Top CyberSecurity News For 29th August 2016

  1. Cyber security should be expanded to other departments other than IT: CII-KPMG reportFrom Cyber threats today are no longer restricted to a company’s communications and IT domains, calling for more than just technical controls to avert attacks and protect the business from future risks and breaches, a new report said. According to the joint report of the Confederation of Indian Industry (CII) and KPMG, cyber security today embraces multiple units of an organization like human resource, supply chain, administration and infrastructure. It, therefore, requires governance at the highest levels. “It is vital to keep pace with the changing regulatory and technology landscape to safeguard and advance business objectives. Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust,” said Richard Rekhy, Chief Executive Officer, KPMG, India.

Top CyberSecurity News For 9th June 2016

  1. Companies Are Stockpiling Bitcoin in Case They Get Infected with RansomwareFrom Softpedia.  According to the numbers crunched by Citrix and Censuswide, who polled 250 UK IT and security managers, one in three UK businesses is now creating a backup account for holding cryptocurrency such as Bitcoin in the event of a cyber-attack. Companies are willing to pay as much as £50,000 ($72,700) to unlock their computers and retrieve their IP (intellectual property) in case ransomware somehow makes it into their network. The exact percentages are 36 percent of the companies with 250-500 employees, 57 percent of the businesses with 501-1,000 employees, and 18 percent of the firms with over 2,000 employees.
  2. Enterprises Still Don’t Base Vuln Remediation On RiskFrom Dark Reading. “Despite the growing number of breaches, the state of application security is not improving significantly,” says Asma Zubair, director of product management for WhiteHat. “Applications continue to remain vulnerable. About one-third of insurance applications, about 40 percent of banking and financial services applications, about half of healthcare and retail applications, and more than half of manufacturing, food and beverage, and IT applications are always vulnerable.”

Top CyberSecurity News For June 2nd 2016

  1. CIOs, CISOs share advice on selling cybersecurity to the C-suite. From HealthCare IT News. Texas Children’s CISO Sanjeev Sah said hospitals must master the basics because there’s no way to protect against advanced threats if you do not. When UC Irvine Health CIO Chuck Podesta needed a bigger security budget he walked the hospital’s chief executive through a typical data breach or loss scenario. The last bullet point: CEO apologizes to the public.
  2. Got $90,000? A Windows 0-Day Could Be Yours. From Krebs On Security. How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.

Top CyberSecurity News For June 1st 2016

  1. J.P. Morgan’s CIO on the Bank’s Security Game PlanFrom WSJ.   Facing fierce competition from upstarts in the financial technology, or “fintech,” space, along with constant cybersecurity threats, J.P. Morgan is betting that tech will be an industry game-changer. That’s where Dana Deasy, the bank’s chief information officer, comes in. Mr. Deasy oversees a $9.4 billion technology budget at J.P. Morgan, including about $3 billion in new investments, that is growing—a rarity in size and allocation among large banks. He leads 44,000 technology employees, including more than 18,000 developers.

  2. I Was Hacked by ISIS. From Boston Review. I was a victim of treachery: one of about 3,000 New Yorkers whose names and “personal information” (the cops didn’t know what) had been hacked from some database (they didn’t know which) and posted to some website (also, no further details). The hackers belonged to the United Cyber Caliphate, which, the police told me, “has some connection with ISIS.”
  3. Hackers want you to continue ignoring this critical home cybersecurity flaw. From American Enterprise Institute. Routers are thus fast becoming rich targets for hackers. In 2012, Kaspersky Labs discovered that cybercriminals had hacked into more than 4.5 million home DSL routers in Brazil by exploiting a chip vulnerability, manipulating router DNS settings to disguise fake infected websites as legitimate ones. Unsuspecting users were thus tricked into downloading malware that stole their passwords and banking information, earning one hacker more than $50,000.

Top CyberSecurity News For 12th May 2016

  1. BOE’s Cyber Chief Says Hacking Is an Ongoing Danger for BanksFrom Bloomberg. The Bank of England’s chief information-security officer said cyber attacks are an ongoing danger for firms and building defenses isn’t just a technical issue. In a speech in London, Will Brandon said executives must “get away from the perception that cyber is just a technology problem that can be solved entirely through engineering solutions.” That’s because hackers can take advantage of people within companies to gain access to systems, he said.

  2. IBM’s Watson is going to cybersecurity schoolFrom Computerworld.  It’s no secret that much of the wisdom of the world lies in unstructured data, or the kind that’s not necessarily quantifiable and tidy. So it is in cybersecurity, and now IBM is putting Watson to work to make that knowledge more accessible. Towards that end, IBM Security on Tuesday announced a new year-long research project through which it will collaborate with eight universities to help train its Watson artificial intelligence system to tackle cybercrime.
  3. Why cyber tools are not total solutionsFrom FederalTimes. According to Cybersecurity Ventures’ Cybersecurity Market Report for Q4 2015, “Market research firm Gartner says global spending on IT security is set to increase 4.7 percent in 2015 to $75.4 billion, and the world will spend $101 billion on information security in 2018.” After attending the 2016 RSA conference, it is obvious that attendance at the show reflects these numbers. The money and time being spent in this area are simply mind-numbing.

Top CyberSecurity News For 5th May 2016

  1. Edward Snowden: ‘Governments can reduce our dignity to that of tagged animals’. From Guardian. In this foreword from The Assassination Complex, a new book about drone warfare, the whistleblower explains why leaking information about wrongdoing is a vital act of resistance. One of the challenges of being a whistleblower is living with the knowledge that people continue to sit, just as you did, at those desks, in that unit, throughout the agency; who see what you saw and comply in silence, without resistance or complaint. They learn to live not just with untruths but with unnecessary untruths, dangerous untruths, corrosive untruths. It is a double tragedy: what begins as a survival strategy ends with the compromise of the human being it sought to preserve and the diminishing of the democracy meant to justify the sacrifice.

  2. Samsung Smart Home flaws let hackers make keys to front doorFrom ArsTechnica. Computer scientists have discovered vulnerabilities in Samsung’s Smart Home automation system that allowed them to carry out a host of remote attacks, including digitally picking connected door locks from anywhere in the world. The attack, one of several proof-of-concept exploits devised by researchers from the University of Michigan, worked against Samsung’s SmartThings, one of the leading Internet of Things (IoT) platforms for connecting electronic locks, thermostats, ovens, and security systems in homes. The researchers said the attacks were made possible by two intrinsic design flaws in the SmartThings framework that aren’t easily fixed. They went on to say that consumers should think twice before using the system to connect door locks and other security-critical components.

  3. On Cyber Security, Non-Executive Directors Had Better Speak UpFrom Forbes. The cyber threat posed to corporations needs little explanation these days. The potential impact of an attack is so great as to threaten the very existence of some businesses and to cause severe losses to others. Had Sony or Saudi Aramco been retailers with average cash reserves, the loss of their entire networks as the result of attacks might have proven existential given the length and depth of their cyber crises. The data losses suffered by Target and Heartland were significant enough, but to add insult to injury, the remaining directors of these companies and others are now subject to shareholder derivative and securities lawsuits—This despite being victims of a crime. For most corporations, it is generally understood that this is no longer an exotic risk buried in the detail of risk register to be left to the IT Department. Rather it is a very significant challenge of direct concern to the board.

  4. Sources: Trump Hotels Breached AgainFrom KrebsOnSecurity (Archived, April 4 2016).  Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year. A representative from Trump Hotels said the organization was investigating the claims. “We are in the midst of a thorough investigation on this matter,” the company said in a written statement. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

  5. What is Zero Trust Network Segmentation? From Palo Alto Networks. The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective. There is inadequate visibility, control and protection of user and application traffic transiting high-risk network boundaries, and an outdated assumption that everything on the inside of an organization’s network should be trusted. The Zero Trust architecture approach, first proposed by Forrester Research, is intended to address this by promoting “never trust, always verify” as its guiding principle. With Zero Trust there is no default trust for any entity — including users, devices, applications, and packets — regardless of what it is and its location on or relative to the corporate network. By establishing Zero Trust boundaries that effectively compartmentalize different segments of the network, you can protect critical intellectual property from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout your network.