Shadow IT Findings From Recent CipherCloud Report

A recent survey conducted by CipherCloud revealed that the use of unsanctioned cloud applications, also known as shadow IT, is widespread. According to the company, 86 percent of the cloud applications used in an enterprise are unsanctioned, and nearly 80 percent of organizations believe they need better governance and visibility tools to address this problem.

"The extent of shadow IT indicates a gap in detection, the first step in the mitigation process," noted Pravin Kothari, founder and CEO of CipherCloud. "With this latest addition to our platform, we are enabling enterprises to gain deeper visibility and control in the cloud."
According to CipherCloud, Cloud Discover Enterprise Edition can help organizations avoid data breaches by identifying risky cloud applications that can become the source of an intrusion, detecting users and groups that utilize risky apps, and blocking high-risk applications. Tell us what you thinks about the results of this report here at the Cloud and Cyber Security Center.

ZDI: Just How Vulnerable is Internet Explorer?

The 4 new vulnerabilities reported by HP's ZDI once again raise questions about the integrity of IE. HP's Zero Day Initiative (ZDI) doesn't cut much slack with its 120-day disclosure policy. When ZDI knocks on your door and says you have a security hole, you get 120 days to fix it or risk full public disclosure. That's what happened -- again. With ZDI and Microsoft -- again.

Founded by Tipping Point, now part of HP, the ZDI tracks vulnerability threats to leading software products, web browsers, SaaS, on-prem software and the like. Let us know your thoughts about the security of IE here at the Cloud and Cyber Security Center.

Symantec Releases It's 2015 Internet Security Threat Report

The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.(http://www.symantec.com/security_response/publications/threatreport.jsp?inid=us_ghp_hero1_istr20). A key finding of this report indicates that ransomware attacks soared 113% in 2014. What do you see as the greatest threats for 2015? Send us your thoughts at the Cloud and Cyber Security Center.

Dyre Malware Has Struck 17 Spanish Banks

The criminals behind the highly successful Dyre malware are not taking a break. In fact, they are turning up the heat and have set their sights on 17 Spanish banks, and several European banks’ Spain-based subsidiaries. IBM Security X-Force researchers were able to analyze a new Dyre Trojan configuration file that followed the release of a new Dyre build. This is the first configuration that targets such a large number of Spanish banks. Previous versions only included three or five Spain-based banks on the victim roster, likely as a way to test the waters before moving to a more aggressive phase.
The analysis reveals that Dyre’s developers have expanded the capabilities and reach of the malware by updating its webinjections to match the new banks they are targeting in Spain. On top of its Spanish targets the Dyre gang sees opportunities in other Spanish speaking countries beyond Spain, attacking in Chile, Colombia and Venezuela. This is hardly surprising given that Spanish is the second most spoken language in the world. What is the best mitigation for this critical threat? Send your thoughts to us at the Cloud and Cyber Security Center.

Data Breach of 4.5 Million Patient Records at the UCLA Medical Center

Marking another high-profile data breach, hackers broke into UCLA Health System's computer network and may have accessed sensitive information on as many as 4.5 million patients, hospital officials said. This cyberattack at UCLA comes on the heels of a major breach of federal employee records and a massive hack at health insurance giant Anthem Inc. affecting 80 million Americans this year.

The intrusion is raising fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling. The revelation that UCLA hadn't taken the basic step of encrypting this patient data drew swift criticism from security experts and patient advocates, particularly at a time when cybercriminals are targeting so many big players in healthcare, retail and government.