[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nAlso, in case you are interested there is another newsalert I generate on new campaigns and hacker techniques. Here’s a link if you want to subscribe: Link (http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ac2a04cc93&e=20056c7556)
\nSo onto the news:<\/p>\n
Don\u2019t kill Flash, says Cisco security veteran<\/p>\n
But Flash should not be discarded, believes Cisco security veteran John Stewart, saying it might in fact be the lesser of two evils.<\/p>\n
\u201cI have a lot of sympathy for the (Adobe) teams. They need to weather the storm,\u201d Stewart told The Register in a media call on Friday.<\/p>\n
\u201cAdobe is zeroing in on ensuring security testing happens across their portfolio in a big way.<\/p>\n
\u201cIf anyone thinks something is better than Flash then they need to consider what that alternative is against doubling-down security efforts on what we already have.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=955871488c&e=20056c7556<\/p>\n
PagerDuty hacked … and finally comes clean 21 days later. Cheers<\/p>\n
‘Fessing up to the breach on its website, PagerDuty admitted that it detected an unauthorised intrusion by an attacker who exfiltrated “some information” about its customers back in early July.<\/p>\n
An email sent to customers and seen by The Register is more revealing about what was exposed. The company acknowledged the attacker “gained unauthorised access to our users’ names, email addresses, public calendar feed URLs, and hashed, salted and peppered passwords\u201d.<\/p>\n
As a precautionary measure, the company is asking its users to set new strong passwords following the breach.<\/p>\n
PagerDuty additionally recommends that customers reset calendar feed URLs and revoke and re-add access to any mobile devices linked to their PagerDuty account.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=092997b796&e=20056c7556<\/p>\n
European Union gets serious about data protection<\/p>\n
An upcoming European Union data protection law will enforce reporting of data breaches and introduce fines for companies breached because of their negligence, and risk managers need to act now to be ready for it, experts say.<\/p>\n
A final version of the European Commission General Data Protection Regulation is expected in December, with the regulation taking effect across the European Union two years after its publication. Companies need to understand their risk profile now to prepare for it, sources say.<\/p>\n
\u201cMandatory reporting is coming, and people need to start taking steps now\u201d to be ready, said Geoff White, underwriting manager for cyber, technology and media at Barbican Insurance Group in London.<\/p>\n
The draft rules would require supervisory authorities and affected individuals to be notified of a breach that poses \u201csignificant risk of harm\u201d to data subjects, or a serious violation of their rights, within 72 hours.<\/p>\n
Companies can only begin to quantify whether a breach poses \u201crisk of harm\u201d to data subjects if they have detailed documentation of their data and to whom it belongs, and have processes in place to swiftly and accurately assess the scope of any breach, she said.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f3d96c13f1&e=20056c7556<\/p>\n
RBS says cyber attack behind online banking failure<\/p>\n
Frustrated customers complained of problems accessing their account online and making payments. The issue lasted around 50 minutes and affected RBS and NatWest customers .<\/p>\n
It was initially thought to be the result of an internal glitch, but the bank now claims it was caused by an attack on its servers. A spokesman insisted none of its customers’ data was at risk.<\/p>\n
It is not the first time RBS has been targeted. In December 2013, customers were locked out of their account for 12 hours as a result of a DDoS attack.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=119a1fb750&e=20056c7556<\/p>\n
Botnet takedowns: are they worth it?<\/p>\n
Are botnet takedowns really winning the war? No, but increasing the cost to the attacker and winning a particular battle that hopefully provides enough value \u2013 and defending a particular set of victims as a part of that ROI \u2013 can be a good thing.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6060f1de33&e=20056c7556<\/p>\n
How vulnerable are the U.S. stock markets to hackers?<\/p>\n
The threat of exchanges being hacked, though, is very real. More than half of the 46 exchanges surveyed by the International Organization of Securities Commissions and the World Federation of Exchanges reported suffering a cyberattack in 2012, according to a working paper released the following year. Exchanges in the U.S. were 67% more likely to have reported experiencing an attack than those based elsewhere.<\/p>\n
Cybercrime has repeatedly been called the biggest threat to the financial sector and to businesses \u2014 and warnings have been growing louder and more urgent as attacks increase in frequency and complexity. About 88% of brokerages and 74% of advisers in the U.S. have faced cyberattacks, according to a Securities and Exchange Commission report released in February. A major U.S. bank suffers an attack every 34 seconds, according to testimony from a Congressional hearing in June.<\/p>\n
Red flags have been raised about computer security at stock exchanges for at least 25 years. In 1991, the U.S. Government Accountability Office, a watchdog agency, found 68 systems-security and other control weaknesses at five stock markets, including NYSE. While financial firms have advanced to become \u201ctechnology companies with a bank wrapped around them,\u201d Schimmeck said, \u201cthe challenge is changing a tire on a car that\u2019s going 60 miles per hour on a road\u201d as hackers search for vulnerabilities.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d539abafef&e=20056c7556<\/p>\n
Audi Hints at Hacker Bounty Program, ‘Virtual Cockpit’ Ambitions<\/p>\n
Two Nvidia computer modules power the entire affair. One Tegra 3 chip handles the Virtual Cockpit aspects (allowing for a 60 frames per second display at a 1440-by-540 resolution, the limit at which a driver, from that distance, would be able to enjoy a “Retina” effect, as Halliger described). A second Tegra 3 chip handles the Navigation Plus system, which can output information at anywhere from 30-60 frames per second, same resolution.<\/p>\n
This is all old news, though, for those who have been following Audi’s dashboard ambitions over the past year or so. Though Audi representatives didn’t go into great detail, they did touch a bit on more recent car security revelations in the question-and-answer portion of today’s Audi event. After all, the more connected cars get, the more prone they might be to third-party attacks, as some hackers were able to recently show with a Jeep Cherokee.<\/p>\n
Audi, cognizant of this fact, has apparently had a bug bounty program of-sorts in place since 2008. Though Halliger didn’t go into great detail, he did note that invited participants are given cash rewards for successful infiltrations of Audi car systems.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e191f9f7db&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=23342610c7)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 Also, in case you are interested there is another newsalert I generate on new campaigns and hacker techniques. Here’s a link if you want to subscribe: Link (http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ac2a04cc93&e=20056c7556) So onto the news:…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1124","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1124"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1124\/revisions"}],"predecessor-version":[{"id":3611,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1124\/revisions\/3611"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}