Week in review: First ever EU rules on cybersecurity, insider threats, and the new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news and articles:


New Steam escrow system drives impatient users to fake trading sites serving malware
On Wednesday, Valve introduced a new “trade hold” system that should prevent scammers from stealing items from Steam users’ hijacked account, or at least minimize the occurrence of such incidents. It was not welcomed by some users, and it didn’t take long for scammers to take advantage of this discontent.

Turn the Cyber Kill Chain against your attacker
Created by Lockheed Martin, the “Cyber Kill Chain” model has traditionally been used to describe the evolving stages of a cyber attack. However, if this model is applied to internal security processes it’s possible for an organization to identify a compromise and eliminate threats before they result in a security breach and data loss that could potentially bring down the entire business.

Whitepaper: Cyber Security Best Practices
This paper shows you how you can tap into the best threat intelligence solutions and what new ideas you can use in your organization to find the needle in the haystack that indicates hackers are at work.

(IN)SECURE Magazine issue 48 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 48 has been released today.

First ever EU rules on cybersecurity
Transport and energy companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity grid management, is robust enough to withstand cyber-attacks.

Personal info of 12+ million Dutch mobile phone owners easily accessible to hackers
Sijmen Ruwhof, a freelance IT security consultant and ethical hacker from Utrecht, recently stumbled across what turned out to be an example of how poor security practices of business partners can result in the compromise of a company’s customer data – in this case, the compromise of personal data of basically all Dutch citizens who own a mobile phone.

“Backstabbing” malware steals mobile backups via infected computers
In this day and age, our mobile devices carry more personal and business information than any other electronic device. Is it any wonder, then, that attackers want to have access to them? But sometimes they can’t find a way in, and opt for the second-best option: stealing mobile backup files from the victims’ computer.

Six trends that will further the development of the Internet of Things
Lasse Andresen, CTO at ForgeRock, talks about the death of the password, Chip to cloud (or device to cloud) security protection, privacy and security as a competitive differentiator, and more.

Tips for managing and securing SSH keys
A new NIST report raises awareness of the major vulnerabilities associated with SSH user key management and provides concrete steps for securing and protecting SSH systems and environments.

Millions of smartphones, IoT devices risk compromise due to 3-year-old bug
Can you believe that an estimated 6.1 million smart phones, routers, and smart TVs are vulnerable to remote code execution attacks due to security bugs that have been fixed back in 2012?

Whitepaper – Breach Response: How to Prepare for the Inevitable
Experts advise breaches are inevitable. The key to minimizing damage is preparation.
This whitepaper tells you what you need to know to be prepared for a breach, including the right breach mindset, response team composition, communication needs with employees and customers, legal notification requirements, and the technologies that can help.

Exploring the North American cybercriminal underground
Unlike counterparts in other countries, the North American underground encourages cybercriminal activity amongst novices and seasoned pros alike, according to Trend Micro.

How will billions of devices impact the Privacy of Things?
For while we’ve spent a lot of time worrying about the privacy of our data (and we should, we really, really should) we should also spend some time thinking about all those devices and how we can keep their communications private, too. Unsecured communications will be the bane of the IoT.

Inside job: 6 ways employees pose an insider threat
A list of some of the most egregious insider threats today’s enterprises face.

Nemesis financial malware kit gains bootkit capabilities, extra stealth
A threat group that steals mostly payment card data from financial services organizations has added a bootkit utility to their malware toolkit. This new capability assures the persistence of their malware in the target organizations’ systems even after OS reinstallation.

DDoS attacks increase 180% compared to a year ago
Although there were substantially more attacks, on average the attacks were shorter with lower average peak bandwidth and volume.

10 tips to help organizations stay secure this holiday season
Optiv Security shared a list of the top 10 things organizations can do to help them stay secure during the holiday season.

End-to-end encrypted database ZeroDB is now open source
Developers MacLane Wilkison and Michael Egorov changed the license from proprietary to AGPLv3 on Monday, and invited the public to use it: “Try it, build awesome things with it, break it. Then tell us about it.”

The impact of data breaches on customer loyalty
Nearly two-thirds (64%) of consumers worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen.

SQL injection has surfaced as the no. 1 attack in 2015
A new survey from Ponemon Institute finds that nearly 80 percent of enterprises say that their organization’s portfolio of applications has become more vulnerable to attacks.

Don't miss