DataSecure Inc

03/23/2020

Wow!!

02/10/2020

How about yours?

02/10/2020

How about you?

01/31/2020

Now you know

01/31/2020

Now you know!!!

01/24/2020

Have Stronger Password!

01/21/2020

Taking Cyber Threats Seriously

A cyberattack on a major US bank could have significant spillovers to other lenders, with serious implications for the whole financial system, according to research from the Federal Reserve Bank of New York.

The report models how a cyberattack on a single large bank, a group of smaller banks or a common service provider can be transmitted through the wholesale payments network.

The researchers estimate that a hit on a big five bank would affect more than a third of the assets in the whole network.

The extent of the amplification would be even greater if banks respond strategically, which, the authors argue, they are likely to do if there is uncertainty about the attack. Liquidity hoarding would have a dramatic impact on forgone payment activity, reaching more than 2.5 times daily GDP. High-value payment and settlement systems may be a natural candidate for a malicious attacker intent on inflicting the largest possible damage to the financial system and the broader economy.

01/16/2020

US judge has rubber-stamped a $1.38 billion settlement related to the massive 2017 data breach at Equifax - capping the amount available for cash payouts to victims.

As first reported by BankInfo Security, the federal judge has given final approval for a settlement that deals with a class action lawsuit against Equifax.

Mirroring an agreement reached between Equifax and the Federal Trade Commission last year, the settlement sees the tens of millions of Americans affected by the breach given the choice between free credit monitoring or a cash payment.

While the cash payment is nominally worth up to $125 per victim, in reality it is likely to be significantly less because of a £31 million disbursement cap on the total pool available.

With so many opting for the cash payment option, the FTC has urged people to instead take the free credit monitoring. Anyone wishing to take the cash has until 22 January to make a claim.

A far larger slice of the settlement - around $1 billion - is dedicated to making security upgrades in the wake of the breach, which compromised the personal information of around 145 million Americans.

A senate investigation found numerous failings by the credit rating agency both before and after the breach. The investigation found problems with Equifax's cyber-approach going back way before the breach. The firm had no standalone written corporate policy governing the patching of known cyber vulnerabilities until 2015.

Even when this was remedied and an audit found thousands of vulnerabilities, several issues were not actually addressed before the 2017 attack.

01/15/2020

What else...?

01/15/2020

01/15/2020

The U.S. Department of Homeland Security released a statement Tuesday ordering all federal agencies to patch the vulnerability and urging all Windows users to apply the security patch provided by Microsoft within 10 days.

The vulnerability, which is listed as CVE-2020-060, is a spoofing flaw that affects Windows' CryptoAPI, a component that handles cryptographic operations within the operating system. This part of the OS validates elliptic curve cryptography certificates, which allow for public-key cryptography, according to a Microsoft security advisory.

If left unpatched, a sophisticated attacker could use the vulnerability to fake digital certificates that are used as part of encrypted communications within Windows, according to Microsoft and the NSA. This means hackers could executive man-in-the-middle attacks or decrypt confidential data within applications, the company adds.

"An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source," according to the Microsoft advisory. "The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider."