Infosec Weekly Round-up September 09 – 16, 2012

10 Steps to Cyber Security

“The actions and measures detailed in each of the advice sheets collectively represent a good foundation for effective information risk management. The degree of implementation of these steps will vary between organizations depending upon the risks to their individual business, however , GCHQ’s recommendation is that Boards should require their CIO and CISO to be able to articulate why a particular measure is not applicable.”

http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1121-10-steps-to-cyber-security-advice-sheets.pdf

GoDaddy Outage Takes Down Millions of Sites, Anonymous Member Claims Responsibility

Anonymous group claimed their responsibility to breach GoDaddy, but  after investigation the company informed that the service outage was due to a series of internal network events that corrupted router data tables :

http://techcrunch.com/2012/09/10/godaddy-outage-takes-down-millions-of-sites/

Hacktivist group #Antisec releases a million Apple device IDs, wonders why FBI had them

“#Antisec, The loosely-organized black hat security collective formerly known as Lulzsec has released a file containing a million and one (1,000,001) Apple Unique Device Identifications (UDIDs), and their related APNs (Apple Push Notification Service) tokens, as well as a certain amount of personal user information. The group claims the information was not taken from Apple directly, but rather though a vulnerability exploit on FBI Agent Christopher K. Stangl last March.”

http://betanews.com/2012/09/04/hacktivist-group-antisec-releases-a-million-apple-device-ids-wonders-why-fbi-had-them/

The geography of cybercrime: Western Europe and North America

“The Internet knows no borders, but according to our data, cybercrime has specific ‘geographical features’. In different parts of the world cybercriminals launch different malicious programs, their attacks have different priorities and they use different tricks to make money. “

https://www.securelist.com/en/analysis/204792244/The_geography_of_cybercrime_Western_Europe_and_North_America

PCI Mobile Payment Acceptance Security Guidelines

“The PCI Security Standards Council (PCI SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The rapid development of payment-acceptance propositions using mobile technologies has led PCI SSC to consider its approach to provide guidance to secure all implementations.”

https://www.pcisecuritystandards.org/documents/Mobile%20Payment%20Security%20Guidelines%20v1%200.pdf

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share
You can leave a response, or trackback from your own site.