Weekly Infosec News Brief - 30 Apr-5 Mar, 2015
Citigroup Cyber Intelligence Report Highlights Risk of Attacks on Law Firms
Citigroup's cyber intelligence organization issued a report warning banks of the danger of cyber attacks on law firms. Law firms often hold large volumes of confidential data pertaining to their clients, and they have increasingly come under attack by cyber espionage actors. Two of the key concerns mentioned in the report were the relatively low standard of security at law firms generally, and the reluctance of law firms to disclose attacks; this makes it difficult to know the true scope of the problem.
http://www.nytimes.com/2015/03/27/business/dealbook/citigroup-report-chides-law-firms-for-silence-on-hackings.html?_r=0
https://digitalguardian.com/blog/law-firms-cyber-criminals-next-top-target
PCI Standards Group Releases New Guidelines on Penetration Testing
Penetration testing was introduced as a requirement for PCI compliance some time ago (depending on the organization size), but the standards didn't do much to define what the penetration testing requirement entailed. The PCI Standards group has recently released, however, guidance on what a good penetration test is, including recommended penetration tester qualifications and methodologies. One of the methodologies cited is the Penetration Test Execution Standard (PTES). PTES is the framework used by Anchor Technologies in our penetration testing services.
https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
http://www.darkreading.com/risk/pci-council-publishes-guidance-on-penetration-testing/d/d-id/1319646
Nearly 200 Google Chrome Extensions Deemed to be Malware
A UC Berkeley/Google research project found 192 Chrome extensions (five percent of those examined) that could be classified as malware. Does your organization have a policy regarding the use of browser extensions? These are often installable within the browser even by users without administrative privileges on their workstations and represent a major potential avenue for malicious code to slip past conventional defenses.
http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-chrome-extensions-says-many-are-malware/
http://www.pcworld.com/article/2904852/google-cracks-down-on-adinjecting-chrome-extensions.html
Citigroup's cyber intelligence organization issued a report warning banks of the danger of cyber attacks on law firms. Law firms often hold large volumes of confidential data pertaining to their clients, and they have increasingly come under attack by cyber espionage actors. Two of the key concerns mentioned in the report were the relatively low standard of security at law firms generally, and the reluctance of law firms to disclose attacks; this makes it difficult to know the true scope of the problem.
http://www.nytimes.com/2015/03/27/business/dealbook/citigroup-report-chides-law-firms-for-silence-on-hackings.html?_r=0
https://digitalguardian.com/blog/law-firms-cyber-criminals-next-top-target
Penetration testing was introduced as a requirement for PCI compliance some time ago (depending on the organization size), but the standards didn't do much to define what the penetration testing requirement entailed. The PCI Standards group has recently released, however, guidance on what a good penetration test is, including recommended penetration tester qualifications and methodologies. One of the methodologies cited is the Penetration Test Execution Standard (PTES). PTES is the framework used by Anchor Technologies in our penetration testing services.
https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
http://www.darkreading.com/risk/pci-council-publishes-guidance-on-penetration-testing/d/d-id/1319646
Nearly 200 Google Chrome Extensions Deemed to be Malware
A UC Berkeley/Google research project found 192 Chrome extensions (five percent of those examined) that could be classified as malware. Does your organization have a policy regarding the use of browser extensions? These are often installable within the browser even by users without administrative privileges on their workstations and represent a major potential avenue for malicious code to slip past conventional defenses.
http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-chrome-extensions-says-many-are-malware/
http://www.pcworld.com/article/2904852/google-cracks-down-on-adinjecting-chrome-extensions.html
Comments
Post a Comment