Weekly Infosec News Brief 18-24 May
Cyber Security is Now the Top Worry of Most Financial Services Firms
In a recent survey conducted by the Depository Trust & Clearing Corporation, nearly half of financial services firms cited cyber security as their top concern in terms of risks faced by their organization. Eighty percent listed it among their top five risks. Where does your organization rank cyber security among your risks?
http://www.dtcc.com/news/2015/may/13/cyber-security-cited-as-number-one-risk-to-financial-markets.aspx
http://www.scmagazineuk.com/cyber-security-now-the-top-concern-for-financial-services/article/414885/
Many Android Devices Found to Not Fully Delete Data on Factory Reset
The factory reset function on a mobile device is intended to insure that a device no longer contains any data from the user, but a study published last week by Cambridge University researchers shows that in many cases this does not happen reliably. All of the 21 Android devices tested (various makes and models) retained at least some fragments of data. In 80% of the phones, researchers were able to recover the master token that grants access to the user's Google account(s). The findings appear to apply to "remote wipe" capabilities as well. Encryption with a strong password and overwriting of the device memory after wipe are two potential solutions for concerned organizations.
http://arstechnica.com/security/2015/05/flawed-android-factory-reset-leaves-crypto-and-login-keys-ripe-for-picking/
Google Releases Version 43 of Chrome, Fixes 37 Security Issues
The latest version of Chrome was released last Tuesday, and fixes 37 security vulnerabilities in the browser. The most noteworthy of these appears to be CVE-2015-1252, which allowed for code running in the browser to potentially escape the Chrome "sandbox" and run outside the context of the browser. Most Chrome installations will update themselves automatically; if your organization has a centrally-managed Chrome deployment, we recommend you test and install this update as quickly as possible.
http://www.scmagazine.com/chrome-43-patches-37-vulnerabilities/article/415884/
Information Security Workforce, Already Shorthanded, Needs to Double or Triple
According to James Trainor, the head of the FBI's Cyber Division, the rate of major data breaches has gone from several a month to several a week in recent years. He believes that the number of trained experts needed to deal with these threats is double or triple the number currently working in the field in the US. However, trained and experienced individuals in this area are already in high demand and short supply.
http://thehill.com/policy/cybersecurity/242110-fbi-official-data-breaches-increasing-substantially
In a recent survey conducted by the Depository Trust & Clearing Corporation, nearly half of financial services firms cited cyber security as their top concern in terms of risks faced by their organization. Eighty percent listed it among their top five risks. Where does your organization rank cyber security among your risks?
http://www.dtcc.com/news/2015/may/13/cyber-security-cited-as-number-one-risk-to-financial-markets.aspx
http://www.scmagazineuk.com/cyber-security-now-the-top-concern-for-financial-services/article/414885/
Many Android Devices Found to Not Fully Delete Data on Factory Reset
The factory reset function on a mobile device is intended to insure that a device no longer contains any data from the user, but a study published last week by Cambridge University researchers shows that in many cases this does not happen reliably. All of the 21 Android devices tested (various makes and models) retained at least some fragments of data. In 80% of the phones, researchers were able to recover the master token that grants access to the user's Google account(s). The findings appear to apply to "remote wipe" capabilities as well. Encryption with a strong password and overwriting of the device memory after wipe are two potential solutions for concerned organizations.
http://arstechnica.com/security/2015/05/flawed-android-factory-reset-leaves-crypto-and-login-keys-ripe-for-picking/
Google Releases Version 43 of Chrome, Fixes 37 Security Issues
The latest version of Chrome was released last Tuesday, and fixes 37 security vulnerabilities in the browser. The most noteworthy of these appears to be CVE-2015-1252, which allowed for code running in the browser to potentially escape the Chrome "sandbox" and run outside the context of the browser. Most Chrome installations will update themselves automatically; if your organization has a centrally-managed Chrome deployment, we recommend you test and install this update as quickly as possible.
http://www.scmagazine.com/chrome-43-patches-37-vulnerabilities/article/415884/
Information Security Workforce, Already Shorthanded, Needs to Double or Triple
According to James Trainor, the head of the FBI's Cyber Division, the rate of major data breaches has gone from several a month to several a week in recent years. He believes that the number of trained experts needed to deal with these threats is double or triple the number currently working in the field in the US. However, trained and experienced individuals in this area are already in high demand and short supply.
http://thehill.com/policy/cybersecurity/242110-fbi-official-data-breaches-increasing-substantially
Comments
Post a Comment