Tag Archives: companies

[ISN] Broad use of cloud services leaves enterprise data vulnerable to theft, report says

www.networkworld.com/article/3025944/security/broad-use-of-cloud-services-leave-enterprise-data-vulnerable-to-theft-report-says.html By Patrick Nelson Network World Jan 25, 2016 Data theft is a very real and growing threat for companies that increasingly use cloud services, says a security firm. Workers who widely share documents stored in the cloud with clients, independent contractors, or even others within the company are creating a Swiss-cheese of security holes, a study by Blue Coat Systems has found. In some cases, cloud documents were publicly discoverable through Google searches, the researchers say of their analysis. ‘Broadly shared’ The study found that 26% of documents stored in cloud apps are shared so widely that they pose a security risk. Compounding the issue is that many organizations aren’t even aware of it. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cloud Security Alliance says infosec wonks would pay $1m ransoms

www.theregister.co.uk/2016/01/14/cloud_security_alliance_says_infosec_wonks_would_pay_1m_ransoms/ By Team Register 14 Jan 2016 Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with over 50,000 employees. Half of those responding were from the US, and a quarter from Europe, the Middle East and Africa. The report (PDF) found a quarter of respondents would pay ransoms to prevent the release of sensitive corporate data. 14 said they’d pay more than $1 million to black hats to prevent sensitive data dumps. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cloud Security Alliance says infosec wonks would pay $1m ransoms

www.theregister.co.uk/2016/01/14/cloud_security_alliance_says_infosec_wonks_would_pay_1m_ransoms/ By Team Register 14 Jan 2016 Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with over 50,000 employees. Half of those responding were from the US, and a quarter from Europe, the Middle East and Africa. The report (PDF) found a quarter of respondents would pay ransoms to prevent the release of sensitive corporate data. 14 said they’d pay more than $1 million to black hats to prevent sensitive data dumps. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/ By Kim Zetter Security Wired.com 01/13/16 ZERO-DAY EXPLOITS ARE a hacker’s best friend. They attack vulnerabilities in software that are unknown to the software maker and are therefore unpatched. Criminal hackers and intelligence agencies use zero day exploits to open a stealth door into your system, and because antivirus companies also don’t know about them, the exploits can remain undetected for years before they’re discovered. Until now, they’ve usually been uncovered only by chance. But researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it. And they did so by using only the faintest of clues to find it. The malware they found is a remote-code execution exploit that attacks a vulnerability in Microsoft’s widely used Silverlight software—a browser plug-in Netflix and other providers use to deliver streaming content to users. It’s also used in SCADA and other industrial control systems that are installed in critical infrastructure and industrial facilities. The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] Speak About Your Cyberwar at PHDays VI

Forwarded fFrom: Alexander Lashkov Positive Hack Days VI, the international forum on practical information security, opens Call for Papers. Our international program committee consisting of very competent and experienced experts will consider every application, whether from a novice or a recognized expert in information security, and select the best proposals. Now, more than ever before, cybersecurity specialists are being asked to stop sitting on the fence and choose a side — competitive intelligence vs DLP systems; security system developers vs targeted cyberattacks; cryptographers vs reverse engineers; hackers vs security operations centers. A new concept of PHDays VI is designed to show what the current vibe is in information security. We want researchers to speak about the real dangerous threats and possible consequences. We also expect developers and integrators to give real answers to these threats rather than to talk about empowering security technologies. Come and share your experience at PHDays VI in Moscow, May 17 and 18, 2016. Your topic can revolve around any modern infosec field: new targeted attacks against SCADA, new threats to medical equipment, vulnerabilities of online government services, unusual techniques to protect mobile apps, antisocial engineering in social networks, or what psychological constitution SOC experts have. In addition, this year, we are planning to discuss IS software design, development tools, and SSDL principles. Our key criteria is that your research should be unique and offer a fresh perspective on hacking, modern information technologies, and the role they play in our lives. If you have something interesting or surprising to share, but none of the formats are suitable for your participation, please apply anyway and be sure we will consider your work. The first stage of CFP ends on January 31, 2016. Apply now — the number of final reports is limited. In 2015, the forum brought together 3,500 participants. In 2016, it is expected to see 4,000 attendees: information security leaders, CIO and CISO of the world’s largest companies, top managers of giant banks, industrial and oil and gas producing enterprises, telecoms, and IT vendors, representatives from different government departments. Positive Hack Days featured a variety of distinguished participants including Bruce Schneier (the legendary cryptography expert), Whitfield Diffie (one of the inventors of asymmetric cryptography), Mohd Noor Amin (IMPACT, UN), Natalya Kasperskaya (CEO of InfoWatch), Travis Goodspeed (a reverse engineer and wireless enthusiast from the U.S.), Tao Wan (the founder of China Eagle Union), Nick Galbreath (Vice-President of IPONWEB), Mushtaq Ahmed (Emirates Airline), Marc Heuse (the developer of Hydra, Amap, and THC-IPV6), Karsten Nohl (a specialist in GSM engineering), Donato Ferrante and Luigi Auriemma (famous SCADA experts from Italy), and Alexander Peslyak (the creator of the password cracking tool John the Ripper). Find any details about the format, participation rules, and CFP instructions on the PHDays website: www.phdays.com/call_for_papers/


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] When the Internet of Things Starts to Feel Like the Internet of Shit

motherboard.vice.com/read/when-the-internet-of-things-starts-to-feel-like-the-internet-of-shit By LORENZO FRANCESCHI-BICCHIERAI STAFF WRITER Motherboard.vice.com December 17, 2015 If you listen to tech companies’ marketing reps, the future is made of internet connected devices that seamlessly talk to each other, as well as your smartphone, and turn your good-old house into a truly sci-fi-esque smart home where you don’t even need to think about turning up the heat or turning off the lights. Behold the shiny and intelligent future of the Internet of Things. What they don’t tell you is that as we put software into old-fashioned home appliances, there will be bugs that’ll make those appliances useless. The WiFi goes down? Put on a sweater because your smart thermostat might stop working. A lightbulb malfunctions? Your whole smart home stops working. And with bugs, there will be hackers ready to exploit them, either to creep out babies through hackable baby monitors, or to steal Gmail credentials through smart fridges. But that hasn’t stopped companies and questionable visionaries from imagining internet connected air fresheners, toilet paper holders, and even jump ropes. As more things from the Internet of Things start trickling into people’s homes, one Twitter account called “Internet of Shit” has been trying to shine a light into this bizarre and scary future with a steady stream of funny and smart (as in clever, not internet-connected) jokes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Global Payments to Buy Heartland for $4.3 Billion

www.bankinfosecurity.com/global-payments-to-buy-heartland-for-43-billion-a-8753 By Tracy Kitten @FraudBlogger Bank Info Security December 16, 2015 Two leading payments processors that each suffered massive data breaches are consolidating. Atlanta-based Global Payments Inc. plans to buy its smaller rival, Princeton, N.J.-based Heartland Payment Systems Inc., for $4.3 billion. The deal that is expected to close during the fiscal fourth quarter ending May 31, 2016. Industry observers are weighing in on whether the merged companies will successfully build a strong culture of security. “Heartland really took its breach to heart and was one of the best examples of how to learn from such an event and turn it into a leadership opportunity,” says Al Pascual, director of fraud and security at Javelin Strategy & Research. “I give the CEO [Bob Carr] a lot of credit for that. Global Payments was quite the opposite, with one of the least transparent breach events in the payments industry. I’m hoping the security culture of Heartland becomes the dominant one.” But Tom Wills, managing director of payments security consultancy Secure Strategies, says it could be difficult for the new company created through the merger to improve security. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] J.P. Morgan, BOA, Citi, And Wells Spending $1.5 Billion To Battle Cyber Crime

www.forbes.com/sites/stevemorgan/2015/12/13/j-p-morgan-boa-citi-and-wells-spending-1-5-billion-to-battle-cyber-crime/ By Steve Morgan Contributor Forbes / Tech Dec 13, 2015 There’s a showdown between the world’s largest corporations, governments, and cybersecurity companies who are going up against a global network of cyber criminals. The British insurance company Lloyd’s estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts put the cybercrime figure as high as $500 billion and more. The banking and financial services sector has been the prime target of cyber criminals over the last five years, followed by IT & telecom, defense, and the oil and gas sector, according to TechSci Research, an IT market intelligence firm. Infosecurity Magazine stated in an article earlier this year that financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries. Deloitte states that the financial services sector faces the greatest economic risk related to cybersecurity. The biggest U.S. banks are responding to the cyber crime epidemic with some of the biggest security budgets. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail