Report: CVSS scores are "weak foundation" for assessing vulnerabilities

Cheap hacking tools raise specter of massive DDoS attacks | PUF chips have an extra layer of cybersecurity | Facebook, Google fight change to email privacy bill Created for {EMAIL} | [Web Version] June 9, 2016 [Â] [Data Security & Privacy SmartBrief] [SIGN UP] ⋅ [FORWARD] ⋅ [ARCHIVE] Top Story [Cheap hacking tools raise specter of massive DDoS attacks] Businesses are reporting an increase in large distributed-denial-of-service attacks, with almost four times as many exceeding 100 Gbps reported in the first quarter of 2016 compared to the same period last year. Experts blame the rise of large-scale DDoS hacking on the easy availability of cheap software tools known as botnets that can be obtained on the internet and used by hackers with little expertise. [PCWorld/IDG News Service] (6/7) [LinkedIn] [Twitter] [Facebook] [Google+] [Email] Data Security & Privacy [PUF chips have an extra layer of cybersecurity] [Many older consumers rely on credits cards for financial survival] (Matt Cardy/Getty Images) Certain chips going into credit and debit cards have a physically unclonable function, making it more difficult to hack into the chips for criminal purposes. Boris Kennes of Intrinsic-ID says, "Each chip is born with unique characteristics that are completely uncontrollable and different, just like a fingerprint." [New Scientist] (6/8) [LinkedIn] [Twitter] [Facebook] [Google+] [Email] - [Facebook, Google fight change to email privacy bill] The Hill (6/7) Cyber Risk [Report: CVSS scores are "weak foundation" for assessing vulnerabilities] The Common Vulnerability Scoring System is a "weak foundation" for assessing cybersecurity vulnerabilities when it stands on its own, a NopSec risk management report states. "Vulnerability management and mitigation can be more effective and prioritized on vulnerabilities used by malicious attackers in the wild where critical assets are exposed," said FireEye Labs' Geok Meng Ong. [ZDNet] (6/7) [LinkedIn] [Twitter] [Facebook] [Google+] [Email] [Courts sending mixed message about cyberinsurance payouts] Two recent federal court decisions are sending mixed messages about cyberinsurance payouts to cover fees related to credit card breaches at merchants. If cyberinsurance won't cover fraud-related costs, merchants will be less likely to sign up for policies, experts say. [BankInfoSecurity.com] (6/7) [LinkedIn] [Twitter] [Facebook] [Google+] [Email] By the Numbers [Survey: Reactive approach to cybersecurity leads to increase in health data loss] A survey from Raytheon and the Ponemon Institute revealed that almost two-thirds of health care organizations seek a cybersecurity vendor only after a data breach, which has led to an increase in data loss. Researchers found that the overall main reasons for engaging a data security vendor include a lack of in-house data security technologies, improvement of security postures, and recruitment and retention of IT talent. [Health IT Security] (6/6) [LinkedIn] [Twitter] [Facebook] [Google+] [Email] Practice & Policy [How benefits administrators can boost cybersecurity] Most -- but not all -- health care data breaches are targeted criminal attacks in search of personally identifying information, writes Tom Pohl. Benefits administrators can reduce the threat by educating employees, ensuring that software is tested and validated, minimizing insider threats and automating processes to reduce the risk of human error, Pohl suggests. [BenefitsPro.com] (6/6) [LinkedIn] [Twitter] [Facebook] [Google+] [Email] - [Don't wait to develop a cybersecurity policy] Small Business Trends (6/3) AllClear ID News 4 steps to respond more effectively after a data breach The most thorough preparation pre-breach won't matter if your response team is derailed by emotions like denial, tunnel-vision and anger. [Download this whitepaper], Factoring the Human Element Into Your Data Breach Response, to learn which emotions are most likely to derail your team and steps you can take now to be ready to address them during a crisis. [LinkedIn] [Twitter] [Facebook] [Google+] [Email] Is your team ready for a data breach? As data breaches increase in scale and frequency, businesses must prepare today to ensure an effective, customer-focused response. Consumers, regulators and the media want a well-orchestrated response launched just days after a data breach, and preparation in advance is critical to success. [Download this Incident Response Workbook] and learn: - Key considerations for data breach preparation and customer notification - Best practices for the customer-facing aspects of data breach response - Recommendations for planning and executing a well-orchestrated response [LinkedIn] [Twitter] [Facebook] [Google+] [Email] Learn more about AllClear ID: [About AllClear ID] | [AllClear ID Breach Response] [AllClear ID Resources] People seldom improve when they have no other model but themselves to copy. Oliver Goldsmith, writer [LinkedIn] [Twitter] [Facebook] [Google+] [Email] [Sign Up] [SmartBrief offers 200+ newsletters] Subscriber Tools: [Manage Subscriptions] [Update Your Profile] [Unsubscribe] [Send Feedback] [Archive] [Search] Contact Us: Editor - [Amanda Gutshall] Mailing Address: SmartBrief, Inc.®, 555 11th ST NW, Suite 600, Washington, DC 20004 © 1999-2016 SmartBrief, Inc.® [Privacy policy] | [Legal Information] Â