February 13, 2017
Securitymagazine.com, February 10, 2017
A Clark School study at the University of Maryland is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average—and the non-secure usernames and passwords we use that give attackers more chance of success.
Globalbankingandfinance.com, February 9, 2017
Security breaches will be top of mind for all business professionals in 2017 and especially for those in financial services where the ramifications of a breach can cost an organisation millions of pounds. However, contrary to what the flurry of news over cyber-attacks would have you believe, the majority of these breaches were not caused by hackers, but by lost or stolen laptops and mobile phones. While hacking accounted for 1 in 5 of all breaches, lost or stolen laptops were responsible for more than a quarter.
Paul Brandau, Delta-risk.net, February 8, 2017
Every year, Delta Risk conducts hundreds of cyber security assessments, including penetration testing, for a wide range of commercial and public sector clients. Many of these organizations share similar weaknesses in their people, processes, and technology. But each assessment also presents new technical challenges for us to solve. In this five-part blog series, we’ll discuss our findings from external pen tests, also known as ethical hacking, against enterprise customers who have already implemented standard security best practices such as two-factor authentication (smart cards), identity access management controls, restricted administrative privileges, and spam filtering.
Lucian Constantin, Csoonline.com, February 10, 2017
Up to 20 attackers or groups of attackers are defacing WordPress websites that haven’t yet applied a recent patch for a critical vulnerability.
The vulnerability, located in the platform’s REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability’s existence until a week later, to allow enough time for a large number of users to deploy the update.
Kevin Ingram, Cfo.com, February 9, 2017
Cyber crime groups are increasingly operating like traditional businesses.
Will this new professionalism lead to more attacks on companies?
“What are we doing to protect ourselves from cyberattacks?”
It’s a question every CFO eventually asks their team. Although the question suggests IT-specific concerns like malware, firewalls, and virus scans, CFOs need to pause and broaden their perspective, examine cyber-related business risk in the areas of physical security and in industrial controls as well.
Michael Kan, Computerworld.com, February 13, 2017
Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data — by shutting down entire computer systems to utilities or factories.
Jeremy Kirk, Bankinfosecurity.com, February 13, 2017
A cyberattack first discovered in Poland is unfurling a bundle of technical clues that point to a larger global campaign against financial institutions, possibly executed by the Lazarus hacking group, which apparently was involved in the breach of Sony Pictures Entertainment and the theft of $81 million from Bangladesh Bank
Matt Hamblen, Computerworld.com, February 9, 2017
Fileless malware attacks, which were recently discovered in the networks of at least 140 banks, telecoms and governments, account for about 15% of known attacks today and have been around for years in different forms.
Oscar Williams-Grut, Businessinsider.com, February 8, 2017
Fintech business GoCardless is offering some customers free credit monitoring for a year after admitting 19 laptops containing personal information were stolen from its offices.
Behnam Dayanim and Quinn Dang, Paulhastings.com, February 07, 2017
New York’s top banking regulator, the New York Department of Financial Services (“NYDFS”), recently issued a revised rule, effective March 1, 2017, that requires banks, insurance companies and other financial institutions regulated by NYDFS to establish and maintain a comprehensive cybersecurity program to respond to the growing threat of cyber-attacks.