Press Room – Information Security and Data Privacy – w4#0916

1. Dridex Banking Trojan Now Targets Smaller Countries as Well

Recent versions of the Dridex banking trojan now target smaller countries that have not been previously targeted by Dridex or other trojans on a regular basis.

Banks in countries such as Estonia, Latvia, Lithuania, the Cayman Islands, Cyprus, Lebanon, and Liechtenstein have now joined similar financial institutions from classic Dridex targets such as the US, the UK, Canada, and Australia.

2. 320,000 Financial Records Apparently Stolen From Payment Processor

More than 320,000 financial records have been leaked, and while the information appears to have been stolen either from payment processor BlueSnap or its customer Regpack, neither of them admit suffering a data breach. (UPDATE: Regpack has confirmed that the leaked data comes from its systems)

3. Cyberattacks cost SMBs an average of $86,500

On average, a single cybersecurity incident now costs large businesses a total of $861,000. Meanwhile, SMBs pay an average of $86,500. To assess the state of the security landscape in the U.S. and across the world, Kaspersky Lab looked at the attitudes toward security, the cost of data breaches and the losses incurred from incidents.

4. Cybercrime-as-a-Service Economy: Stronger Than Ever

The cybercrime sector involves a rapidly growing services economy.

Police estimate that just 100 to 200 people may be powering the “cybercrime-as-a-service” ecosystem by developing the attack code and services that enable criminals who lack technical acumen to pay for their cybercrime will to be accomplished.

If you can think of a cybercrime service, chances are that it exists

5. Top five GDPR myths

At this moment, there are many misunderstandings surrounding the new GDPR legislation. These rules will affect any business that handles personal data, and therefore the majority of organisations in the UK, so owners are beginning to look into what GDPR will mean for them..

  1. GDPR will become irrelevant to British businesses once the UK leaves the European Union
  2. Responsibility lies with cloud and security providers – not the business
  3. German data can’t leave its borders
  4. Powerful countries like the USA can get access to data in other countries
  5. My business encrypts its data, so I’m compliant with security regulations

More …

6. SWIFT plans measure to help spot fraudulent bank transfers| Reuters

The SWIFT inter-bank messaging network plans to send daily reports to clients to help them more quickly identify unauthorized payment instructions like those used by hackers to steal $81 million from Bangladesh’s central bank in February.

Trillions of dollars worth of inter-bank payments are made each day using SWIFT messages but the Bangladesh theft and others which have came to light this year have knocked confidence in the supposedly super-secure system.

SWIFT said in a statement on Tuesday that from December it would begin sending ‘Daily Validation Reports’ to clients.

7. Yahoo confirms: hackers stole 500 million account details in 2014 data

500 million Yahoo users are discovering that not only might hackers know their names and email addresses (potentially helping criminals craft malicious attacks and phishing campaigns) but they also have their phone numbers and dates of birth.

8. Belgium unveils plans for its own highly intrusive Snoopers’ Charter

Belgium’s government has called for a bevy of intrusive surveillance powers. New capabilities included in the bill, which has been sent to Belgian parliament, include requiring Internet companies to cooperate with law enforcement agencies during their investigations; giving investigators the power to break into systems and access data, including by paying hackers to do so; and allowing undercover agents to break the law online.

According to a report in the Belgian newspaper L’Echo, the new bill requires communications service providers to help the authorities with their investigation, and specifically mentions WhatsApp and Viber as services that will be required to comply. That would seem to raise the problem of end-to-end encryption that other countries are grappling with, including the UK, but it is not clear what the Belgian government hopes to do here.

9. Juncker postpones controversial export control bill on surveillance technology

Jean-Claude Juncker intervened today (20 September) to postpone a controversial trade bill that would make it more difficult for EU countries to export surveillance software, marking the second time this month that the Commission chief pulled the brakes on a high-profile technology file.

The export control bill on so-called dual-use products was done and dusted and set to be presented tomorrow (21 September). But there was pressure from a group of commissioners, led by digital chief Günther Oettinger, to make changes that would ease the burden on companies seeking export controls for technology that can be used for surveillance.

10. Tesla issues software update after hackers report remote brake hack

From a distance of 12 miles, hackers from Keen Security Lab used a laptop to manipulate the braking system of a Tesla Model S.

The Keen Security Lab team reported their findings to Tesla before going public. Tesla has since issued an over-the-air software update.

11. EU ends anonymity and rules open Wi-Fi hotspots need passwords

Well done Pirates. Great result.

A campaign by Digital Rights activists to preserve open Wi-Fi hotspots has resulted in Europe’s highest court deciding the exact opposite. The ECJ has advised that open Wi-Fi hotspots should probably be operated password-protected – and hotspot owners should require users to reveal their identities.

12. Office 365 local datacenters now available in the United Kingdom

Today, reflecting our deep and continued commitment to make Office 365 the most trusted cloud service for productivity, we are announcing the general availability of Office 365 from multiple local datacenters in the United Kingdom. We are pleased to be the first global cloud productivity provider offering U.K. data residency for core customer data at rest.

Since October 2014, we have rapidly expanded our global cloud footprint and opened new datacenter regions in Japan, Australia, India, Canada and now the U.K. In addition to the highly secure productivity capabilities already enjoyed by Office 365 customers all over the world, these new data center regions add in-region data residency, failover and disaster recovery to help effectively address the legal, regulatory and compliance needs of customers in industries like banking, government, public sector and healthcare.

13. Microsoft Opens “Cloud Germany” with 2 New DCs — Azure und 365 über alles

Microsoft’s cloud: ready for Germany. Two new data centers now open for Azure IaaS/PaaS, with Office and Dynamics SaaS coming soon.

Germany is well known for its strict data-privacy laws. And it’s one of the largest economies in the European Union. So it was a sensible location choice after the UK DCs opened earlier this month.


Be the first to comment

Leave a Reply

Your email address will not be published.