Wednesday, June 29, 2016

Cybersecurity and FinTech: #CIGTR2016 Summer courses


As is tradition every year, the Research Center for Technological Risk Management (CIGTR) is organizing its summer course, Cybersecurity and FinTech. The course will take place from 4 to 6 July, both inclusive, at the Teatro Real Carlos III de Aranjuez and will feature the participation of leading experts. They will be put on the table interesting topics such as FinTech disruption in financial regulation, how new technologies can help regulatory compliance or tracking payments ransomware with bitcoins.


Fuente: FinTech Futures The UK as a World Leader in Financial Technologies 

FinTech is, according to Wikipedia, the contraction of the English words finance and technology. Enclose services or financial companies that leverage the latest technologies to create innovative products.The  46.2% of finance professionals in Spain use any software or product Fintech in your company, according to the "Report Fintech Captio & ASSET"


Monday, June 27, 2016

Pete Herzog: "Firewalls, anti-virus and security campaigns don't work"

Pete Herzog. Co-creator of Open Souce Security Testing Methodology Manual.


Pete Herzog is the co-founder of ISECOM, along with his wife, Marta Barceló, and co-creator of the renowned Open Source Security Testing Methodology Manual, with 6 million downloads annually. The qualitiy and quantity of their projects says a lot about this real hacker who lives in Catalonia. He currently teaches classes online and in the past has taught at La Salle University's Masters in Cybersecurity as well as Business Information Security for the MBA program at ESADE.

- Why are you in cybersecurity?

- I'm a hacker so most of my time is spent researching why things work the way they do and how to take control of them. My focus changes and broadens constantly as I hit areas which can't be answered yet and I need to either dig deeper or find an alternative solution. It leads into interesting areas that affect security such as developing an unbiased measurement of trust and now how to determine intent.


Friday, June 24, 2016

Most read of the weeek: ransomware, fraud and passwords

Our most read of the week are focused on three: a new ransonware to rob Bitcoin, more and more "fraud to CEO" victims, with million dollars global loses and a brute-force network attack with a million IP addresses against two financial institutions.  

Our recommended most read new has been the investigation of Trend Micro about a new ransomware virus, RANSOM_JSRAA.A, one of the few isn't executable but a script, designed specifically to interact with browsers. According to Trend Micro, in addition of encrypt files like the rest of ransomware, it can steal passwords and Bitcoin wallets.


Wednesday, June 22, 2016

More than the half companies are vulnerable to mail spoofing

 It's the biggest tool for the feared "Fraud to CEO": the possibility of  impersonate the emails of high positions to send orders to their employees, like transfer millions without thinking. More than the half of the top 500 Alexa domains are vulnerable to the impersonation of the other people or entities emails , better know as "email spoofing".

According to SecurityWeek, the security sign Detectify has detected that more than the half of the top 500 domains according to Alexa are vulnerable to this attack, concretely 276 of the 500 domains, because their owners don't have the email servers well configured. The "email spoofing" is a fundamental tool for spam, frauds and, in general, all kinds of phishing, includes the spear phishing.


Monday, June 20, 2016

"The 'retailers' grasping for straws"




US is having a passionate debate regards regulations and cybersecurity measures to be taken by various industries, depending on the risks for each are assumed to exist. If such a budget deal is not already a risk. In the context of this debate, we want to echo today, Monday interviews in CIGTR, a recent talk between the Infosecurity specialized group and senior vice president and responsible for cybersecurity in the Association of bankeros American (AMA), Doug Johnson.

The interview, just over 10 minutes we recommend to hear in full, is hanger rejection of the Association of Industry Leaders Retail (RILA) US to the legislative proposal intended that these comercianets adopt the same cybersecurity standards than banks. According to retailers, this claim is unfair (see about us claim not join the safety of banks). This rejection was formalized in a letter to Congress objecting to the provisions of the Security Act Data 12015, also known as H.R. 2205.


Friday, June 17, 2016

Hack,malware ,filtration.....Who benefits?

The magic question is "cui prodest": who benefits. Because humans are like that.With rare exceptions when we do something its because we get something in return. Knowing who benefits from a hack malware or filtration gives to all sorts of speculation beyond our mandate, but good to have this question present to help understand the actuality that surrounds us .This week, like most, he has been full of good news.


We should ask ourselves who benefits, for example, the Democratic espionage US Committee regarding his rival Donald Trump: two hackers groups linked to the Russian government, whose president has shown on occasion admiration for the Republican candidate. ¿Commissioned espionage Trump environment? What did Hilary to discredit him? Was thing the Russian government? Is there anyone behind? Anyway, it is one of the most shocking headlines of the week, if only because the US presidential league career with the need for awareness on cybersecurity.


Wednesday, June 15, 2016

Leave the mistake; cybersecurity and business go hand in hand

That to be wrong its human is something that we know from the time of Julius Caesar. But what is evil is to voluntarily persevere in the mistake, as well left written St. AugustineIf you are still those who think that cybersecurity and business do not go together, a recent survey of Centrify comes to you out of the mistakeIf you continue thinking in these mistake is already yours.But the truth is that it would be diabolical....for yourself.  

Typically if you have a business is that you be hacked sooner or later; and you can even forgive him. But beware you will lose part of your business. Being hacked does not free. The consumers know that "normal" is for someone to access your data illegally, to stop your services inoperative time or has any security breach that someone explode. But that does not mean it is acceptable. The study of 2.400 adults surveyed, one-third in the US, one in the UK and a final third in Germany. 


Monday, June 13, 2016

Mónica Valle: "My privacy and intimacy are my rights"

Mónica Valle. Director of Globb Security.

Mónica Valle is the host and co-director of the television program "Mundo Hacker", which is broadcast on the channel TVE La 2 on Saturday mornings. Madrid, 30, studied Audiovisual Communication, Advertising and Public Relations and two years ago it was released in information security, presenting the only program on Spanish television which talk about computer security.

Behind the beauty of Monica hides an intelligent woman, alongside sweet, which brings its own style to the growing roster of women who not only are, but also stand out in the cyber security community.


Friday, June 10, 2016

The most read of the week: ransonware and more ransonware

The malware code known as ransonware increasingly resembles a biblical plague whose end is not clear. As more news about new cases, also it increases the curiosity of our readers on the subject. This is evidenced by our ranking of most read news this week.



Our summary of the increase in ransomware, with the latest figures, marking growth of almost 700% in the last three months, it was definitely our most read this week information. Very useful for researchers is the development of a detailed list of more than 120 families of ransomware that, according to Bart Parys, security researcher who has participated in the creation of this list, it succeeds because "the return on investment is high."



Wednesday, June 8, 2016

The brutal increase of ransomware continues: there are more than 120 families

Phishing and malware campaigns, specially ransomware, have experimented an amazing increase the first three months of the year, estimated on 789% by the company PhishMe. Other people talk about an increase of 3.500% in the infrastructure and network use to support the ransomware campaigns. A group of independent researchers has created a database of all the specimens of ransomware known until now, which already has more than 120.



This database, with every technical detail to facilitate the work to researchers, is increasingly growing and now 124 variant have been already catalogued. From virulent specimens like Locky or Cryptolocker, controlled by individual bands, until others used by people who but the service in the black market and they haven't got any experience on computing. Bart Parys, security investigator who has taken part in the creation of the database about the different ransomware families, explain the ransomware success secret is "the return of the investment is high".


Monday, June 6, 2016

The CEO of SWIFT says he expects "more hacking surprises"

The executive chief of interbank messaging system SWIFT said in an interview with the British media that are expected more news about theft as those suffered recently by several banks, where confidence in the SWIFT system was compromised. The reason, according Gottfried Leibbrandt, CEO of SWIFT, is that it will take years to assemble and improve the defenses of this system.


Leibbrandt made these not much optimistic statements in the London office of the Cooperative Society for Worldwide Interbank Financial Telecommunication (SWIFT): "We do not believe that this issue will be solved in one night, although we will seek ways to improve it in the short term, with some quick moves". But the full deployment, he said, will be a matter of years".


Friday, June 3, 2016

Most read of the week: interviews

Clearly, if we have learned anything in CIGTR this year is that our fans are great readers and followers of interviews. Two monopolize the most read content this week: our traditional interview of Monday, this time with Alberto Hernandez, Director of Operations of the National Institute of Cybersecurity (INCIBE); and an interview with the newspaper "El País" had with John Lyon, founder of the International Cyber Security Alliance

But while the interviews are the great hobby of our readers, the statistics show us that their main interest is to learn to defend themselves from the dangers that hides the network, because they do not want to be knownand are effectively hidden, either because our status of digital non-native does not allow us to see them.


Wednesday, June 1, 2016

Millions of dollars were lost in 2015 with the "Fraud CEO" according to the FBI

The Claims Center for Internet Crime (Internet Crime Complaint Center) of the Federal American Bureau of Investigation received in 2015 the amount of 288,012 complaints, with a total of over a billion dollars in losses, according to the newly introduced "2015 IC3 Report ". This figure should be assessed taking into account that only 15% of crimes go unreported.

The Internet Crime Complaint Center received an average of 800 complaints per day during the past year. By defrauded amounts include the so-called Fraud CEO or Corporate Commitment Mail (Business Email Compromise), Commitment Email and Ransomware virus type.