http://www.computerweekly.com/news/2240241763/Financial-sector-cloud-adoption-on-the-rise-despite-security-concerns By Caroline Donnelly ComputerWeekly.com 05 March 2015 The financial sector is slowly coming round to the idea of entrusting its apps and data to the cloud, but security remains a major stumbling block for many. That’s one of the key findings from the Cloud Security Alliance’s (CSA’s) latest research into how cloud is being used in the financial sector, which revealed more firms are using off-premise services but on a largely ad-hoc basis. The CipherCloud-sponsored report was compiled by CSA’s recently formed Financial Services Working Group (FSWG) and garnered responses from 102 participants – including banks, credit unions and insurance companies – across 20 countries. Out of those questioned, 61% of organisations said they’re in the throes of hammering out their cloud strategy, with between 39% and 47% looking to use a mix of in-house IT, private, public or hybrid off-premise environments. None of the participating organisations said they plan on adopting a public cloud-only strategy. […]
http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/ By Marc Rogers FEBRUARY 19, 2015 A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough they installed a weak certificate into the system in a way that means affected users cannot trust any secure connections they make – TO ANY SITE. We trust our hardware manufacturers to build products that are secure. In this current climate of rising cybercrime, if you cant trust your hardware manufacturer you are in a very difficult position. That manufacturer has a huge role to play in keeping you safe – from releasing patches to update software when vulnerabilities are found to behaving in a responsible manor with the data the collect and the privileged access they have to your hardware. When bad guys are able to get into the supply chain and install malware it is devastating. Often users find themselves with equipment that is compromised and are unable to do anything about it. When malware is installed with the access a manufacturer has it buries itself deep inside the system often with a level of access that often takes it beyond the reach of antivirus or other countermeasures. This is why it is all the more disappointing – and shocking – to find a manufacturer doing this to its customers voluntarily. Lenovo has partnered with a company called Superfish to install advertising software on it’s customer’s laptops. Under normal circumstances this would not be cause for concern. However Superfish’s software has quite a reputation. It is a notorious piece of “adware”, malicious advertising software. A quick search on Google reveals numerous links for pages containing everything from software to remove Superfish to consumers complaining about the presence of this malicious advertising tool. […]
http://healthitsecurity.com/2015/01/14/healthcare-cybersecurity-still-top-issue-says-chime-leader/ By Elizabeth Snell Health IT Security January 14, 2015 While new technology can give cyber criminals new outlets to gain access to protected health information (PHI), it also gives more opportunities to healthcare organizations to keep that data safe. Moreover, healthcare cybersecurity is an area that the College of Healthcare Information Management Executives (CHIME) hopes to be a leader in, according to 2015 CHIME Board of Trustees Chair Charles Christian, FCHIME, LCHIME, CHCIO. In an interview with EHRIntelligence.com, Christian explained that positive patient identification and cybersecurity are some of the top health IT challenges in 2015. The national patient identifier is one area in particular that has benefited from evolving technologies, Christian said. Now, there are numerous options that can protect data while it is in motion and at-rest. Moreover, one of CHIME’s goals is to ensure that its members are properly educated on the best practices to keep all data secure. The patient identifier is a critical matter for the healthcare industry, according to Christian. “We’re going to find that care for the patient is going to be provided at a much different level than it ever has before because they’re trying to bend the cost curve down,” he said. “In order to do that, they’re going to have to find other alternatives for primary or urgent care.” […]
http://www.csoonline.com/article/2863402/identity-access/free-tool-automates-phishing-attacks-for-wifi-passwords.html By Lucian Constantin IDG News Service Jan 5, 2015 A new open-source tool can be used to launch phishing attacks against users of wireless networks in order to steal their Wi-Fi access keys. Gaining access to a WPA-protected Wi-Fi network can be extremely valuable for attackers because it puts them behind the firewall, in what is generally a high-trust zone. This allows them to mount man-in-the-middle attacks against the network’s users to steal sensitive data and authentication cookies from unencrypted traffic. A common method of breaking into wireless networks that use the WPA2 (Wi-Fi Protected Access II) security protocol is to set up a rogue access point that mimics the real one
http://www.theguardian.com/technology/2014/nov/06/apple-mac-iphone-security-malware By Alex Hern The Guardian 6 November 2014 Users of Apple’s Mac OS X are being warned to watch out for not one, but two new weaknesses in the platform which can be used in attacks – one of which is already in the wild. The first, known as Rootpipe, affects multiple versions of Mac OS X, including the newest release, Yosemite. It lets an attacker gain “root” control of a computer, the highest level of access, without having to know a password. Rootpipe could theoretically allow a hacker to install any malicious software that could be used to steal credit cards details or other personal data, among other things. The other, called Wirelurker, is the first malware seen in the wild which targets iOS devices that haven’t been jailbroken. Wirelurker could be used to extract basic personal information from a phone. It tricks the user into installing it on their Mac, and then waits until an iPhone or iPad is plugged in over USB before using the trusted relationship between the two to install software on the mobile device. […]
http://www.bankinfosecurity.com/banks-concerns-about-cyberthreats-grow-a-7486 By Tracy Kitten Bank Info Security October 28, 2014 Banking leaders say they’re substantially more concerned today than they were just six months ago about cyber-attacks and geopolitical threats aimed at the global financial system. That’s according to a report covering results of a survey conducted during the third quarter and published last week by the Depository Trust & Clearing Corp. The DTCC provides clearing and settlement services for banking institutions. Participants in the survey included financial stakeholders from throughout the world. Since March, when the DTCC last conducted its Systemic Risk Barometer survey, more global banking leaders say they see ongoing cyber-risks as posing increasing concern. They rate cyberthreats as the No. 1 systemic risk facing the global economy today. Banking institutions and other financial services firms surveyed by the DTCC say that in the past 12 months, they have increased their investments in systems and technologies designed to monitor and mitigate systemic risks, such as cyber-attacks and economic recessions that could collapse the global financial system. […]
http://www.qianhuaweb.com/content/2014-10/22/content_5280999.htm [Google translation] By Jiang Tao and Guo Junyu China news agency October 22, 2014 Chinese Foreign Ministry spokeswoman Hua Chunying the 22nd at a regular press conference in Beijing, said the network security affairs consultation mechanism between Japan and South Korea for the first time the meeting discussed the fight against cybercrime and cyber-terrorism, emergency response cooperation and other issues of Internet. 21, Chinese Foreign Ministry Network Coordinator Ministry of Foreign Affairs of Japan, Ambassador network policy, South Korean Foreign Ministry in Beijing International Security Affairs Ambassador in Japan and South Korea co-hosted the network security affairs consultation mechanism first meeting. Hua Chunying said that the tripartite exchanged their network architecture policies and related mechanisms discussed cybersecurity code of conduct for responsible national and confidence-building measures, the Conference of the International Telecommunication Union, the ASEAN Regional Forum, the BRIC countries, the SCO and other international and areas related processes, to combat cyber crime and cyber terrorism, internet emergency response cooperation and other issues, and describes the relevant international conferences will be organized by the respective situation. Hua Chunying said the tripartite tentatively agreed to hold a second meeting will be held in South Korea next year. According to reports, Japan and South Korea in 2014 to establish the mechanism aimed at enhancing mutual trust and cooperation between the three countries in the network field.
http://www.itpro.co.uk/security/23124/amazon-fixes-security-flaw-in-kindle-ebooks By Clare Hopping IT Pro 17 Sep, 2014 Amazon has responded to complaints about malware present on Kindle ebooks by fixing the security flaw. Yesterday, it was revealed that some ebooks downloaded from the internet were installing malware on the ereader, meaning hackers could potentially gain access to users’ Amazon accounts or personal details for identity fraud purposes. Security researcher Benjamin Daniel Mussler uncovered the flaw and said Amazon was very much open to a cross-site scripting attack. The issue is not thought to affect people who buy their books from Amazon, but could arise if they use an illegal download or untrustworthy ebook site. […]