[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
\u200bOpen source encryption? Now Netherlands votes to help fund security projects
\nWhile November’s Paris attacks prompted US and European governments to revisit the debate over back-door policies to soften data encryption, the Netherlands lower house has voted to fund projects to strengthen it.
\nIn total, the Dutch lower house agreed to spend \u20ac500,000 ($547,000) to support the open-source OpenSSL, LibreSSL, and PolarSSL web-security projects.
\nSupporting work on alternative projects, such as LibreSSL and PolarSSL, can prevent Heartbleed-like attacks by preventing developers from using a homogeneous solution for protecting data.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=28b8510e4e&e=20056c7556<\/p>\n
Demand for new malicious programs reaches saturation point
\nAccording to Kaspersky Lab, the number of new malware files detected by its products in 2015 decreased to 310,000 a day, falling 15,000 from the 2014 number of 325,000.
\nHowever, despite the reduction in malware creation, in 2015 the number of users that were targets of attacks by cybercriminals increased by five percent.
\nKaspersky Lab experts believe the demand for new malicious programs has reached a saturation point, as coding new malware has become expensive and cybercriminals have realized the benefits of using intrusive advertising programs or legitimate digital signatures in their attacks.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6733a8623c&e=20056c7556<\/p>\n
Shared Assessments Program Publishes New Best Practices Briefing Paper to Address Serious Need for Third-Party Incident Management.
\nSANTA FE, N.M., Dec. 8, 2015 \/PRNewswire\/ — Effective third-party due diligence demands a higher level of review than is presently being performed by most organizations.
\nYet, coordinated and active vendor involvement is lacking in many outsourcing organizations’ incident event management programs.
\nEven in the 43 percent of organizations that report a formal incident program is in place, only 9 percent of incident management professionals deem theirs to be “very effective” (SANS Institute, 2014).
\nA new briefing paper by the Shared Assessments Program, developed in response to the need for improved third-party incident response management, will be released on December 9, 2015 in conjunction with a complimentary webinar taking place at 8:00 a.m. (PST).
\nThe briefing paper, titled Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program, will be made available to those individuals who attend the December 9 webinar.
\nThree of the paper’s co-authors, who are subject-matter experts in their respective fields, will serve as guest speakers during the 8:00 a.m. (PST) webinar.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=75160676c8&e=20056c7556<\/p>\n
Canadian companies have a big new ally in the fight against cyber crime
\nTurns out a vulnerability discovered earlier this year in antivirus software from AVG also was present in AV software products from Intel McAfee and Kaspersky Lab.
\nThe security bug — which researchers at enSilo in March reported in AVG’s Internet Security 2015 build 5736 and virus database 8919 — centers around how the AV products in question allocate memory for read, write, and execute purposes.
\nThe AV products use “predictable” addresses that in turn could allow malware to exploit vulnerable, out-of-date third-party Windows applications for nefarious purposes.
\nThat effectively bypasses the AV system and makes it easier for bad guys to exploit vulnerable browsers or Adobe Reader, for example, to hack a Windows machine. enSilo today disclosed that this fall, it found the flaw in Kaspersky Lab’sKaspersky Total Security 2015 – 15.0.2.361 – kts15.0.2.361en_7342 and McAfee’s Virus Scan Enterprise version 8.8, including in its Anti Malware + Add-on Modules, Scan Engine version (32 bit) 5700.7163, DAT version 7827.0000, Buffer Overflow and Access Protection DAT version 659, after building its own tool to test AV products for the flaw.
\nBoth Kaspersky Lab and Intel McAfee have patched the flaw in their respective products — AVG fixed its bug just days after enSilo alerted the company — but enSilo says the vulnerability could well exist in other software such as data leak prevention and performance monitoring products.
\nThe flaw can only be exploited in Windows XP, Vista, and 7 machines. “The problem exists in Windows 8, but Microsoft saves them from the vulnerability because the \u2026 address is randomized,” says Tomer Bitton, co-founder and vice president of research at enSilo.
\nThe effect of cyber crime on Canadian GDP is lower than in the U.S. (0.17 per cent versus 0.64 per cent), but the reason for this gap may be underreporting and a lack of data, according to a Fraser Institute report.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b1afb0b29f&e=20056c7556<\/p>\n
China security chief calls for better intelligence on terrorism
\nBEIJING (Reuters) – China needs to improve its intelligence gathering abilities and intelligence sharing between different departments it if wants to better deal with the threat of terrorism, its domestic security chief said, in a rare admission of the problems faced.
\nSpeaking in Xinjiang’s regional capital Urumqi, domestic security chief Meng Jianzhu said while some success had been achieved in the fight against terrorism, the situation remained serious.
\nMeng said intelligence gathering had to improve, in both what he called “hard and soft intelligence”, according to a government statement issued late on Friday.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3732044f0b&e=20056c7556<\/p>\n
The role of automation in incident response
\nBEIJING (Reuters) – China needs to improve its intelligence gathering abilities and intelligence sharing between different departments it if wants to better deal with the threat of terrorism, its domestic security chief said, in a rare admission of the problems faced.
\nSpeaking in Xinjiang’s regional capital Urumqi, domestic security chief Meng Jianzhu said while some success had been achieved in the fight against terrorism, the situation remained serious.
\nMeng said intelligence gathering had to improve, in both what he called “hard and soft intelligence”, according to a government statement issued late on Friday.
\nWhen creating IR procedures, automation is a tool.
\nIt needs to be deployed thoughtfully and carefully to speed and enrich the human response \u2013 not replace it.
\nThere are four components of incident response \u2013 preparation, assessment, management, and mitigation \u2013 and, when used appropriately, automation can play a critical role in each phase.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8f2067642f&e=20056c7556<\/p>\n
Risk Management receives increased focus in the UAE
\nIn collaboration with MENA Strategies, the RIMS Risk Forum Middle East, held on December 7 & 8 at the Conrad in Dubai attracted government officials, media representatives, and renowned risk managers from MENA based and international corporations; Associated Insurance Consultants, Control Risks, Du, Emirates Insurance Association, Emirates Nuclear Energy Corporation (ENEC), Emirates National Oil Company (ENOC), Emirates Transport, Kuwait Petroleum Corporation, MENA Strategies, Middle East Insurance Review, Nesma & Partners, New Dawn Risk Group, New York University, and Zain Group. – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=22913be714&e=20056c7556
\n\u201cThe UAE is ahead of other countries in the GCC area in terms of risk management understanding, and after getting encouraging feedback from attendees and speakers, MENA Strategies will continue to cooperate with key regional and international corporations in order to initiate further events that focus on risk management\u201d remarked Melissa Aoun. – See more at: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=64c1d4de6d&e=20056c7556
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6fad2f6f8e&e=20056c7556<\/p>\n
POS Malware and Loyalty Card Fraud Growing in Popularity
\nThere has been a spike in POS malware over the past couple of years.
\nIn 2014, such malware came to be associated with botnet capabilities, increasing its attraction to criminals.
\nThen, from the beginning of 2014 to mid-2015, 15 new families of POS malware were identified, all with more powerful capabilities than previous strains, targeting industries including retail, hospitality, food and beverage and travel.
\nAccording to Trustwave, around 40 percent of breaches in 2014 were POS-related.
\nABI Research estimated that the number of POS-related security incidents with confirmed data breaches will reach 600 by the end of 2015.
\nThere has also been an uptick in security incidents involving loyalty cards.
\nAccording to the \u201c2015 Colloquy Loyalty Census,\u201d there has been a 26 percent increase in loyalty card scheme memberships in the U.S. since 2013.
\nAdditionally, the average household now belongs to 29 loyalty programs, of which 17 are inactive.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7e7d199618&e=20056c7556<\/p>\n
Kaspersky Lab on Business Threats: 2015 Saw the Number of Cryptolocker Attacks Double
\nThe tools used by cyber-criminals against businesses in 2015 were different to those used against consumers, according to Kaspersky Lab’s review of corporate threats in the last twelve months.
\nThey included greater exploitation of legitimate software programs and malware being signed with valid digital signatures to keep malicious files hidden for longer.
\nKaspersky Lab’s experts also observed a steady rise in the number of corporate users attacked by ransomware.
\nKaspersky Lab’s experts found that in 2015 well over half (58 per cent) of corporate PCs were hit with at least one attempted malware infection, up three percentage points on 2014.
\nOne in three (29 per cent) business computers were exposed at least once to an Internet-based attack; with the exploitation of standard office applications seen three times as often as in consumer attacks.
\nFurther, 41 per cent of business computers faced local threats, such as from infected USB sticks or other compromised removable media.
\nThe experts also noted a seven per cent increase in the share of exploits targeting the Android platform, confirming hackers’ growing interest in data stored on employees’ mobile devices.
\nThese attacks included Carbanak, which penetrated the networks of banks, seeking out critical systems that would allow it to withdraw money.
\nOne successful attack alone would bring in as much as \u00a31.6 – \u00a36.6 million.
\nThe cyber-espionage group, Wild Neutron also spent much of 2015 hunting down investment companies as well as organisations working with the cryptocurrency Bitcoin and companies involved in mergers and acquisitions.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f7e994c9ea&e=20056c7556<\/p>\n
Malware Hides, Except When It Shouts
\nTwo new malware reports – one from security researchers at technology giant Cisco, another from cybersecurity firm FireEye – demonstrate how developers continue to refine their malicious code to maximize its information-stealing and extortion potential.
\nMalware that’s tailored to steal money has usually been designed for maximum stealth, and FireEye has just detailed a malware family called “Nemesis,” which is programmed to run when a PC starts up, before the operating system gets loaded.
\nThat makes the malware especially difficult to either detect or eliminate, and the longer the malware stays undetected, the greater the amount of sensitive data attackers can potentially exfiltrate.
\nOne of the most notorious types of ransomware is CryptoWall, which is used by multiple criminal groups, and which its developer continues to refine.
\nThe new version of CryptoWall – version 4 – was first spotted Nov. 2, attached to malicious spam (see Refined Ransomware Streamlines Extortion).
\nBy the end of November, however, security researchers were warning that multiple exploit kits that had been installing CryptoWall version 3 on victims’ computers had upgraded to CryptoWall 4.
\nResearchers from the Cisco Talos security intelligence and research group say in a Dec. 10 blog post that CryptoWall 4 includes several major changes:
\n– Streamlined crypto
\n– Disabling backups
\n– Disabling backups
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0ee8634a67&e=20056c7556<\/p>\n
Cybercriminals will target Apple in 2016, say experts
\nAccording to security firm Symantec, the amount of malware aimed at Apple’s mobile operating system (iOS) has more than doubled this year, while threats to Mac computers also rose.
\nSecurity firm FireEye also expects 2016 to be a bumper year for Apple malware.
\nLast year, it was seeing a monthly average of between 10,000 and 70,000 Mac computers infected with malware.
\nThe number of unique OS X computers infected with malware in the first nine months of 2015 was seven times higher than in all of 2014, its research found.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=51fc57c72d&e=20056c7556<\/p>\n
Vormetric Survey: Data Breaches Threaten Americans’ Loyalty to Their Favorite Retailer
\nSAN JOSE, Calif., Dec. 10, 2015 \/PRNewswire\/ –Vormetric, a leader in enterprise data security for physical, virtual, big data and cloud environments, today announced in conjunction with Wakefield the results of its survey on how Americans’ would change their shopping behaviors if their favorite retailer was hit by a data breach.
\nThe survey revealed that for 85% of Americans, significant personal consequences that can result from a breach would cause them to find a new place to shop.
\nAccording to the Wakefield survey, Americans would take their business elsewhere after a data breach at their favorite retailer:
\n– If money was taken from their checking account (67%)
\n– If unauthorized charges appeared on their credit card (62%)
\n– If personal information were leaked (57%)
\n– If their credit score was damaged (54%)
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3428c36c20&e=20056c7556<\/p>\n
Piracy sites make up to ‘$70m per year by spreading malware’
\n“Baiting internet users, stealing their personal information, and taking control of their computers is becoming big business \u2014 an estimated $70m (\u00a346.2m) per year just from peddling malware,” according to a study that goes by the name Digital Bait, conducted by the cybersecurity firm, RiskIQ and commissioned by non-profit organisation Digital Citizens Alliance.
\nAfter probing 800 sites that distribute stolen movies and television series, the study, published in December, states one out of every three theft sites contain malware.
\nIt poses a big threat to consumers subscribing to the content, as the malware threat is 28 times more than genuine sites.
\nEven their computers are at risk, as 45% of malware is delivered through “drive-by-download”, without users’ knowledge.
\nXtreme Rat, Bifrost, Back Orifice, Njrat, Adwind, Darkcomet, Blackshades, SBU7, Poison Ivy and Cerberus are the top 10 RATs RiskIQ found through its scans.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dab089dabb&e=20056c7556<\/p>\n
New Dutch Breach Notification Rules in Effect as of January 1, 2016
\nAn update to the Dutch Data Protection Act enacted earlier this year goes into effect January 1, 2016, and extends data breach notification requirements in the Netherlands to all data controllers (as opposed to just those in the financial, healthcare, or telecom fields).
\nUnder the new rules, such data controllers must notify the Dutch Data Protection Authority of any breach of personal data that has (or creates a significant chance of) serious adverse consequences for the protection of personal data.
\nNotices have to be given \u201cwithout delay.\u201d The draft implementation guidelines prepared by the Dutch Data Protection Authority suggest this means no later than two business days after the data controller becomes aware of the data breach, although commentators have noted that this may change when the Guidelines are finalized.
\nAffected individuals will also need to be notified if the breach is likely to have negative consequences for their privacy, unless the data was encrypted or otherwise unintelligible to third parties.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5c745b3b2b&e=20056c7556<\/p>\n
Geneva security remains high amid terror alert
\n(CNN)Heavily armed guards watched over the United Nations building in Geneva and a security scare briefly shut down the international airport Friday, signs of heightened security amid a terror alert and a hunt for suspects.
\nThe Swiss alert came after a tip from U.S. intelligence officials, who told their Swiss counterparts that they had intercepted communications among extremists discussing the idea of attacking Geneva, as well as Chicago and Toronto, a source close to the investigation told CNN.
\nGeneva police Chief Monica Bonfanti told radio broadcaster RTS that there is “the possibility of the presence of an Islamic State (ISIS) terror cell in Geneva.” Bonfanti said police were searching for terror suspects, but wouldn’t comment on the number of people involved in the hunt.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0a73cf3374&e=20056c7556<\/p>\n
NIST framework update en route
\nFIRST IN MC: NIST EYES UPDATE \u2014 In a request for comments set for publication in the Federal Register by Friday, the National Institute of Standards and Technology is asking companies how the technology lab\u2019s voluntary cybersecurity framework \u201cis being used, if it\u2019s a good time for an update, what\u2019s working, what\u2019s not working,\u201d NIST senior adviser Adam Sedgewick told MC.
\nSome of the framework\u2019s cybersecurity controls likely need updating, said Sedgewick.
\nIt\u2019ll be up to industry whether it also wants to use this opportunity to initiate a larger rewrite of the framework. \u201cThere\u2019s a lot of discussion about how do we make sure this is keeping up with the threat space and technological innovation,\u201d he said.
\nThe public will have 60 days to respond to NIST, which plans to hold an April workshop to discuss next steps.
\nMore on the framework: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dcbb6d83e4&e=20056c7556
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ef97f36313&e=20056c7556<\/p>\n
EFF Launches Open Source Code Security Program to Improve User Privacy
\nThe Electronic Frontier Foundation (EFF) has launched a new security initiative aimed at identifying vulnerabilities in open source code.
\nThe move is another sign of the open source world’s increasing interest in leveraging the the community to shore up software security in the wake of embarrassments like Heartbleed, the bug found in the popular OpenSSL cryptographic software library that led to so much trouble last year.
\nThe EFF announced the initiative, called the Security Vulnerability Disclosure Program, on Dec. 3.
\nThe organization, which advocates for online freedom and openness, describes the program as “a set of guidelines on how to report bugs in software EFF develops,” as well as in third-party software that the EFF uses.
\nThe EFF maintains several security tools that are popular among users interested in protecting their privacy, such as HTTPS Everywhere, a browser extension that provides SSL encryption for all Web traffic.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b850692793&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=163ff4ebd1)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: \u200bOpen source encryption? Now Netherlands votes to help fund security projects While November’s Paris attacks prompted US and European governments to revisit the debate over back-door policies to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1178","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1178"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1178\/revisions"}],"predecessor-version":[{"id":3665,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1178\/revisions\/3665"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}