Some news, some true
Cyber attacks beat euro crisis as top risk facing banks, says Bank of England. U.K. banks consider cyber-attacks their biggest risk, even more than the euro crisis, Andrew Haldane, director of financial stability at the Bank of England, said. Mr. Haldane met with five major banks and four of them told him that cyber attacks were their main concern, Reuters reported. The management of this risk is somewhat in an early stage, Mr. Haldane said, and over the past five years focus on other risk factors might have distracted attention from cyber risks.
Senior politicians unite to issue call for data bill. The shelved Communications Data Bill would allow access to all Britons’ web browsing history Senior politicians from across the political divide have united to call for UK security services to be given greater internet monitoring powers. In a letter to The Times newspaper three former Labour home secretaries, three senior Tories and one Liberal Democrat urge changes. They say “coalition niceties” must not hinder counter terror efforts. A bill allowing the monitoring of all UK citizens’ internet use was dropped after Liberal Democrat opposition.
Chinese bootkit Guntior abuses Windows Help Center. Researchers at Sophos analyzed a recent version of the Guntior bootkit’s dropper and found that it utilizes a legitimate Windows executable file from Windows Help Center.
Open redirect vulnerability identified in Facebook. A researcher from illSecure.com revealed a low-risk open redirect vulnerability in Facebook.
BAE snaps up cyber security recruits. Almost half of the trainees recruited by BAE Systems this year will join the defence giant’s burgeoning cyber and security business as companies look to protect themselves against increasing cyber threats. BAE said hiring more people for its Detica arm reflected Britian’s growing need for cyber security and the cost of cyber crime to the UK. FTSE 100-listed BAE said on Tuesday that of the 293 graduates and trainees recruited by the company this year, 130 of them – 44pc – will join Detica, BAE’s cyber and security division. Alongside its more traditional defence business, BAE offers services to companies to help them collect and manage data, as well as manage risk and respond to breaches of cyber security and protect themselves in future. BAE said hiring more people for its Detica arm reflected Britian’s growing need for cyber security and the cost of cyber crime to the UK, which is currently estimated to be between £18bn and £27bn, according to the National Audit Office.
Cyber threat hunting service from Dell SecureWorks. Dell SecureWorks has launched a new Targeted Threat Hunting service aimed at finding cyber attackers who might be lurking in an organization’s network, intent on committing a breach. Using cyber intelligence and proprietary hunting technology from the Counter Threat Unit (CTU) research team, Dell SecureWorks experts will search an entity’s IT networks and host computers for evidence of a compromise, leveraging pre-determined intelligence of adversaries and their methods. The CTU Special Operations team will search for any indication hackers might be operating in the organization’s environment. If found, they will conduct an extensive study of the threat, outline a plan to eradicate the hackers, and put defenses in place to prevent them from re-entering.
UK cyber security ‘becoming more consolidated’, says ENISA. Attempts to consolidate all the various bodies that have some responsibility for the UK’s cyber security are making steady progress, according to the European Network and Information Security Agency (ENISA). The government has been heavily criticised in the last year for a “lack of cohesion” between the various UK organisations set up to work towards its cyber security strategy. Former head of the GCHQ and CESG, Nick Hopkinson, told Computing last year that there was a need for rationalisation between the organisations, as co-ordinating a policy and strategy would be a challenge when dealing with the numerous bodies involved. But a year on from Hopkinson’s comments, ENISA’s head of unit, resilience and CIIP, Dr Vangelis Ouzounis, has said that every country including the UK, is trying to consolidate their own strategy. “In every member state there are different distributions which have been developed for different purposes, now they all have slightly different responsibilities around cyber security and of course there are overlaps. Every country is trying to consolidate their national strategy and ENISA does not intervene because although we recommend the simplification and avoidance of overlaps, it is up to the member states [to take action],” he told Computing at ISACA Insights World Congress 2013, in Berlin. “The [different bodies in the UK] have been developing from the bottom up over the years, that is why there is this situation but I believe that the UK cyber security strategy is now trying to consolidate the agencies – things like the Cyber Security Centre will help it to do this,” he added. Ouzounis admitted that the lack of cohesion was a problem but said that on a positive note, the problem had been identified and the government was trying to fix the issue. He also said that while the US is “advanced” in its cyber security strategy, he did not consider the country’s strategy as a template for European countries to follow, stating that some European countries may even be more advanced, without specifying which countries he was alluding to. “There are other countries that are doing equally as well [as the US] or even better, having developed other concepts that are working well,” Ouzounis said. As for the UK, Hopkinson was not the only expert to criticise the bodies involved in the UK cyber strategy for a lack of cohesion. Former US cyber intelligence officer at the Department of Defence, Bob Ayers, told Computing that “people seem to be getting resources in the absence of a cohesive plan and an ability to force compliance with that absent plan, [the UK] seems to be doing a lot, but never confuse activity for achievement”. While Mark Brown, director of information security at Ernst & Young, added: “I think there are 27 ministers of the state who have part of security in their job title, can anyone tell me who the actual person is who is solely accountable? The answer that always comes back from government is ‘no'”.
After CNN patches vulnerability, diet spammers start abusing Ask.com flaw.Spammers abused an open redirect vulnerability in CNN’s Web site until the news organization closed the vulnerability. However, similar vulnerabilities in Ask.com and Yahoo continued to be used in the spam campaign.
McAfee says it made a mistake, Koobface worm not on the rise. McAfee acknowledged that it made a mistake in reporting that the Koobface worm has been on the rise, when instances of it have in fact decreased.
New variant of Bicololo malware disguised as legitimate antivirus app. Researchers discovered a new version of the Bicololo malware disguised as VIPRE Antivirus.
New Android trojan app exploits previously unknown flaws, researchers say.Researchers discovered a sophisticated Android malware dubbed Backdoor.AndroidOS.Obad.a that can be used to execute commands via a remote shell, send SMS messages, steal data, and download additional malicious apps.