{"id":1029,"date":"2016-07-11T00:00:00","date_gmt":"2016-07-11T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2016\/07\/11\/it-security-news-2017-07-11\/"},"modified":"2021-12-30T11:38:38","modified_gmt":"2021-12-30T11:38:38","slug":"it-security-news-2017-07-11","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2016\/07\/11\/it-security-news-2017-07-11\/","title":{"rendered":"IT Security News &#8211; 2017-07-11"},"content":{"rendered":"<h2><a id=\"a_toc\">Table of Contents<\/a><\/h2>\n<ul>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>How to handle security risks in Red Hat virtualization environments <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Google is already fighting hackers from the future with post-quantum cryptography <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>If My Website Is Hacked and Customer Data Exposed, Am I Liable? <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Business travellers putting organisations&#39; cyber-security at risk <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Protecting a BIT of Integrity BYTES <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Global Cybergangs Take The \u2018Cyber Arms Race\u2019 Lead <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Cybercrime Now Surpasses Traditional Crime In UK <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Report: Firms see cyber threats, but not the means to deal with them <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Business Intelligence and Data Security: A Double-Edged Sword <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>8 Ways Ethically Compromised Employees Compromise Security <\/li>\n<p><\/font><\/p>\n<\/ul>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.techrepublic.com\/favicon.ico\"><\/img> <b>How to handle security risks in Red Hat virtualization environments<\/b>  <\/p>\n<p>\t \tHere&#39;s a rundown of the types of threats to virtualization environments, and ways they can be mitigated:  <br \/>&#8211; Denial of Service (DOS) attacks  <br \/>&#8211; Memory corruption and leakage   <br \/>&#8211; Guest-to-Host escape  <br \/>Mitigation Techniques  <br \/>-You can use control groups to protect the four core resources (memory, CPU, disk or network) that can be exploited.   <br \/>-SELinux is Red Hat&#39;s Linux Security Module and it operates by implementing Mandatory Access Controls (MAC).   <br \/>-sVirt (secure virtualization) combines SELinux and virtualization.  <br \/>-SecComp is a kernel feature still early in development which also provides sandboxing like capabilities.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.techrepublic.com\/article\/how-to-handle-security-risks-in-red-hat-virtualization-environments\/?ftag=TRE684d531&amp;bhid=21487072891631060763005914609462\">http:\/\/www.techrepublic.com\/article\/how-to-handle-security-risks-in-red-hat-virtualization-environments\/?ftag=TRE684d531&amp;bhid=21487072891631060763005914609462<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/mashable.com\/favicon.ico\"><\/img> <b>Google is already fighting hackers from the future with post-quantum cryptography<\/b>  <\/p>\n<p>\t \t&quot;We&#39;re announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google&#39;s servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used,&quot; Google Software Engineer Matt Braithwaite wrote in a blog post Thursday, pointing out that Google plans to discontinue the experiment after two years, and hopefully move on to an even better algorithm.   <br \/>What does all this mean for Chrome users.<br \/>Not much.<br \/>Regular users won&#39;t be part of the test.<br \/>Those who want to have a fraction of their online communication protected with a post-quantum key exchange algorithm should install the latest Chrome Canary build.<br \/>To check whether post-quantum crypto was on, go to a HTTPS-secured page, click on the lock next to the URL in the address bar, click on &quot;details,&quot; and check if Key Exchange starts with \u201cCECPQ1\u201d.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/mashable.com\/2016\/07\/08\/google-chrome-quantum-cryptography\/#zm1AzEuUGuqW\">http:\/\/mashable.com\/2016\/07\/08\/google-chrome-quantum-cryptography\/#zm1AzEuUGuqW<\/a><\/b> <\/p>\n<p><b>If My Website Is Hacked and Customer Data Exposed, Am I Liable? <\/b> <\/p>\n<p>\t \tThat is a question most small business owners aren\u2019t losing sleep over or are readily prepared to answer.<br \/>But in an era where data breaches routinely occur, it warrants serious consideration.  <br \/>Unfortunately, there is no cut-and-dried answer to that question.<br \/>Some attest that the entity holding the information is liable while others suggest the customer bears responsibility.  <br \/>Perez, weighing in on the liability issue, warns that small businesses running an ecommerce site must comply with the Payment Card Industry Data Security Standard (PCI DSS).  <br \/>\u201cThe landscape of cyber security is shifting rapidly as data breaches are spiking,\u201d Delaney said. \u201cCongress, regulators and state attorneys general are taking a hard look at how companies \u2026 are protecting consumer information from unauthorized access.<br \/>Hearings have been held, and new laws pushed.\u201d  <br \/>Notification can quickly become very expensive, however, particularly if you have thousands of customers with which to communicate.  <br \/>Unfortunately, standard commercial property and liability insurance does not cover the loss of personally identifiable information.<br \/>To address the issue, several companies now offer cyber liability policies intended to cover a data breach where customer information, such as Social Security or credit card numbers, is exposed or stolen.  <br \/>While the question of liability is still not clear cut, businesses can protect themselves and their customers by following the guidelines included in this article.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/smallbiztrends.com\/2016\/07\/website-hacked-customer-data-exposed-liable.html\">http:\/\/smallbiztrends.com\/2016\/07\/website-hacked-customer-data-exposed-liable.html<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.scmagazine.com\/favicon.ico\"><\/img> <b>Business travellers putting organisations&#39; cyber-security at risk<\/b>  <\/p>\n<p>\t \tA survey by Kaspersky Lab of 11,850 people from across Europe, Russia, Latin America, Asia Pacific and the US found that the pressure from work to get online is clouding the judgment of business travellers when connecting to the internet.  <br \/>It said that three in five (59 percent) of people in senior roles say they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will stay connected.<br \/>The research also found that 47 percent think that employers, if they send staff overseas, must accept any security risks that go with it.   <br \/>Almost half (48 percent) of senior managers and more than two in five (43 percent) of mid-level managers use unsecure public access Wi-Fi networks to connect their work devices when abroad.<br \/>At least two in five (44 percent and 40 percent, respectively) use Wi-Fi to transmit work emails with sensitive or confidential attachments.  <br \/>One in five (20 percent) senior executives admit to using work devices to access websites of a sensitive nature via Wi-Fi \u2013 compared to an average 12 percent.<br \/>One in four (27 percent) have done the same for online banking \u2013 compared to an average 16 percent.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.scmagazine.com\/business-travellers-putting-organisations-cyber-security-at-risk\/article\/508027\/\">http:\/\/www.scmagazine.com\/business-travellers-putting-organisations-cyber-security-at-risk\/article\/508027\/<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"https:\/\/blogs.technet.microsoft.com\/favicon.ico\"><\/img> <b>Protecting a BIT of Integrity BYTES<\/b>  <\/p>\n<p>\t \tLeveraging the NIST Cybersecurity Framework to apply necessary albeit painful and often overlooked cyber changes to protect your most critical high-value assets (\u201cCrown Jewels\u201d) from advanced cyber threats  <br \/>This post will focus primarily on Identify function\u2019s Asset Management component and the Protect function of the NIST framework as it relates to often overlooked operational changes needed to isolate critical high-value assets.  <br \/>What to Protect?  <br \/>How to Protect?  <br \/>Rise above the threats.<br \/>Leverage the NIST Cybersecurity Framework and follow best practices to isolate and protect your most critical \u201ccrown jewels\u201d and tier-0 credentials using operational security practices and not just dependence on the latest \u201cshiny object\u201d security tools.<br \/>Bad guys have these same security tools before they attack, so we need to change the way we isolate and operate on our network.<br \/>These changes can be painful and often not intuitive, but defending against advanced attackers require advanced operational defenses to keep a breached PC from becoming a totally owned network.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"https:\/\/blogs.technet.microsoft.com\/staysafe\/2016\/07\/07\/protecting-a-bit-of-integrity-bytes\/\">https:\/\/blogs.technet.microsoft.com\/staysafe\/2016\/07\/07\/protecting-a-bit-of-integrity-bytes\/<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.pymnts.com\/favicon.ico\"><\/img> <b>Global Cybergangs Take The \u2018Cyber Arms Race\u2019 Lead<\/b>  <\/p>\n<p>\t \tIn the release of its first Cyber Crime Assessment report on Thursday (July 7), the U.K.\u2019s National Crime Agency (NCA) said that police and businesses are losing the \u201ccyber arms race\u201d to these sophisticated criminals.  <br \/>According to the data, the most significant and advanced threat to the U.K. is actually from a small group of international crooks that use \u201chighly profitable\u201d malware to fuel cyberattacks.<br \/>These organized gangs of criminals are able to launch attacks directly at both businesses and individuals.  <br \/>According to the report, advertisements \u2014 ranging from \u201cDDOS attacks for as low as $5 USD an hour\u201d to \u201cOnline tutorials from $20 USD that cover DDOS attacks, cracking Wi-Fi, Crypters and much more\u201d \u2014 are just a sample of the offerings posted across the underground marketplace, which it describes as growing bigger, more sophisticated and competitive.  <br \/>The intelligence analysts found that malware is becoming \u201cmuch cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,\u201d posing an even greater threat to unsuspecting groups, consumers, private organizations and the government.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.pymnts.com\/news\/security-and-risk\/2016\/cybergangs-cyber-arms-race-malware\/\">http:\/\/www.pymnts.com\/news\/security-and-risk\/2016\/cybergangs-cyber-arms-race-malware\/<\/a><\/b> <\/p>\n<p><b>Cybercrime Now Surpasses Traditional Crime In UK <\/b> <\/p>\n<p>\t \tCybercrime is currently outpacing traditional crime in the United Kingdom in terms of impact spurred on by the rapid pace of technology and criminal cyber-capability, according to the UK\u2019s National Crime Agency.   <br \/>The trend suggests the need for a more collective response from government, law enforcement, and industry to reduce vulnerabilities and prevent crime, the NCA report says.  <br \/>One security expert notes that the cybercrime situation here in the US is even more dire.  <br \/>\u201cI think it is more dramatic in the US and I do think cybercrime is a larger industry than narcotics trafficking because of intellectual property theft and secondary infection,\u201d says Tom Kellermann, co-founder and CEO of Strategic Cyber Ventures, which invests in next-generation security technology.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.darkreading.com\/threat-intelligence\/cybercrime-now-surpasses-traditional-crime-in-uk\/d\/d-id\/1326208\">http:\/\/www.darkreading.com\/threat-intelligence\/cybercrime-now-surpasses-traditional-crime-in-uk\/d\/d-id\/1326208<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/fedscoop.com\/favicon.ico\"><\/img> <b>Report: Firms see cyber threats, but not the means to deal with them<\/b>  <\/p>\n<p>\t \tThe study, \u201cTaking the Offensive: Working Together to Disrupt Cyber Crime,\u201d was undertaken by international consulting firm KPMG and telecoms group BT.  <br \/>While awareness of the threat has never been higher \u2014 73 percent of respondents said digital security was on the agenda of board meetings \u2014 most organizations still don\u2019t understand the scale of the threat and aren\u2019t ready for it, according to the report.  <br \/>Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication\u2014what the report calls a \u201cvast dark market\u201d for cyber crime tools.<br \/>Less than a quarter (22 percent) said they were \u201cfully prepared\u201d to combat security breaches by ever-more-agile cyber criminals.  <br \/>Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber crime.<br \/>Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes.<br \/>Lack of investment and even cultural change within organizations were cited as barriers.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/fedscoop.com\/organizations-fully-aware-of-growing-cyber-threat-but-few-ready-to-deal-with-it-study-finds\">http:\/\/fedscoop.com\/organizations-fully-aware-of-growing-cyber-threat-but-few-ready-to-deal-with-it-study-finds<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.business2community.com\/favicon.ico\"><\/img> <b>Business Intelligence and Data Security: A Double-Edged Sword<\/b>  <\/p>\n<p>\t \tBusiness intelligence represents great opportunities for businesses that have the right people, processes and technology in place.<br \/>According to a recent ComputerWorld survey, 50 percent of respondents are increasing their IT security budget. 41 percent are increasing their analytics investment.<br \/>Another survey found that 35 percent of respondents considered security concerns to be the biggest obstacle surrounding data analysis.<br \/>The analytics software space is packed with vendors looking to cash in on this opportunity.<br \/>Proof positive is how hot the big data market has been over the past several years.<br \/>New data frontiers like social media, mobile ecommerce and web content performance represent new challenges and opportunities for insight for companies of all sizes.<br \/>Security Information and Event Management systems are powerful analytics solutions in their own right.<br \/>The latest security analytics systems are positioned as more advanced than SIEM could offer.<br \/>Threat Analytics\/Intelligence solutions, delivered via the cloud by companies like FireEye, Palo Alto Networks and Fortinet are seen as the next generation of security intelligence.<br \/>Traditional BI vendors collect a lot of data from various repositories such as ERP, CRM and asset management systems, though they have typically left security and threat analytics to the leading vendors in that space.<br \/>Sharing business performance information across your company should be carried out on a \u201cneed to know\u201d basis.<br \/>Providing permission-based access to data visualizations and executive dashboards should be provisioned with consideration of:<br \/>Standards-based API\u2019s, certified by credible sources makes for safer analytics hub than coding your own connections.<br \/>Analytics engines are often at the center of multiple systems, which makes them a potentially lucrative target for opportunistic hackers.<br \/>Since many data breaches are as a result of employee activities, it emphasizes the need to govern access to reporting systems.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.business2community.com\/business-intelligence\/business-intelligence-data-security-double-edged-sword-01577755#KvjcbYs2JVLiiH8q.97\">http:\/\/www.business2community.com\/business-intelligence\/business-intelligence-data-security-double-edged-sword-01577755#KvjcbYs2JVLiiH8q.97<\/a><\/b> <\/p>\n<p><b>8 Ways Ethically Compromised Employees Compromise Security <\/b> <\/p>\n<p>\t \tThe fact is that there are always a few bad apples in the barrel, and when it comes to employees&#8211;whether IT or your typical corporate user&#8211;the bad actors can introduce a lot of risk to the organization.<br \/>But some IT executives may not realize just how many potential bad apples there can be, depending on the circumstances.  <br \/>Here are a few statistics that show how prevalent shaky ethics really are in the workplace.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.darkreading.com\/threat-intelligence\/8-ways-ethically-compromised-employees-compromise-security\/d\/d-id\/1326196\">http:\/\/www.darkreading.com\/threat-intelligence\/8-ways-ethically-compromised-employees-compromise-security\/d\/d-id\/1326196<\/a><\/b> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of Contents How to handle security risks in Red Hat virtualization environments Google is already fighting hackers from the future with post-quantum cryptography If My Website Is Hacked and Customer Data Exposed, Am I Liable? Business travellers putting organisations&#39; cyber-security at risk Protecting a BIT of Integrity BYTES Global&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1029","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1029","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1029"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1029\/revisions"}],"predecessor-version":[{"id":3516,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1029\/revisions\/3516"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}