[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
RIGGING COMPROMISE – RIG EXPLOIT KIT
\nExploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload.
\nOne of the challenges with exploit kits is at any given time there are numerous kits active on the Internet.
\nRIG is one of these exploit kits that is always around delivering malicious payloads to unsuspecting users.
\nRIG first appeared in our telemetry back in November of 2013, back then we referred to it as Goon, today it’s known as RIG.
\nWe started focusing on RIG and found some interesting data similar to what we found while analyzing Angler.
\nThis post will discuss RIG, findings in the data, and what actions were taken as a result.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fb4d16aa9d&e=20056c7556<\/p>\n
Eight arrested in eastern Europe over ATM malware attacks
\nEuropol has announced the takedown of an international criminal group believed to be behind a series of ATM malware attacks dating back to at least 2014.
\nSaid to be one of the first operations of this type in Europe, it resulted in multiple house searches and arrests in Romania and the Republic of Moldova.
\nUsing malware dubbed Tyupkin, the suspects were allegedly able to empty cash from ATM machines on demand following the successful installation of a trojan.
\nCalled \u201cATM jackpotting\u201d, the exploit allowed attackers to empty infected machines by issuing commands via the machine’s pin pad.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5feffb1402&e=20056c7556<\/p>\n
Trend Micro: Internet scum grab Let’s Encrypt certs to shield malware
\nUpdated It was inevitable.
\nTrend Micro says it has spotted crooks abusing the free Let’s Encrypt certificate system to smuggle malware onto computers.
\nThe security biz’s fraud bod Joseph Chen noticed the caper on December 21.
\nFolks in Japan visited a website that served up malware over encrypted HTTPS using a Let’s Encrypt-issued cert.
\nThe site used the Angler Exploit Kit to infect their machines with the software nasty, which is designed to raid their online bank accounts.
\nThe use of encryption shields the malware from network security scanners while in transit, and the certificate helps legitimize the malicious site.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d88818e8fa&e=20056c7556<\/p>\n
Daimler selects OT to connect its cars securely
\nDaimler AG (Xetra:DAI.DE), a large producer of premium cars and a manufacturer of commercial vehicles, and Oberthur Technologies (OT), a provider of embedded security software products, services and solutions, announced on Wednesday a new partnership to connect Mercedes-Benz passenger cars with OT’s embedded remotely programmable SIM.
\nReportedly, this disruptive embedded connectivity solution will be implemented in Daimler’s vehicles starting with the new Mercedes-Benz E-class from March 2016.
\nAccording to the companies, with OT’s automotive-graded eUICC called DIM DakOTa Auto and OT’s M-Connect solution, Daimler will simplify the integration and management of the Mobile Network Operator (MNO) subscriptions in the cars during their entire life cycle.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d6a9ecabd9&e=20056c7556<\/p>\n
5 things hackers love to see you share on social media
\nTo help you play it safe, here’s a list of things you should never share on social media.
\n1) Your Phone Number\u2028
\n2) Your Home Address
\n3) Your New Credit Card
\n4) Hacker-Targeted Hashtags
\n5) Where You’ve Checked In
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b196e334d7&e=20056c7556<\/p>\n
Common pins an easy target for thieves and hackers
\nPresident of DataGenetics.com Nick Berry completed a study of almost 3.4 million leaked four digit passwords to discover what the most common and least common personal identification numbers were.
\nUnsurprisingly he found the most common was 1234, with 10.713 per cent of people using that number.
\n1111 came next with more than six per cent of people sticking to ones.
\nOther common codes included 0000, 1010, 6666 and 4321.
\nOn the other end of the scale, 8086 was the least common PIN with only 25 occurrences in 3.4 million.
\n\u201cNAB advises customers to help minimise fraud by keeping their PIN a secret,\u201d spokeswoman Elise Huck said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0cc303cad0&e=20056c7556<\/p>\n
Cyber security takes centre stage at Security & Counter Terror Expo 2016
\nDavid Thompson, Security & Counter Terror Expo Event Manager, said: \u201cThe threat posed by terrorists is now multi-faceted with groups utilising technology as a key weapon in their arsenal.
\nTargets are becoming more diverse, as are the methods employed by those that seek to do us harm.
\nSecurity & Counter Terror Expo will reflect these developments, showcasing cutting-edge technology while exploring the latest cyber security strategies.
\nThe event has an increased focus on uniting domestic and international professionals, and will include a host of features that benefit those working in the public and private sectors.
\nAlongside the exhibition, leading figures will discuss the latest solutions and strategies at the Cyber Threat Intelligence Conference.
\nPresented by techUK, the representative body for the UK\u2019s technology industry, the sessions will bring together all those who work to prevent cyber terrorism and crime.
\nAmong the topics to be discussed will be an overview of global cyber security threats and how to mitigate against them.
\nKey speakers will include Chris Gibson, Director at CERT-UK; Richard Parris, Chairman and Chief Executive of Intercede; Prof.
\nChris Hankin, Director at the Institute for Security Science and Technology; and representatives from the National Crime Agency\u2019s National Cyber Crime Unit.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=97929d1eea&e=20056c7556<\/p>\n
Figuring Out What Happened After a Data Breach
\nAs management consultant Peter Drucker once said, the only thing that\u2019s inevitable in the life of the leader is the crisis.
\nOnce a security incident or confirmed breach unfolds, you\u2019re in the spotlight.
\nIt\u2019s your testing time to see what you\u2019re really made of.
\nWhy not start working on making yourself look good today?
\nApplying this to security incidents and data breaches, you can step back and take a look at the bigger picture of what\u2019s going on and what it\u2019s going to take to resolve the challenge by asking the following questions:
\n\u2022 What has actually happened?
\n\u2022 How did it happen?
\n\u2022 What was impacted?
\n\u2022 Who\/what information was involved?
\n\u2022 Who else needs to be on the response team?
\n\u2022 What are the next steps?
\nFigure out what the worst thing is that could happen, do everything within reason to make sure that it doesn\u2019t happen and then have a plan to minimize the impact of any residual risks.
\nIt\u2019s really as simple as that.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1dc165f693&e=20056c7556<\/p>\n
Does a data breach really affect your firm\u2019s reputation?
\nOne thing is clear; a data breach is a PR and financial disaster.
\nCompanies often spot the intrusion too late, and respond inadequately, resulting in falling (temporary) sales and journalist outrage.
\nIt\u2019s true to say that customer loyalty damage is done in the event of a breach, and that sales do take a nose-dive.
\nTarget\u2019s sales fell by 46 percent year-on-year in the fourth quarter of 2013 to $520 million (or 81 cents a share), while eBay (breached mid 2014) admitted declining user activity impacted its quarterly net revenue.
\nThere are other financial costs to bear, including additional security (pen testers, consultants, security vendors, PRs and lawyers), litigation and fines by data protection authorities.
\nReputational damage sees a differing of opinion, though.
\nInfoSec folk largely agree that breaches impact on the bottom line, but that \u2013 managed and responded to adequately \u2013 it can become business as usual (BAU).
\nStock prices recover, and stake holders are appeased.
\nData protection authorities can be held off at arm\u2019s length.
\nEarlier this year, Ponemon Institute\u2019s “The Aftermath of a Mega Data Breach: Consumer Sentiment,” revealed that data breaches was up there with poor customer service and environmental disasters for impacting brand reputation.
\nElsewhere and the Forbes Insights report, \u2018Fallout: The Reputational Impact of IT Risk\u2019, indicated that 46 percent of organizations had suffered damage to their reputations and brand value as a result of a breach.
\nAnother 19 percent of organizations suffered reputational and brand damage as a result of a third-party security breach or IT system failure.
\n\u201cWhat C-levels want from a CISO is a risk metric and a value in terms of cost.
\nThey want to understand exactly what their liability will be if such an event were to take place.
\nCISOs need to be able to give C-level execs a definitive answer on this, yet often it\u2019s hard as asset registers are missing, digital footprints are unknown, risk models are complex and claim forms are dubious.
\nIt\u2019s clear then that breaches do result in damaged trust, to a degree brand reputation, and bottom line.
\nTarget and JP Morgan pledged to spend additional $100 million and $500 million on security post-breach, while Target also had to pay back card issuers, and lost $236 million in breach-related costs ($90 million of which was offset by insurance).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4ab1f96f20&e=20056c7556<\/p>\n
Higher fines for privacy breaches and data breach notification duty enter into force on 1 January 2016
\nRecently the Dutch Senate passed the bill on data breach notifications and sanctions.
\nThis bill introduces higher fines for non-compliance with the Dutch Data Protection Act.
\nIn addition, companies will be obliged to notify the Dutch Data Protection Authority (\u201cDPA\u201d) immediately of any data breach.
\nDepending on the exact circumstances, data subjects will also have to be notified if their data are compromised.
\nNon-compliance with privacy laws can lead to an administrative fine for each violation, the amount of which can be up to a maximum of EUR 810,000 or 10% of the company\u2019s annual net turnover.
\nThe new legislation will enter into force on 1 January 2016.
\nThe new amendments to the Dutch Data Protection Act will allow the DPA to impose fines for the violation of a large number of general obligations (see the amended Article 66 of the Dutch Data Protection Act).
\nThese fines vary from a minimum of EUR 20,250, for relatively minor violations, to a maximum of EUR 810,000, for deliberate or repeated violations.
\nFor legal entities, the amount of the fine is not fixed: if the highest fine category is not sufficiently punitive, the violation can be sanctioned by a fine equal to 10% of the company\u2019s annual net turnover.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6f62776c14&e=20056c7556<\/p>\n
The secure GC: Data breach preparedness through auditing
\nWhen a data breach occurs, the immediate hours after are both chaotic and critical to an effective response.
\nPreparation is therefore essential.
\nOne component of executing an effective breach response is a solid understanding of the contractual contours between contributing or impacted third parties.
\nScouring a contract management system, or worse, a file cabinet of paper contracts to understand relevant third party relationships and obligations in the heat of a breach could therefore result in the organization spinning its wheels when it should be implementing its data breach response plan.
\nAuditing, extracting key provisions, and organizing those provisions before a breach occurs can therefore be a valuable tool in responding to an incident or full-scale data security crisis.
\nBut, how can inside counsel be secure in her belief that she\u2019s cataloged the most relevant provisions to a breach response.
\nCollecting and understanding the following provisions in third party agreements is a good starting point for preparedness when a breach occurs.<\/p>\n
-Security-Related Service Responsibilities
\n-Governance
\n-Breach Notification Obligations
\n-Data Encryption Provisions
\n-Audit Provisions
\n-Insurance Coverage
\n-Expense Reimbursement
\n-Termination Rights<\/p>\n
Controlling the chaos of a breach response is more than half the battle.
\nBy taking the time to audit, consolidate, and organize the key contractual provisions with third parties related to data security management before a breach, inside counsel will take a significant step toward a successful data breach response.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=09f3d386d0&e=20056c7556<\/p>\n
Samsung Portable SSD T3 offers increased data security and portability
\nSamsung announced the Samsung Portable SSD T3, a palm-sized, external SSD that offers multi-terabyte storage capacity.
\nDesigned specifically for today\u2019s mobile lifestyle, the Portable SSD T3 is compact, lightweight and durable.
\nThe drive is smaller than an average business card and weighs a mere 50 grams approximately (less than two ounces), allowing users to easily carry large amounts of data with them anywhere.
\nThe drive has a simple set-up process for users, with one user-set password.
\nThe drive is equipped with AES 256-bit hardware encryption for the high level of security and protection across Windows, Mac and Android OS based devices.
\nEven if the drive should fall into the wrong hands, the data stored on it would be inaccessible.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bd65430077&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=dca6476ccf)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: RIGGING COMPROMISE – RIG EXPLOIT KIT Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1184","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1184"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1184\/revisions"}],"predecessor-version":[{"id":3671,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1184\/revisions\/3671"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}