[From the desk of Paul Davis – his opinions and no-one else’s]
\nIf you dealing with the challenges of PCI, look out for the invites to get “early” access to the latest Verizon report. Provides some great insight and support for compliance.<\/p>\n
For now for the news:<\/p>\n
Eighty pct of global merchants fall short on card data security compliance: report<\/p>\n
(Reuters) – Four out of five global retailers and other merchants failed interim tests to determine whether they are in compliance with payment card data security standards, putting them at increased risk of cyberattacks, according to a new report by Verizon Communications Inc.<\/p>\n
The report, which gathered data in 30 countries by assessing more than 5,000 merchants including retailers, financial institutions and hospitality firms among others, found only 20 percent of those tested to be fully compliant less than a year after installing security safeguards. [Link to report: vz.to\/PCIR15X ]<\/p>\n
From 2013-2014, overall compliance went up by 18 percentage points for 11 out of the 12 payment data security standards.<\/p>\n
Link: http:\/\/www.reuters.com\/article\/2015\/03\/11\/cybersecurity-usa-idUSL4N0WC4TV20150311 <\/p>\n
Kaspersky reveals CAPTCHA-tricking Podec Trojan (11 Mar 2015 01:58 GMT)<\/p>\n
\u2026 security software company said on March 10 that the malware, Trojan-SMS.Android \u2026 premium-rate services, said the security software company. According to Kaspersky, Podec \u2026 or its deletion. Additionally, the Trojan employs obfuscation and an \u2026<\/p>\n
Link: http:\/\/www.zdnet.com\/article\/kaspersky-reveals-captcha-tricking-podec-trojan\/#ftag=RSSbaffb68 <\/p>\n
PayPal buys Israel cyber security firm for \u00a340 million<\/p>\n
PayPal\u2019s purchase of the Beersheva-based company, which protects against malware and predicts future hacking techniques, is part of the company’s plan to expand its existing operations in Israel.<\/p>\n
Link: http:\/\/www.thejc.com\/news\/world-news\/131425\/paypal-buys-israel-cyber-security-firm-%C2%A340-million <\/p>\n
Four critical questions to ask yourself When looking for a Cyber Threat Intelligence Partner<\/p>\n
When looking for a cyber threat intelligence solution you need to understand that you aren’t buying technology so much as engaging with a long-term partner that extends the size of your team and strengthens your defenses – or at least that should be the case.<\/p>\n
Link: http:\/\/www.isightpartners.com\/2015\/03\/four-critical-questions-to-ask-yourself-when-looking-for-a-cyber-threat-intelligence-partner\/ <\/p>\n
Isle of Man steps up efforts to court cryptocurrency startups<\/p>\n
The Isle of Man (IoM) government says it\u2019s making good legislative headway on the regulation of cryptocurrencies, as it seeks to position itself as a prime location for firms dealing in digital money.<\/p>\n
The Isle of Man has made a concerted effort over the past year to attract cryptocurrency startups and drive up the contribution e-business makes to its economy from 20% now to at least 23% by 2020.<\/p>\n
Link: http:\/\/www.computerweekly.com\/news\/2240242032\/Isle-of-Man-steps-up-efforts-to-court-cryptocurrency-startups?asrc=EM_EDA_40567090&utm_medium=EM&utm_source=EDA&utm_campaign=20150311_Apple%20and%20Microsoft%20patch%20Freak%20vulnerability_ <\/p>\n
Businesses taking PCI compliance more seriously: Verizon<\/p>\n
The number of organisations that fully complied with the payment card industry (PCI) security standards during 2014 rose to 20 percent, according to the latest Verizon PCI compliance report.<\/p>\n
The report indicated that the level of full compliance was due to an improvement of compliance across the board, with over 60 percent of companies assessed during 2014 compliant with any of the 12 PCI DSS requirements. As a result, PCI DSS compliance went up by an average of 18 percent for 11 out of 12 requirements.<\/p>\n
Link: http:\/\/www.zdnet.com\/article\/businesses-taking-pci-compliance-more-seriously-verizon\/#ftag=RSSbaffb68 <\/p>\n
Fast-changing security threats overwhelm IT managers – survey<\/p>\n
The study of just over 1,000 security professionals in the United States, Britain and Canada paints a picture of mounting pressures on organisations due to a shortage of necessary specialist skills, tight budgets and poor employee education.The study found 54 percent of respondents believed security staffing levels inside their organisations needed to double in size and another 24 percent said they needed to quadruple, in order to cope with the range of cybersecurity issues they face. <\/p>\n
The poll was conducted in December and January by a third-party firm on behalf of Trustwave and drew on responses from more than 600 U.S. security professionals and another 200 each in Canada and Britain.<\/p>\n
Link: http:\/\/uk.reuters.com\/article\/2015\/03\/11\/uk-cybersecurity-survey-idUKKBN0M727A20150311 <\/p>\n
Targeting law firms<\/p>\n
While cybercrime has plagued U.S.-based law firms quietly for close to a decade, the frequency of attempts and attacks has been increasing substantially. Numbers aren\u2019t available, since unlike hacking at financial institutions, law firms have no legal obligations to disclose cybercrimes to the public.<\/p>\n
But experts say that these crimes have increased, particularly at firms whose practices involve government contracts or mergers and acquisitions, especially when non-U.S. companies or countries are involved.<\/p>\n
At least 80 percent of the biggest 100 law firms have had some sort of breach, Peter Tyrrell, the chief operating officer of Digital Guardian, a data security software company, said in a telephone interview.<\/p>\n
Link: http:\/\/thedailyrecord.com\/2015\/03\/11\/targeting-law-firms\/#ixzz3U7lh5WkL <\/p>\n
Self-deleting malware targets home routers to gather information<\/p>\n
Attackers could be using VICEPASS for reconnaissance, or for future cross-site request forgery attacks. Researchers with Trend Micro have analyzed …<\/p>\n
Link: http:\/\/www.scmagazine.com\/malware-that-connects-to-home-routers-deletes-itself-without-a-trace\/article\/403050\/ <\/p>\n
EiQ Networks Launches SecureVue STIG Profiler to Protect Against Cyber Attacks<\/p>\n
BOSTON, March 11, 2015 \/PRNewswire\/ — EiQ Networks, a pioneer in continuous security intelligence, risk and compliance solutions, launched SecureVue STIG Profiler, a free software solution that plays a critical role in STIG compliance monitoring. The Defense Information Systems Agency (DISA) issues Security Technical Implementation Guides (STIG) that detail the specific configurations settings that must be implemented for various networked devices and applications. Department of Defense agencies and contractors supporting DoD are required to implement the configurations standards outlined in the STIGs in an effort to better secure networks and prevent cyber attacks. A system can have multiple STIGs that apply to it based upon the operating system and applications installed. One of the more time consuming aspects with the implementation of the STIGs is knowing what STIGs apply to any given system. Up until today this has been a very manual and time consuming process. The SecureVue STIG Profiler automates this part of the STIG process and in turn, provides detailed information regarding what STIGs apply to a system based upon the software installed. <\/p>\n
Link: http:\/\/www.reuters.com\/article\/2015\/03\/11\/ma-eiq-securevuestig-idUSnPnXkkpH+51+PRN20150311 <\/p>\n
Hexis Cyber Solutions Launches Latest Version of HawkEye AP for Insider Threat Detection and Advanced Big Data Analytics<\/p>\n
HANOVER, Md., March 10, 2015 (GLOBE NEWSWIRE) — Hexis Cyber Solutions, Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced the latest version of HawkEye AP, its highly scalable, log management solution that provides sophisticated analytics on high volumes of event data. With a new intuitive graphical user interface and an advanced analytics toolbox, HawkEye AP gives users a wide range of new capabilities to model and analyze data according to their specific needs. Included with this release is a new out-of-the-box model covering Insider Threat Detection.<\/p>\n
Link: http:\/\/www.virtual-strategy.com\/2015\/03\/10\/hexis-cyber-solutions-launches-latest-version-hawkeye-ap-insider-threat-detection-and-adv#axzz3U7otOW7W
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: Subscribe to this list<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] If you dealing with the challenges of PCI, look out for the invites to get “early” access to the latest Verizon report. Provides some great insight and support for compliance. For now for the news: Eighty pct of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1002","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1002"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1002\/revisions"}],"predecessor-version":[{"id":3489,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1002\/revisions\/3489"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}