June #SecChat Recap: Findings from the 2016 Verizon DBIR

This year’s highly anticipated Verizon 2016 Data Breach Investigations Report (Verizon DBIR) analyzed cybersecurity findings from 100,000 incidents and 2,260 confirmed breaches, taking a deep dive into popular attack types and threats in 2015. During our June Twitter #SecChat, we discussed findings from the report, and examined prominent threats and their impact on industries. Participating in this chat were experts from Intel Security, Verizon, and other industry thought leaders. This lively conversation surfaced enlightening security insights and opinions. Here are some of the highlights:

Once again, phishing tops the list of attack vectors in the DBIR. Why do you think this method is so successful?

To start the chat, we asked participants for their take on phishing—one of the top attack vectors in 2015 according to the DBIR. Participants offered potential reasons for its success, as well as tips for prevention. Intel Security’s @Matt_Rosenquist stated that phishing continues to succeed due to ease of the attack, and novice skill-level needed for execution. @Marc_Spitler of Verizon followed up, emphasizing that all it takes is a single click for an attack to launch. Overall, experts suggested heightened security culture, education, and employee awareness as ways to mitigate this attack vector.


The DBIR shows a steep drop in market prices for stolen payment cards. Does that mean card theft will become unprofitable?

#SecChat participants expressed wariness around card theft, sharing ideas on why dark web prices may be plummeting. Intel Security’s @Raj_Samani pointed out that with the lower cost of attack has come a growing ROI—no signs of an unprofitable future. @jc_vazquez added that due to reduced profit from payment card theft, hackers have turned to stealing more valuable user data. @Matt_Rosenquist argued that a drop in market price relates to growth in supply, rather than a decline in demand—and that this threat type is still growing.


Consistent with headlines, the DBIR reports a significant increase in ransomware. How can businesses slow its growth?

#SecChat participants agreed that ransomware’s complex nature doesn’t lend itself to one simple solution. As the problem continues to evolve, the industry response remains diverse. @Securelexicon points out attackers’ growing customer service skills and diligence when picking targets—selecting those who will drive the highest return. @Raj_Samani agreed that the threat’s increased focus on targeting verticals is a growing worry, possibly more problematic than the original scattered approach. @Marc_Spitler proposed that the security community’s focus should shift to limiting ransomware’s impact, a more feasible approach than trying to slow its growth. In addition, @Zulfikar_Ramazan argued that a shift in security strategy is the true solution to the problem, with a refocus on the human element of the threat.

Our #SecChat provided some great insights from both the Verizon 2016 DBIR and the cybersecurity landscape as a whole. Thank you to everyone who joined the conversation! You can view the entire discussion on Twitter using the #SecChat hashtag. Be sure to follow @IntelSec_Biz to stay informed about upcoming chats!


The post June #SecChat Recap: Findings from the 2016 Verizon DBIR appeared first on McAfee.

Cisco Releases Security Updates

Original release date: June 30, 2016

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Symantec Releases Security Updates

Original release date: June 29, 2016

Symantec has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system and cause a denial-of-service condition.

Users and administrators are encouraged to review Symantec Security Advisories SYM16-010 and SYM16-011 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

High-severity bugs in 25 Symantec/Norton products imperils millions

(credit: LPS.1)

Much of the product line from security firm Symantec contains a raft of vulnerabilities that expose millions of consumers, small businesses, and large organizations to self-replicating attacks that take complete control of their computers, a researcher warned Tuesday.

"These vulnerabilities are as bad as it gets," Tavis Ormandy, a researcher with Google's Project Zero, wrote in a blog post. "They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption."

The post was published shortly after Symantec issued its own advisory, which listed 17 Symantec enterprise products and eight Norton consumer and small business products being affected. Ormandy warned that the vulnerability is unusually easy to exploit, allowing the exploits to spread virally from machine to machine over a targeted network, or potentially over the Internet at large. Ormandy continued:

Read 4 remaining paragraphs | Comments