[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
UK tops global cyber crime hit list
\nUK is the top target for cyber criminals with UK businesses targeted more frequently than US counterparts, a study has revealed.
\nApart from local threats, criminals in Nigeria, Germany, the US and Mexico lead the way in attacking the UK, according to a study published by security firm ThreatMetrix.
\nBut UK-based criminals were the second highest originators of cyber crime attacks after the US, according to the study, which is based on more than a billion transactions monitored each month by the firm\u2019s Digital Identity Network.
\nAccount creation fraud was the highest risk, accounting for nearly 7% of transactions blocked by ThreatMetrix, while account login risk was lower at 3%.
\nMobile now makes up one third of all transactions analysed by ThreatMetrix and is the biggest emerging opportunity and risk for businesses and financial institutions trying to deliver frictionless experiences to their customers, the company said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f520c3099d&e=20056c7556<\/p>\n
Hacking Increasingly Becoming a Physical Concern
\nIf this past quarter’s stories are any indication, we could very well be seeing the rise of a new wave of threats that will affect people in a more pronounced and physical level, reports Trend Micro in its Q2 Security Roundup Report. “We’ve previously seen how certain automated transportation systems could be susceptible to cyber-attacks, and now we’re seeing possible threats in aviation.
\nThe first incident took place when security researcher Chris Roberts tweeted messages that suggested that he was tampering with the in-flight systems of the 737\/800 plane that he was on.
\nThis was followed by a DDoS attack on Warsaw’s Okecie airport, causing delays that grounded more than 1,400 people flying with LOT Polish Airlines.”
\nReport also warns that Domain Name System (DNS)-aided attacks using DNS changers to target home routers have made a comeback. “This quarter, cybercriminals set their sights on routers to tamper with the information these relayed to connected devices, thus facilitating data theft.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=89c1a4cc84&e=20056c7556<\/p>\n
Untrusted Certificates\u2014Survey Shows IT Security Pros Know the Risks but Do Nothing
\nToday, Venafi released a report based on survey findings and analysis, IT Security Professionals Know the Risk of Untrusted Certificates and Issuers, but Do Nothing.
\nThe survey was conducted at 2015 Black Hat USA and gathered responses from over 300 IT security professionals.
\nAs the title suggests, the report reveals that security professionals know the risks associated with untrusted certificates, including compromises of certificate authorities (CAs), but they are currently not taking steps to protect themselves and don\u2019t have remediation mechanisms in place to effectively mitigate a future CA compromise.
\nWhy is it important to understand and respond to threats using untrusted certificates.
\nThe report highlights how cybercriminals are increasingly misusing keys and certificates to breach organizations, elevate their privileges, and hide activity.
\nAnd although they may know the risks, most organizations are unprepared to defend against these attacks.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=92cc643127&e=20056c7556<\/p>\n
Security experts mostly critical of proposed threat intelligence sharing bill
\nThis fall, the Senate is expected to take another look at the Cybersecurity Information Sharing Act, or CISA, but many security experts and privacy advocates are opposed.
\nThe biggest concern most critics of the CISA bill have is that it seems to be more about the government gathering information than about helping companies improve security.
\n“The way that the bill is written would give companies the ability to spy on all of their users with impunity, in order to detect if they are a ‘cyber threat,'” said Justin Harvey, chief security officer at Fidelis Cybersecurity. “This information can be shared with the Department of Homeland Security, which can then, in turn, send the data to the NSA in real time, or companies can bypass DHS altogether and send it over to the NSA.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=59ea8f89d1&e=20056c7556<\/p>\n
Soltra Launches New Membership Program For Soltra Edge Users
\nReston, VA \u2013 SEPTEMBER 9, 2015 \u2013 Soltra\u2122, a joint venture of FS-ISAC and The Depository Trust & Clearing Corporation (DTCC), today announced an innovative new membership program for users of Soltra Edge\u2122, the first industry-driven threat intelligence sharing platform.
\nWith this new program, users can get enterprise-grade technical support and many other key benefits to help advance their capabilities to defend against the latest cyber risks and threats with standards-based threat intelligence.
\nThe program is designed to meet the needs of commercial organizations that require full support for cyber security solutions running in their environments.
\nThe process of joining Soltra has been simplified by enabling FS-ISAC members to leverage their existing FS-ISAC membership to join as a Soltra member.
\nSoltra membership will also be available through other ISACs, ISAOs and similar sponsoring organizations, as well as directly from Soltra.
\nMembership levels available today include Enterprise Membership and Enterprise Plus Membership, depending on requirements for support and other benefits of membership.
\nEach membership level is funded by an annual fee.
\nEnterprise membership tiers include benefits that go beyond traditional enterprise software support agreements including, but not limited to: direct contact with Soltra support technicians and engineers; access to professional services staff for customization and integration support; access to published adaptors; and the ability to submit code modifications for future releases.
\nEnterprise Plus also includes expedited review of code submissions and an invitation to participate in Soltra pilot groups, providing early access to new capabilities and solutions.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a9084b627b&e=20056c7556<\/p>\n
At a time when Congress is struggling to pass cybersecurity legislation and as the number of computer intrusions surges, \u201cinsurers can move the needle,\u201d said Deputy Secretary Sarah Bloom Raskin in remarks at a Washington think tank.
\nAt a time when Congress is struggling to pass cybersecurity legislation and as the number of computer intrusions surges, \u201cinsurers can move the needle,\u201d said Deputy Secretary Sarah Bloom Raskin in remarks at a Washington think tank.
\nHer speech reflected how the Obama administration is trying to enlist a range of sectors and use a variety of tools to combat the cyberthreat.
\nMeanwhile, on Capitol Hill, senior security officials testified to the complex nature of the challenge, as criminals and foreign governments have become increasingly adept at penetrating U.S. government and private sector networks to steal both commercial secrets and foreign intelligence.
\nIndustry experts said it is high time that insurers become a more visible part of the debate. \u201cLegislation can take you so far,\u201d said Peter J.
\nBeshar, general counsel of Marsh & McLennan Companies, an insurance broker and global risk adviser. \u201cBut cyber insurance has the potential to create the right incentives that drive economic behavior across millions of people in the marketplace.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7ea4e67668&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=05810a82ea)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage2.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: UK tops global cyber crime hit list UK is the top target for cyber criminals with UK businesses targeted more frequently than US counterparts, a study has revealed….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1146","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1146"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1146\/revisions"}],"predecessor-version":[{"id":3633,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1146\/revisions\/3633"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}