background preloader

Information Assurance

Facebook Twitter

Cyber insurance market to hit US$10 billion by 2020. Posted on 03 August 2015.

Cyber insurance market to hit US$10 billion by 2020

Continued and sustained cyberattacks are having a ruinous effect on enterprises and driving up the cost of incident response. With over 900 million reported records exposed in 2014, more companies are seriously starting to consider transferring risks to insurance providers. Despite growing awareness of vulnerability to breaches and risk management strategies however, less than 20% of large enterprises avail themselves of cyber insurance.

Newsletters - Newsbites. SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week.

Newsletters - Newsbites

Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday. Sign Up Now Volume XVII - Issue #58 July 28, 2015 Fiat Chrysler Recall US Power Grid Vulnerable Pakistan Bans Blackberry Enterprise Server. Amazon proposes a slice of the sky for commercial drones. Nokia Technologies plans to return to the consumer market, focusing on virtual reality rather than the cell phones that made it famous.

Amazon proposes a slice of the sky for commercial drones

The Finnish company -- what was left of the former cell phone giant after Microsoft bought its handset division last year -- on Tuesday night unveiled Ozo, a next-generation camera for capturing 360-degree video and audio. Unveiled at an entertainment industry event in Los Angeles, the orb-shaped camera is designed for professional content creators rather than consumers. "Ozo aims to advance the next wave of innovation in VR by putting powerful tools in the hands of professionals who will create amazing experiences for people around the world," Ramzi Haidamus, president of Nokia Technologies, said in a statement.

"We expect that virtual reality experiences will soon radically enhance the way people communicate and connect to stories, entertainment, world events and each other. Newsletters - Newsbites. SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week.

Newsletters - Newsbites

Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday. Sign Up Now. The Age of Mercenary Employees. When my grandfather entered the workplace, he started working at a softdrink company.

The Age of Mercenary Employees

This was right after WWII. Eventually the company got bought out and became Safeway. He retired from Safeway. Commix - Command injection and exploitation tool : netsec. 'GSMem' malware designed to infiltrate air-gapped computers, steal data. July 27, 2015 Israeli researchers detailed a new attack that can steal data from air-gapped computers, which are often seen as a reliably safe.

'GSMem' malware designed to infiltrate air-gapped computers, steal data

Newly designed malware could, if properly replicated, allow an attacker to pick up the data of air-gapped computers, which are typically thought of as relatively secure. GSMem, as the researchers call it, exploits electromagnetic radiation (EMR) emissions and forces a computer's memory bus to function similarly to an antenna in order to wirelessly transmit data to a phone over cellular frequencies. The Israeli researchers will open their paper, “GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies” to the public once they present it at the USENIX Security Symposium in August. The malware runs in conjunction with a mobile rootkit embedded in the baseband firmware of a cell phone. But once both the rootkit and the malware are successfully implemented, data transmissions can be received from 3 to 18 feet away.

Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch. Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.

Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch

Researchers have uncovered a remote code execution Android vulnerability that could be exploited with only a malicious media file and a phone number. The bug in Android's Stagefright multimedia playback engine leaves 95 percent of Android devices worldwide critically exposed. Newsletters - Newsbites. SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week.

Newsletters - Newsbites

Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday. Sign Up Now Volume XVII - Issue #57 July 24, 2015 July 21, 2015, is likely to be remembered as the first day of the "era of cyber liability. "

Newsletters - Newsbites. SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week.

Newsletters - Newsbites

Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday. Mobile penetration testing on Android using Drozer : netsec. Foreign hackers briefly commandeer German missile systems. Kali Linux 2 Release Date Set: August 11th : netsec. Underwriters Laboratories To Launch Cyber Security Certification Program. Meanwhile, UL is also in discussion with the White House on its plans to foster standards for Internet of Things security.

Underwriters Laboratories To Launch Cyber Security Certification Program

It appears the White House's vision of an Underwriters Laboratories-type certification for Internet of Things products could become a reality: a UL official says the organization is involved with the US government's initiative to promote such security certification standards. "We are involved with those initiatives," says Maarten Bron, director of innovations at UL, of the White House's interest in coming up with a UL-type program for increasingly Internet-connected consumer devices. "The White House is trying to achieve is to foster collaboration between private and government sectors to come up with these standards … Plans are still in the making from the White House" side, he says, so he can't share any additional details at this time. UL, meanwhile, also is putting the final touches on a test and certification program of its own for IoT products, Bron says.

Media Streaming Company Plex Hacked, Blackmailed. The creators of Plex, the popular suite of software and services used for organizing and streaming digital media, are advising customers to change their passwords after a hacker breached at least one of the company’s servers. In a security notice sent out to affected customers, Plex says the compromised server hosts its forums and blog. The attacker gained access to IP addresses, email addresses, hashed and salted passwords, and private messages. Credit card and other payment data is not stored on the company’s servers. MasterCard to trial using selfies as authentication. MasterCard users may soon be able to pay for online purchases with their face or finger, with the payments giant to begin experimenting with facial-scan technology as well as fingerprint identification in an attempt to eliminate digital fraud. According to a report by CNNMoney, MasterCard will launch a pilot program with 500 participants over the next few months to develop the infrastructure to approve purchases without the need to enter a password.

MasterCard currently employs a SecureCode service that requires customers to enter a password upon checkout in an effort to protect against unauthorised credit card use when shopping online. While biometric recognition technology is the next step in convenience, it still requires an authentication procedure. According to the report, authorisation will be done via one of two methods. "The new generation, which is into selfies ... Malware on Tactical Assault Gear website targets customer information. June 29, 2015 North Carolina-based LC Industries, Inc., which operates the Tactical Assault Gear website, is notifying thousands of customers that malware discovered on the website was being used to gain access to personal information. How many victims? 3,754. What type of personal information? Names, email addresses, website account usernames, passwords, credit card numbers, security codes, and expiration dates.

ClamXav: Transition to Commercial Product : netsec. Find Your Passion. Nothing sucks worse than giving a presentation that you're not passionate about. CIA-funded spy data safe Palantir doubles in value in 18 months. CIA-backed Big Data analytics outfit Palantir is about to embark on a fundraising round that will value the biz at $20bn (£13bn), according to reports. The funding comes off the back of bumper forward revenues this year, sources have told The Financial Times [paywall].

It means Palantir will become one of the most valuable private companies in Silicon Valley, the un-named blabber-mouths told the paper. Palantir is best known for running data centres for US intelligence and military services. However, its tech is also used for analysing large amounts of data from disparate sources, and it lists its main clients as government, financial institutions and pharma companies. Detect/Block BeEF hooks in Chrome PoC and walk-through : netsec.

First look at the Pwn Pad 3, the latest in mobile security mayhem. Pwnie Express, the company that began as a builder of "drop boxes" for penetration testers and white-hat corporate hackers, has been evolving toward a more full-service security auditing platform vendor over the past few years while continuing to refine its hardware and software in ways that appeal to the corporate security set.

Now Pwnie has released the third generation of its flagship mobile penetration testing platform, the Pwn Pad, bringing the Android and Kali Linux-based platform a step further away from the rough-hewn penetration testing tools it began with and into the realm of something with a lot more polish—and performance. SCADA Systems Offered for Sale in the Underground Economy. SCADA, Supervisory Control and Data Acquisitions, are computer systems that control various real-world equipment.

These machines are crucial parts of production lines, power plants and nuclear facilities. NIST issues 'don't be stupid' security guidelines for contractors. Polish LOT aeroplanes grounded by computer hack. WikiLeaks says it's leaking over 500,000 Saudi documents. ISTANBUL (AP) — WikiLeaks is in the process of publishing more than 500,000 Saudi diplomatic documents to the Internet, the transparency website said Friday, a move that echoes its famous release of U.S.

State Department cables in 2010. WikiLeaks said in a statement that it has already posted roughly 60,000 files. We Don't Need No Stinkin' PSExec - TrustedSec : netsec. Black Hat Arsenal USA 2015 Speakers Lineup. Gcat - A stealthy Python based backdoor that uses Gmail as a C&C server : netsec. Union: Hackers have personnel data on every federal employee.

WASHINGTON (AP) — Hackers stole personnel data and Social Security numbers for every federal employee, a government worker union said Thursday, saying that the cyber theft of U.S. employee information was more damaging than the Obama administration has acknowledged. Sen. Verizon release DBIR Attack Graph Analysis tool : netsec. Hacker Can Send Fatal Dose to Hospital Drug Pumps. When security researcher Billy Rios reported earlier this year that he’d found vulnerabilities in a popular drug infusion pump that would allow a hacker to raise the dosage limit on medication delivered to patients, there was little cause for concern. Heartland Payment Systems Suffers Data Breach. A fundamental shift in security spending. Posted on 01 June 2015. North Korean hackers 'could kill', warns key defector. Feedback Friday: Industry Reactions to Wassenaar Arrangement. Many cybersecurity experts have raised concerns after the Bureau of Industry and Security (BIS) published a proposal for the implementation of the Wassenaar Arrangement with regard to cyber weapons.

FUD Watch: The Marketing Of Security Vulnerabilities. Insurer tells hospitals: You let hackers in, we're not bailing you out. Stegosploit - Hacking with Pictures : netsec. Complex security solutions are exposing companies to risk. Arms control treaty could land security researchers like me in jail. Study: Average cost of data breach is $6.5M. 1.1 Million Affected by CareFirst BlueCross BlueShield Breach. Researchers publish developer guidance for medical device security. Hacker leaks sensitive info of millions of Adult FriendFinder users. Why So Many Data Breach Lawsuits Fail. Cuba says in advanced talks with China's Huawei over telecoms. Security Product Liability Protections Emerge. 'Pixie Dust' attack cracks WPS in seconds : netsec.

Rapid7 Picks Up NTObjectives. The one killer app that could make us all want a smartwatch. Payload Mask v1.0 – Payload Generator for Bypass WAF. Social Engineering Defenses: Reducing The Human Element. FireEye reports 1Q loss. Health insurer Anthem's profit beats as Medicaid enrollments rise. A Day in the Life of a Stolen Healthcare Record. Social Engineering: Attackers' Reliable Weapon. OWASP ZAP v2.4.0 Released. US hospitals to treat medical device malware with AC power probes. What’s Your Security Maturity Level?

Licence to chill: Ex-CIA spyboss Petraeus gets probation for leaking US secrets to his mistress. Defense Secretary Outlines New Cybersecurity Strategy. RSA 2015: It's end of days for email forgers claim DMARC champions. The Current State of Insecurity: Strategies for Inspecting SSL Traffic. Pillage the Village - The PowerShell version : netsec. Don’t Be Fodder for China’s ‘Great Cannon’ Red team tradecraft for pen tests : netsec. TrueCrypt Not Plagued by Backdoors, Severe Design Flaws: Auditors. Check Point to acquire mobile security company Lacoon. Simple Phishing Toolkit (rebirth) : netsec. Auxilio to Acquire Redspin. 5 Breach Lawsuits Filed Against Premera. Reverse Shell Cheat Sheet : netsec. Former Tesla Intern Releases $60 Full Open Source Car Hacking Kit For The Masses.

Macro-based malware continues to gain traction.

Security Papers

Security Hardware. 2010 Incident Handling. Finally, A Decent Use Of Cloud Computing: Software Security. Automatic web encryption (almost) everywhere - The H Security: N.