seem to have as much life in Australia as in most developed countries.
This has had a retarding effect on the country’s digital preparedness for national security purposes,” Austin writes.
Australia has not yet embraced the military concept of “information dominance”, largely a cyberspace strategy, preferring a doctrine of “information activities” based on decades-old concepts.
Australia has also been reluctant to acknowledge the US doctrine of “prompt global strike” in the cyber realm.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a03a6fd0d7&e=20056c7556
Dridex banking malware adds a new trick
IBM’s X-Force researchers have found that the latest version of Dridex uses a DNS (Domain Name System) trick to direct victims to fake banking websites.
The technique, known as DNS cache poisoning, involves changing DNS settings to direct someone asking for a legitimate banking website to a fake site.
Dridex’s operators have created clones of the websites of 13 U.K. banks, which are used in the attacks.
After landing on one of the fake sites, Dridex collects the authentication credentials and two-factor authentication codes.
The details are sent to a command-and-control servers and are verified.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2ed5ac5ac5&e=20056c7556
Tinbapore Malware Targets APAC Banks, Customers
Security vendor F5 Networks have detected what they say is the fifth variant of the Tinba banking trojan, which appears to be specifically targeting banks in the Asia-Pacific region, particularly those in Singapore (Tinba-pore, get it?) and Indonesia, as well as going after banks in other parts of the world.
Also known as Tinybanker, Zusy, or HÎźNTâŹR$, the malware source code was leaked in 2014.
It was noted for being very small, about 20KB, and for being written in assembly language, rather than a higher level language like C.
ngIf: initialized && active end ngIf: initialized && active
The Tinbapore malware infects computers using standard phishing attacks: fake emails dressed up to look like a legitimate email entice users to click on an attachment, which installs the malware on their PC.
This malware specifically targets Windows PCs, embedding itself into four libraries, and running its own browser in the background, from which is launches its attack.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8554fc8e90&e=20056c7556
5 things that top CSO candidates need on a resume
Despite the growing demand for IT security leaders, IT recruiters confirm that organizations are still very fussy about whom they will bring on board or promote into this key role.
A strong background in technology and IT security is a given.
But so are business savvy, solid communication skills, top leadership qualities, and demonstrated value.
Tip 1 â Can you ditch the cover letter?
Tip 2 — Tell your âstoryâ
Tip 3 â Talk up the ârightâ technologies
Tip 4 — Focus on performance
Tip 5âStress the bottom line: your âvalueâ
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6ce6b1cea3&e=20056c7556
Worried about cyberattacks on US power grid? Stop taking selfies at work
The worldâs governments are on notice that their critical infrastructure is vulnerable after an apparent cyberattack darkened 80,000 households in three regions of Ukraine last month.
Social media oversharing is wellspring of information that could be useful to attackers interested in compromising critical infrastructure, said Sean McBride, senior threat intelligence analyst at iSight Partners. Among the valuable information he’s found online: workplace selfies on Instagram and Facebook that reveal details of supervisory control and data acquisition, or SCADA, systems.
“No SCADA selfies!” said Mr.
McBride at the S4 Conference in Miami Thursday. “Donât make an adversaryâs job easier.”
In 2011, industrial control systems expert Ralph Langner used an image of a SCADA control system monitor in one of the photos to match the configuration of the Natanz centrifuges to configuration information in the Stuxnet malicious software created to hobble the facility.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=25300a1ca2&e=20056c7556
5 most dangerous cyber security vulnerabilities that are exploited by hackers
BUFFER OVERFLOW
INJECTION VULNERABILITIES
EXPOSURE OF SENSITIVE DATA
BROKEN SESSION MANAGEMENT AND AUTHENTICATION
SECURITY MISCONFIGURATION
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c7eccb17fb&e=20056c7556
250,000 people ditched TalkTalk after it was hacked last year
Hundreds of thousands of customers are abandoning TalkTalk after it was hacked in October 2015, according to market research company Kantar Worldpanel ComTech.
The group estimates that 250,000 people left the British telecoms company in the fourth quarter of 2015 after hackers stole customer data.
This was offset by 100,000 new customers â making an overall loss of 150,000.
TalkTalk has around 4 million UK customers overall.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cbc538177e&e=20056c7556
Five Questions Clients Asked Most Often in 2015 About Incident Response
(1) If incidents and attacks are inevitable, what preparedness steps should be taken?
he areas of preparedness that go into becoming compromise ready include: (1) preventative and detective security capabilities; (2) threat information gathering; (3) personnel awareness and training; (4) proactive security assessments focusing on identifying the location of critical assets and data and implementing reasonable safeguards and detection capabilities around them; (5) assessing and overseeing vendors; (6) developing, updating, and practicing incident response plans; (7) understanding current and emerging regulatory hot buttons; and (8) evaluating cyber liability insurance.
2) Where can companies improve.
Three places: (1) detect incidents sooner, (2) contain them faster after detection, and (3) keep good logs to facilitate a more precise determination of what occurred before the attack was stopped.
(3) Does the worst-case scenario have to be assumed if there is limited forensic data?
Lack of forensic data can occur because the attack began long enough ago that logs necessary to complete the analysis have been overwritten, logging was not configured to capture the necessary details, logging was not enabled at all, or the attacker used anti-forensic techniques to destroy forensic artifacts (e.g., s-delete, time stomping).
4) What happens after the company provides notice?
While putting our 2015 Incident Response report together, we noticed that we worked with companies that provided notification by mail or substitute notice 75 times in 2014, and lawsuits were filed against only five of the companies.
(5) How will this impact the company.
The most obvious and immediate impact will be the first-party costs (e.g., costs of mailing letters, providing credit monitoring, forensic investigation, crisis communications) and third-party costs (e.g., paying customer claims, defense of lawsuits and regulatory investigations).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=05ca82bd43&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=2224b2cba6)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)