News Recap: Rise of Mobile Payments Dominates Security Concerns for 2015

By | January 8th, 2015|Uncategorized|

SecurityAs experts weighed in this week with their predictions on security trends that will shape the coming year, the growth of mobile payments and mobile banking quickly emerged as a popular topic of focus.

Steve Weisman of USA Today shared his predictions on top cyber trends to come in 2015, among them, the concern that as personal banking and financial transactions become “increasingly mobile,” they will become a larger target of hackers. Weisman points to Europe (which has implemented mobile banking for longer) as an example, saying we can learn from the issues the country has faced with hackers “even being able to defeat dual factor identification.” Weisman advises that “malicious apps that are unwittingly downloaded” are often a root cause of smartphone security, and that “limiting sources for apps to legitimate vendors can help limit vulnerability.”

Stuart Dredge of the Guardian also expressed his concerns with mobile payments, stating that “several security companies expect cyber criminals to crack [Apple Pay] and its rival services in 2015.” Dredge points specifically to the fact that cyber criminals will be looking for flaws in these newer systems, especially if user adoption picks up in 2015, as “hackers tend to attack popular platforms where the yield is likely high.”

Forbes contributor Sue Poremba also highlighted attacks against virtual payment systems as a key concern for 2015. Quoting Patrick Nielsen of Kaspersky Lab, Poremba writes that cyber criminals will focus on “attacks against banks/virtual currency operators, the end users and their devices, and everything in-between.” Nielsen comments that we have already seen “examples of malware stealing virtual wallets from users’ devices.”

When considering the biggest security trends to come this year, is the rise of mobile payments on your list? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: United Kingdom Increasing Cyber Security Initiatives

By | December 19th, 2014|Uncategorized|

60 MinutesThe UK minister for the Cabinet Office, Francis Maude, announced new cyber security initiatives taking place in Britain to make it a safer place to do business, reported Mike Hine with Infosecurity Magazine. Hine broke down the 24-page document into different initiatives, including:

  • Developing 13 cyber security “clusters” around the country
  • Providing financial assistance for universities to expand cyber security education
  • Creating a mentoring program that gives students and recent graduates the ability to be guided by professionals in the security industry
  • Re-launching a Scottish information sharing system
  • Developing a “new Cyber Security Information Sharing Partnership (CiSP)”
  • Creating “Cyber Camps” for recent college graduates

According to Doug Drinkwater of SC Magazine UK, “these objectives are backed by the £860 million National Cyber Security Programme, money which is going on improving the national sovereign capability for ‘detecting and defeating’ high-end cyber-threats, ensuring law enforcement has the appropriate skills and capabilities to tackle cyber-crime, and to keep critical UK systems and networks robust against cyber-threats.”

Maude shared the cyber security strategy of Britain’s government in a statement shared with the press:

“We have made significant strides towards all these goals this year and throughout the course of the Programme’s existence. The long-term economic plan of this government continues to make the UK one of the most secure places globally for cyber-innovation and commerce.”

Which of these initiatives do you think will be most effective? Should other countries adopt similar initiatives? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

News Recap: Banks May Face Cyber Security Assessments to Improve National Security

By | December 12th, 2014|Uncategorized|

60 MinutesThe U.S. government and the financial sector are trying to make cybersecurity a more prominent issue for the nation by performing cyber security assessments on banks.

Daniel Huang of the Wall Street Journal shared a recent letter to the financial industry from Benjamin Lawsky, superintendent of the Department of Financial Services. According to Huan, Lawsky’s letter outlined “issues the regulator intends to examine, including protocols for the detection and defense of cyber breaches, corporate governance, multi-factor authentication, and security of third-party vendors.” Huang notes, “New cybersecurity reviews will become regular, ongoing parts of all future bank examinations. They will be scheduled following the agency’s regular comprehensive risk assessments. Regulated banks are expected to prepare by providing the agency with greater transparency into its systems and processes.”

Ramsey Cox of The Hill reported “the Senate passed multiple measures directing the Department of Homeland Security (DHS) to deal with cybersecurity and anti-terrorism issues. The three bills were passed by voice vote on Wednesday, while the Senate tries to tie up legislative issues before the end of the year.” Cox shares a summary of each bill in the article.

Eric Hal Schwartz of Street Wise also shared news of recent government actions to combat the growing threats to the nation’s cyber security. Schwartz shared that, “Washington D.C. will get a $35 million cyber security center to help beat back digital attacks on civilians as part of the budget passed on Tuesday night by the House of Representatives.” According to Schwartz the location of this center is yet to be determined, but is speculated to be placed in the greater D.C. area.

As government bodies and industry leaders take steps to thwart cyber security flaws, how else can these entities lead the people towards improved cyber security? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: House Intelligence Committee Cybersecurity Hearing Summary

By | November 21st, 2014|Uncategorized|

News RecapThis week, the House of Representatives Intelligence Committee held a hearing on “Cybersecurity Threats: The Way Forward” to share why and how the United States should move forward in dealing with cybersecurity threats.

According to Reuters’ Patricia Zengerle, Director of the U.S. National Security Agency Admiral Mike Rogers stated that “China and ‘probably one or two’ other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies.” Hong Lei, a spokesperson from the Chinese Foreign Ministry, was in attendance and told reporters that “the Chinese government ‘forbids’ cyber hacking and that it is often a victim of such attacks that originate from the United States,” Zengerle reported.

Reporter Mark Hanrahan with International Business Times shares that “Rogers’ testimony comes just days after the USA Freedom Act – a bill that would have limited the agency’s surveillance powers – was voted down in the U.S. Senate. While the bill would have limited the NSA’s surveillance abilities, it also included an extension of the controversial Patriot Act.” Rogers also stated that lawmakers have attributed many breaches against the U.S. government and private companies to China.

Kristen Eichensehr with Just Security points out, “the hearing hit hard on the need for a way forward – but revealed little about what that way might be.” She reports that Rogers suggested two things needed to address cyber threats. The first was cyber threat information sharing legislation. The second was international norms of behavior for cyberspace. Currently, how to achieve either one is not clear.

How can cybersecurity officials set and enforce international cybersecurity norms? Do you believe cyber threat information sharing would help or hurt cybersecurity? What privacy issues arise when cyber threat information sharing occurs? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: US Postal Service Breach

By | November 14th, 2014|Breach, Uncategorized|

USPS BreachThis week, the United States Postal Service (USPS) became 2014’s latest data breach victim after a cyber attack targeting the organization’s computer systems resulted in the loss of employee information.

Devlin Barrett of the Wall Street Journal reported, “More than 800,000 people, including employees, top directors and regulators, could be affected by a computer systems breach that may have compromised data including names, Social Security numbers and addresses.” Barrett continued, “Employees, some retirees and staffers of the Postal Regulatory Commission, the U.S. Postal Inspection Service and the Postal Service Office of Inspector General have been affected… An unknown number of customers also could have been affected, though not to the same degree.”

Help Net Security shared a statement from the USPS, which said, “Postal Service transactional revenue systems in Post Offices as well as on where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.”

Ellen Nakashima of the Washington Post attributed the attack to hackers allegedly backed by the Chinese Government. Nakashima comments, “The Chinese government has consistently denied accusations that it engages in cyber theft and notes that Chinese law prohibits cybercrime. But China has been tied to several recent intrusions, including one into the computer systems of the Office of Personnel Management and another into the systems of a government contractor, USIS, that conducts security-clearance checks.” Nakashima also notes, “The intrusion into the USPS, officials said, was carried out by a sophisticated actor who did not appear to be interested in identity theft or credit card fraud.”

Does this particular incident have any unique implications impacting national security? While this breach did not necessarily result in the loss of consumer data, what safeguards or precautions should consumers be taking? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: WireLurker Malware

By | November 6th, 2014|Uncategorized|

WireLurkerResearchers at Palo Alto Networks announced this week that they have unearthed a new malware strain that targets Apple products. The malware has been dubbed “WireLurker.”

Brett Molina, of USA Today, reported, “security researchers have discovered new malware targeting Apple’s iOS mobile operating system and OS X for Macs that can be transmitted through USB connections.” Molina noted, “Thus far it’s limited to users in China who have downloaded infected apps from a third-party app store there. But security experts worry that with this ‘proof of concept’ example, it could spread.” Molina explained the significance of the discovery saying, “Historically Apple devices have been considered relatively safe from the viruses and malware that have long infected PCs and, increasingly, Android products.”

Help Net Security stated that WireLurker is “the first malware family to infect installed iOS applications in a way typical for a traditional virus. It is also the first malware that automates the generation of malicious iOS applications through binary file replacement.” Help Net Security summed up the purpose of the malware stating, “The OS X malware’s mission is to collect information about the iOS device connected to it and to infect it. The iOS malware’s [purpose] is to collect user data and send it to a server controlled by the attackers.”

WireLurker is yet another example of how malware attacks are so prevalent – even on mobile operating systems. What can users do protect their devices as well as their information from an attack like WireLurker? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: White House Breach Uncovered

By | October 30th, 2014|Breach, Uncategorized|

News RecapThe story filling headlines this week surrounds a breach of a number of White House computers.

Ellen Nakashima of The Washington Post reported, “Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion.” Nakashima quotes White House Officials saying, “In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network… We took immediate measures to evaluate and mitigate the activity… Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.” Unfortunately for the US government and other national organizations, this attack is not the first of its kind.

Adrian Diaconescu of Digital Trends commented, “Cyber security is becoming a bigger concern for government organizations around the world. Only weeks after a report surfaced that NATO’s PCs were breached by hackers… Hackers have also breached the White House computer network.” Diaconescu also shared that “White House officials are playing down the impact of security breaches. Reports suggested the latest breach was more of a nuisance than a real threat because no classified data was compromised, and the ‘intrusion’ was quickly contained. However, in the process of suppressing the threat, some network connections were briefly disturbed.”

From national organizations to ordinary citizens, what can be done to protect against threats? What do you make of this news from the White House? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Ebola Phishing and Malware

By | October 24th, 2014|Uncategorized|

PhishingEbola has caught the attention of consumers, the media and now cyber criminals. According to ZDNet’s Violet Blue, the United States of Computer Emergency Readiness Team (US-CERT) sent an alert for consumers to be on watch for email scams involving Ebola news as phishing bait. The alert stated, “Phishing emails may contain links that direct users to websites which collect personal information, such as login credentials, or contain malicious attachments that can infect a system.”

HelpNetSecurity’s Zeljka Zorz found that Hoax-Slayer compiled a list of Ebola-related phishing schemes. Fahmida Rashid from PC Magazine shared a list of subject lines email users should ignore, including: “Ebola Safety Tips-By WHO” and “HEALTH NEWS: Secret Cure for Ebola?” Rashid shared New York State Attorney General Eric Schneiderman’s warning about online cyber tricks: “Scammers are shamefully exploiting this moment of heightened concern about public health to defraud good people,” he said.

Not sure what to look for in a phishing scam? Rashid advises not to fall for “product pitches claiming a secret, miracle cure.” Fake products for sale can lead to cyber criminals stealing credit card numbers, she reports.

Why do cyber criminals take advantage of national public concerns? How can consumers identify phishing emails and what should businesses do to educate employees about avoiding phishing scams? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: An Update on the Shellshock Bug

By | October 9th, 2014|Uncategorized|

Shellshock BugOn September 24, 2014, the Shellshock bug was discovered, exposing vulnerabilities in Unix and Linux machines. The aftermath of the Shellshock bug has continued to stay in headlines as a wave of new vulnerabilities have emerged.

Threatpost’s Michael Mimoso explains that Shellshock has been actively exploited: “Analysis into the vulnerability and Bash behavior once it was patched gave birth to a half-dozen vulnerabilities in all, each with a different degree of severity.”For example, “Mayhem,” a type of malware that was discovered in April, is now using Shellshock as a way to infect servers.

“In the past, the malware used a PHP script to infect servers, but the latest version uploads a script in the Perl programming language via the Shellshock vulnerability,” said eWeek reporter Robert Lemos.

Some speculate that Shellshock may be worse than Heartbleed, but many experts believe that the worst of Shellshock is already behind us.

Tom’s Guide’s Marshall Honorof explains that the “bottom line is that while a very enterprising malefactor could use Shellshock’s tricks to affect a Windows system, system administrators can take prophylactic measures against it, and everyday users don’t have to worry about it. With fixes for the various affected Unix-like operating systems already being deployed as well, Shellshock’s potential impact should continue to diminish over time.”

Do you have any questions about Shellshock? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: FDA Establishes Cyber Security Guidelines for Medical Devices

By | October 2nd, 2014|Uncategorized|

Back to SchoolThe U.S. Food and Drug Administration (FDA) released cyber security guidelines for medical devices this week, recommending that manufacturers consider and submit cybersecurity risks associated with the medical device of their making and provide ways to mitigate risk via operating system and software updates.

USA Today’s Elizabeth Weise reported that the Director of Emergency Preparedness at the FDA’s Center for Devices and Radiological Health, Suzanne Schwartz, advocates for manufactures to stay diligent about protecting patients from cyber security risks.

“There’s no such thing as a threat-proof medical device,” said Schwartz in USA Today.

The FDA will host a two-day cyber security workshop for manufacturers, healthcare providers, engineers, IT professionals and others in Arlington, Virginia during October, reported InformationWeek’s Jai Vijayan. The purpose of this event is “to spur a discussion on the best ways to identify and mitigate cybersecurity vulnerabilities in commonly used medical devices.”

How will these guidelines shape the way medical devices are made in the future? What improvements – or problems – will arise from these guidelines? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories. You may also join us for our upcoming webinar on the topic of medical identity theft, where we will discuss a similar topic. Hope to see you there!

Load More Posts