Posted by Kevin on August 14, 2014.
The ITsecurity daily security briefing: Thursday August 14, 2014.
US companies in breach of EU-US Safe Harbor on PII
A filing submitted to the US Federal Trade Commission (FTC) on Thursday by the Center for Digital Democracy (CDD) claims Salesforce, Adobe, AOL, and other companies are “compiling, using, and sharing EU consumers’ personal information without their awareness and meaningful consent, in violation the Safe Harbor framework.”
US college improves security with awareness training
90% reduction in successful phishes (down from five or six per month to three in six months); less malware infections and fewer support calls. Case study.
BYOD in business continues to grow
41% employees use personal mobile phones and 37% use personal tablets: Infographic
Russian Prime Minister NOT resigning – Twitter account hacked…
“After the first tweet announcing the fake resignation (shared by thousands), others followed, containing messages against President Putin and his actions regarding the Crimea region.”
Mozilla’s Firefox Flame phone on limited deployment
The Android/Chrome competitor, produced by a company almost entirely funded by Google, “is currently on its way to developers who either are Mozillians, bought them or have created apps for it.”
PCI Security Standards Council issues Third-Party Security Assurance supplement
The Proskauer Rose Privacy Law blog has a brief summary: “A number of studies have shown that breach is tied increasingly to security vulnerabilities introduced by third parties. To combat such risk [PCI SIG has] created practical guidelines for how merchants and their business partners can work together to comply with the existing PCI standard and protect against breach.”
PCISSC document: https://www.pcisecuritystandards.org/documents/PCI_DSS_V3.0_Third_Party_ Security_Assurance.pdf
Thoma Bravo VC makes ‘significant’ investment in IAM company SailPoint
“Founded in 2005, SailPoint revolutionized the IAM market with its risk-based approach to identity management.”
Gemalto to acquire SafeNet
Gemalto (Euronext NL0000400653 – GTO)… has signed a definitive agreement to acquire 100% of the share capital of SafeNet… from Vector Capital for US$890 million on a debt free/cash free basis.
New Variant of Bugat Malware Borrows Lucrative Gameover Zeus Techniques
“…likely explanation is that the Bugat team could have analyzed and perhaps reversed the GOZ malware before copying the HTML injections that made GOZ so highly profitable for its operators.”
Increasing incidence of SVPENG mobile malware
“SVPENG is a piece of mobile malware that may well be the first PC-grade malware for mobile devices.” It uses an overlay attack that steals users’ credentials.