[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Who you gonna call? Ghost Push Android virus infects 600,000 people a day
\nResearchers at Cheetah Mobile’s CM Security Research Lab have discovered that the source of these apps is a virus called ‘Ghost Push’.
\nThis installs unwanted and annoying apps on the device and can’t be removed easily even by doing a factory reset or using normal antivirus software.
\nThe virus is mainly spread through Europe, Russia, the Middle East region, and southern China.
\nSo far 39 apps have been discovered that contain Ghost Push and it has affected 14,847 phone types and 3,658 brands.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e975f08a91&e=20056c7556<\/p>\n
ABA\u2019s Johnson: Chip, Not PIN, Key to Securing Card Transactions
\nResponding in The Hill to claims by a retailer trade group, ABA SVP Doug Johnson made the case today that the chip in new EMV cards is the key to securing card transaction \u2014 not the PIN, as retailers have argued.
\n\u201cNot a single major data breach over the last few years could have been prevented with a PIN,\u201d Johnson wrote. \u201cThe high profile data breaches that resulted in millions of Americans having their card accounts compromised weren\u2019t caused by petty thieves swiping cards out of wallets \u2014 they were caused by criminals exploiting cracks in the retailers\u2019 security systems.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e0687381d4&e=20056c7556<\/p>\n
The unusual suspects – the biggest threats to your confidential data
\nResponding in The Hill to claims by a retailer trade group, ABA SVP Doug Johnson made the case today that the chip in new EMV cards is the key to securing card transaction \u2014 not the PIN, as retailers have argued.
\n\u201cNot a single major data breach over the last few years could have been prevented with a PIN,\u201d Johnson wrote. \u201cThe high profile data breaches that resulted in millions of Americans having their card accounts compromised weren\u2019t caused by petty thieves swiping cards out of wallets \u2014 they were caused by criminals exploiting cracks in the retailers\u2019 security systems.\u201d
\nKey findings include:
\n– Three in four businesses suffering a breach had their data leaked by employees and third-party vendors.
\n– Over half of all data breaches occur by accident.
\n– Seventy five percent of breaches resulted from using workplace hardware or data outside the office environment.
\n– External campaign groups are more feared than vendors even though vendors originated more breaches.
\n– A third of businesses contract without provisions for how to proceed in the event of a confidential data breach.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b9eb542074&e=20056c7556<\/p>\n
Experian Data Breach Resolution releases its Annual 2015-2016 Data Breach Response Guide
\nCOSTA MESA, Calif., Sept. 22, 2015 \/PRNewswire\/ — A Ponemon Institute study sponsored by Experian Data Breach Resolution found that a majority of businesses surveyed had a data breach response plan in place, but many were not confident in their response and did not practice their plan through discussions or drills.
\nTo help companies take their preparedness to the next level, Experian Data Breach Resolution enhanced its Annual 2015\u20132016 Data Breach Response Guide with new content that focuses on the gaps organizations still face with their incident response.
\n“A response plan in a binder does not really prepare a company for handling a breach,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Organizations need to develop what if’ scenarios that require a plan ‘B’ and ‘C’.
\nThis is important because a breach may be intended to damage a company’s reputation, for extortion purposes or to compromise customers’ reputations.
\nHow should unique circumstances be managed.
\nIt should all be part of the plan.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=91643a59fa&e=20056c7556<\/p>\n
The price of your identity in the Dark Web? No more than a dollar
\nIn Trend Micro’s new report, dubbed “Understanding Data Breaches,” the security firm explores who is most often targeted in data breaches, how they take place, and what happens to data once it leaves corporate networks.
\nAccording to the firm, compromised Uber accounts are in high demand in the underground — as they can be fraudulently charged and give users free rides.
\nBank account details, naturally, are offered for a steeper price of between $200 and $500 per account — the higher the available balance, the more they are sold for.
\nWhen it comes to PII, sales are conducted on a per-line basis of approximately $1.
\nEach line of data contains a name, a full address, a date of birth, a Social Security number, and other personally identifiable information.
\nIf someone buys just a few lines, they can commit serious identity fraud.
\nTrend Micro says this data used to go for $4 a line, but as so many data breaches have occurred in recent times, supply has increased and demand dwindled.
\nHowever, if someone really wants the skinny on a potential victim, full credit reports can be purchased for $25 a go.
\nIn addition, document scans of passports, driver’s licenses and utility bills, among others, are available for purchase from $10 to $35 per document.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4d59eeafb5&e=20056c7556<\/p>\n
Cyber risk still poorly communicated to C-suite executives
\nCyber risk continues to be poorly communicated to C-suite executives, according to Auriga Consulting.
\nThe monopolisation of the risk management function by IT and security consultants and poor knowledge transference through the use of jargon, acronyms and buzzwords is frustrating efforts to move risk into the board room.
\nTo overcome obstacles in communication, risk needs to be:
\n– Couched in business terms that lay out risk as a strategy, with business impact analyses, projection forecasts and outcomes, and with repercussions explained;
\n– Referenced to people and processes within the organisation to provide a business context and not just a technological one;
\n– Appraised without self-censorship, such as the desire to protect existing processes or budgets, as a bias could affect the perception of risk;
\n– Supported by an education program which aims to improve the board\u2019s cyber awareness now and in the long term.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fb74893bca&e=20056c7556<\/p>\n
India’s daft draft anti-encryption law torn up after world+dog points out its stupidity
\nMinister of Communications and Information Ravi Shankar Prasad told reporters on Tuesday that a draft law on regulation cryptography would be withdrawn and rewritten.
\nThe climbdown comes amid public outcry and widespread criticism of the would-be-disastrous rules.
\n“Some of the expressions used in the draft are giving rise to uncalled-for misgivings,” said Prasad.
\n“I have noted some of the concerns.”
\nOf particular concern was the provision requiring all citizens to store encrypted messages and data in a plaintext form readable by the government for a period of 90 days.
\nThe draft law would have also required foreign companies who offer services in India to give the government access to their encryption suites and any supporting documentation.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f692938d09&e=20056c7556<\/p>\n
The UK IS better than Europe, FACT! (at implementing cybersecurity measures)
\nCloudsec Initial analysis of the European cybercrime scene shown to The Register suggests a growing concern about the threat from targeted attacks, with British enterprises significantly ahead of their European counterparts in terms of cybersecurity measures.
\nThe research, commissioned by Trend Micro to better appreciate the security market in Europe, and conducted by Quocirca, focused on targeted attacks rather than random malware issues, and was shared with El Reg at a Cloudsec roundtable.
\nConcerns about cybercrime have risen, and become especially prevalent among British business since 2013, when only a quarter of Blighty’s enterprises believed targeted attacks were inevitable.
\nIn the last twelve months, British businesses detected 8.6 targeted attacks on average.
\nThis is significantly higher than the 6.2 attacks detected across Europe as a whole (including the UK).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cd734a3b4c&e=20056c7556<\/p>\n
SEC nails advisory firm for cybersecurity failure before data breach
\nAn investment advisory firm has agreed to pay $75,000 to settle SEC charges that it failed to have a cybersecurity policy in place before a computer breach compromised 100,000 individuals’ personal information, including records of some of the firm’s clients.
\nBetween September 2009 and July 2013, the firm stored sensitive personal information of its clients and others on a third party-hosted web server, according to a news release from the Securities and Exchange Commission.
\nIn July 2013, the web server was breached by an unknown hacker from China who gained access to the data.
\nThough the firm has not received any indication of a client suffering as a result of the breach, it had risked all of its sensitive data, the SEC said.
\nThe firm never adopted written policies and procedures, something the agency has pushed for since April.
\nIt did not conduct periodic risk assessments, implement a firewall, encrypt its personally-identifiable information or maintain a response plan for any incidents either.
\nWhen the breach occurred, it contacted all involved and offered free identity theft monitoring through a third-party vendor.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0c1ced9e76&e=20056c7556<\/p>\n
Adobe releases surprise security update: 23 critical vulnerabilities fixed
\nOn Monday, Adobe issued the firm’s latest set of security updates, specifically targeting the Adobe Flash Player.
\nThe updates for Windows, Mac and Linux users address “critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” according to the software developer.
\nAdobe Flash Player Desktop Runtime and Adobe Flash Player Extended Support Release 18.0.0.232 and earlier, Adobe Flash Player for Google Chrome 18.0.0.233 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 18.0.0.232 and earlier on Windows 10 and Adobe Flash Player for Internet Explorer 10 and 11 18.0.0.232 and earlier on Windows 8 and 8.1 are all impacted, as well as Adobe Flash Player for Linux versions 18.0.0.199 and earlier.
\nThe security flaws fixed in this update, all deemed critical, include a type confusion vulnerability, use-after-free flaws, buffer overflow issues and memory corruption vulnerabilities which could lead to remote code execution.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d793915e3f&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=cd1e679fc8)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Who you gonna call? Ghost Push Android virus infects 600,000 people a day Researchers at Cheetah Mobile’s CM Security Research Lab have discovered that the source of these…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1152","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1152"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1152\/revisions"}],"predecessor-version":[{"id":3639,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1152\/revisions\/3639"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}