70% cos feel CEOs are responsible for data breaches, only 5% blame IT dept
\nWebsense, Inc. a company protecting organizations from the cyber-attacks and data theft, has announced the results of an international survey of 102 security professionals conducted at this year\u2019s e-Crime Congress. Nearly all respondents (98 %) believe that the law should address serious data breaches that expose consumers\u2019 data loss through punishments such as fines (65%), mandatory disclosure (68%), and compensation for consumers\u2019 affected (55%). Sixteen percent even advocate arrest and jail sentence for the CEO or board members.
\nRespondents feel that companies that are not taking action against data loss and theft have it as an agenda item, but it\u2019s not yet a high enough priority (45%). Furthermore, 70% say the CEO should hold ultimate responsibility should a breach arise. And the pressure is mounting, as 93% of all respondents believe the advent of the Internet of Things will make companies even more vulnerable to data theft.
\nLink: http:\/\/www.firstpost.com\/business\/70-cos-feel-ceos-responsible-data-breaches-5-blame-dept-2174439.html<\/p>\n
Windows Server 2003 End-of-Life Survey Finds Nearly One in Three Companies Will Miss Deadline, Leaving Nearly 3 Million Servers Vulnerable to Breach
\nAn estimated 2.7 million servers\u2014potentially containing hundreds of millions of files\u2014will be unprotected after July 14, 2015, the end-of-life deadline, according to the survey Bit9 + Carbon Black conducted in February 2015.. Key findings from the survey\u2014of IT leaders at 500 medium and large enterprises in the U.S. and U.K. with at least 500 employees–include:
\n– More than half of enterprises (57 percent) do not know when the end of life deadline is<\/p>\n
Link: http:\/\/www.darkreading.com\/vulnerabilities—threats\/windows-server-2003-end-of-life-survey-finds-nearly-one-in-three-companies-will-miss-deadline-leaving-nearly-3-million-servers-vulnerable-to-breach\/d\/d-id\/1319612 <\/p>\n
Rise of threat intelligence is leading to too many sources, finds MWR, CPNI and CERT-UK
\nThreat intelligence is rapidly becoming an ever-higher business priority with a general awareness of the need to \u2018do\u2019 threat intelligence, but vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products.
\nAccording to MWR senior security researcher Dr David Chismon, there is a risk that in the hurry to keep up with the threat intelligence trend, organisations will end up paying large amounts of money for products that are interesting but of little value in terms of improving the security of their business. \u201cDoing threat intelligence is important \u2013 but doing it right is critical,\u201d he said.
\nIn a report by MWR Infosecurity, supported by the Centre for the Protection of National Infrastructure (CPNI) and CERT-UK, the theme of threat intelligence is covered, including how to build a successful threat intelligence programme ,and crucially, how not to build one, as well as detailed advice on collecting, analysing, acting on and sharing the information obtained.
\nLink: http:\/\/www.itsecurityguru.org\/2015\/03\/25\/rise-of-threat-intelligence-is-leading-to-too-many-sources-finds-mwr-cpni-and-cert-uk\/ <\/p>\n
On the Heels of the Successful Ramnit Botnet Takedown, AnubisNetworks Adds Powerful New Features to Cyberfeed Threat Intelligence Service \/ New Cyberfeed Release Delivers More Visibility Into Cyber Threat Vectors and Improved Enrichment and Correlation f
\nAnubisNetworks, a subsidiary of Security Ratings company BitSight Technologies, announced today significant enhancements to Cyberfeed, a subscription-based threat intelligence service that allows advanced security organizations such as SOCs, MSSPs and CERTs to obtain real-time event feeds on security threats.
\nProduced from vast global and proprietary sensors networks, Cyberfeed delivers contextualized threat intelligence by correlating data from different security feeds, for example, verifying if an organization’s IP reputation decrease is related to compromised systems or a persistent campaign. These feeds are enriched with data such as geolocalization information or malware profile, thus enabling organizations to act faster and proactively mitigate cyber risks.
\nNew Enhancements to Cyberfeed
\n\t\u2022\tIntelligence Breadth
\n\t\u2022\tData Depth
\nLink: http:\/\/www.finanznachrichten.de\/nachrichten-2015-03\/33222776-on-the-heels-of-the-successful-ramnit-botnet-takedown-anubisnetworks-adds-powerful-new-features-to-cyberfeed-threat-intelligence-service-new-cyber-256.htm <\/p>\n
New York Fed Creates Cybersecurity Team
\nBloomberg Business on Tuesday reported that the Federal Reserve Bank of New York has created a new team dedicated towards cybersecurity threats.
\nThe team will be led by Roy Thetford, the bank’s former information security officer. He will be working with an examination team to establish a new risk-based cybersecurity assessment framework.
\nLink: http:\/\/www.benzinga.com\/news\/15\/03\/5355778\/new-york-fed-creates-cybersecurity-team <\/p>\n
UK attacks on crypto keys and digital certificates endemic
\nAll 499 UK security professionals polled in a global survey say their organisations have responded to multiple attacks on keys and certificates in the past two years.
\nThe 2015 Cost of Failed Trust Report, commissioned by security firm Venafi, claims to be the only research of its kind to examine the internet system of trust.
\nThe potential risk facing UK firms from attacks on keys and certificates is expected to reach at least \u00a333m in the next two years, according to the report, based on interviews with more than 2,300 IT security professionals around the world.
\nLink: http:\/\/www.computerweekly.com\/news\/4500243119\/UK-attacks-on-crypto-keys-and-digital-certificates-endemic?asrc=EM_ERU_41107776&utm_medium=EM&utm_source=ERU&utm_campaign=20150326_ERU%20Transmission%20for%2003\/26\/2015%20(UserUniverse:%201433145)_myka-reports@techtarget.com&src=5373575 <\/p>\n
Despite Demands of Ongoing Transformation, CIOs and IT Professionals Remain Focused on Security and Privacy in 2015
\nMENLO PARK, Calif., March 25, 2015 \/PRNewswire\/ — As organizations continue to undergo major changes and technology upgrades, CIOs and IT professionals are under growing pressure to manage these transformations successfully while simultaneously addressing increased cybersecurity threats, according to a new survey by global consulting firm Protiviti (www.protiviti.com).
\n“Gone are the days where information security and data privacy vulnerabilities are viewed as just technical issues. Today, these challenges include critical business policy, governance, compliance and communications that must be addressed across the enterprise, placing even more responsibilities on the shoulders of executive management,” said Kurt Underwood, a managing director with Protiviti and global leader of the firm’s IT consulting practice. “Our survey findings show that organizations going through major transformations see the need to elevate more of their attention and budgets toward mitigating and combating security risks as they seek to enhance and protect the value of their businesses with technology.”
\nLink: http:\/\/www.reuters.com\/article\/2015\/03\/25\/proviti-it-idUSnPn5H4q25+90+PRN20150325 <\/p>\n
Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide
\nDark Reading
\nThis vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs.
\n\u2026 discovered a critical vulnerability in ANTlabs’ InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user’s connection and potentially gain access to a hotel’s property management system (PMS).Link: http:\/\/www.darkreading.com\/attacks-breaches\/cylance-researchers-discover-critical-vulnerability-affecting-hotel-chains-worldwide\/d\/d-id\/1319644 <\/p>\n
Virginia first state to enact digital identity law
\nLegislation in Virginia will create uniform standards for strengthening and authenticating digital identities. The Commonwealth of Virginia is taking the lead on this issue, as the first in the nation attempting to codify their way out of weak passwords, data breaches and identity theft. The bill has been approved by the General Assembly and was signed into law by Gov. Terry McAuliffe.
\nLink: http:\/\/www.secureidnews.com\/news-item\/virginia-first-state-to-enact-digital-identity-law\/# <\/p>\n
New anti-malware weapon launched as NZ cyber security takes giant leap forward
\nThe Red Alert system is the result of several years\u2019 work by NICT scientists and engineers, supported through commissioned research projects, including by Unitec staff and students on computational intelligence for cyber security.
\nDesigned to help protect any network that is connected and subscribed to it, Red Alert will issue an alert as soon as a hack takes place – it will detect intrusions, notify the victim and then provide a report which includes the type of attack, the part of the network infected and a list of experts who can help them resolve the issue.
\nLink: http:\/\/www.computerworld.co.nz\/article\/571389\/new-anti-malware-weapon-launched-nz-cyber-security-takes-giant-leap-forward\/ <\/p>\n
New router malware injects ads and porn into websites
\nA new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router’s DNS settings. Thanks to a clever implementation, this malware can hijack nearly every website on the internet for malicious purposes.
\nThe malware finds its way into routers by exploiting the fact that many people don’t change their router’s default login credentials. It also attempts to send unauthenticated configuration requests to routers, which some models are vulnerable to. Ara Labs didn’t specify what routers are affected, but keeping your router’s firmware up to date and changing the default login credentials are good ways to keep secure.
\nLink: http:\/\/www.techspot.com\/news\/60169-new-router-malware-injects-ads-porn-websites.html <\/p>\n
The top SA banking malware is…
\nThey are: SWISYN, which makes up 37% of detections, followed by DORKBOT (27%) and ZEUS\/ZBOT (23%).
\nLink: http:\/\/www.fin24.com\/Tech\/News\/The-top-SA-banking-malware-is-20150325<\/p>\n","protected":false},"excerpt":{"rendered":"
70% cos feel CEOs are responsible for data breaches, only 5% blame IT dept Websense, Inc. a company protecting organizations from the cyber-attacks and data theft, has announced the results of an international survey of 102 security professionals conducted at this year\u2019s e-Crime Congress. Nearly all respondents (98 %) believe…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1013","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1013"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1013\/revisions"}],"predecessor-version":[{"id":3500,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1013\/revisions\/3500"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}