Ex-RAC MD lends financial backing to car search and indexing engine Cazana

Robert Diamond, the former managing director of Motoring Services at the RAC, has become the latest automotive expert to lend financial backing to used vehicle database Cazana. The investment, which has come through Diamond’s Venture Capitalist organisation Fernbrook Partners, follows the recent arrival of ex Glass’ man Rupert Pontin and is part of a wider £1.75m boost for the business.

Read more

Big Banks To Miss UK’s Open Banking Deadline

HSBC, Barclays, RBS, Santander and the Bank of Ireland reportedly needed more time from the U.K. Competition and Markets Authority to comply with the Open Banking rules that would make it easier for their customers to switch banks, the publication said. The competition regulator has granted extra time for each of the financial institutions (FIs), ranging from a few weeks to a year.

Read more

Didi Chuxing Snaps Up $4 Billion To Expand Globally

China’s top ridesharing company, Didi Chuxing, has raised $4 billion in new capital as it aims to begin the next phase of its corporate life. This latest round adds to the $13 billion from investors, including Alibaba, Tencent and Apple, among others. The main focus of the latest funding, according to the firm, will be expanding the company footprint globally, further developing their electric vehicle initiative and investing more aggressively in artificial intelligence (AI) tech.
The latest investors in the round are, as of yet, unknown. Didi Chuxing has only noted, in a brief release on the round, that it was a global team effort: “Chinese and international institutions joined the latest fundraising round.”
The takeaway is that previous investors threw more money in, but numerous firms have invested in the ridesharing company, which makes it hard to narrow things down. There is news from anonymous sources that previous investors SoftBank and Abu Dhabi state fund Mubadala Capital helped out this time.
The latest infusion of funding jumps Didi Chuxing’s value to $56 billion — up from $50 billion in April. That might be enough to put Didi ahead of Uber in the race to be the most valuable ridesharing firm on Earth, depending on the outcome of Uber’s ongoing funding round. Uber is presently valued between $68 billion and $70 billion, but a recent investment from SoftBank came at a reported discount of 30 percent.
Didi is China’s ride-hailing leader by some margin, courtesy of its acquisition of Uber’s Chinese business. That deal was announced more than a year ago but is still pending full approval before its completion.
As of today, Didi is China’s only ridesharing firm, as services go, though it has invested in Uber rivals all over the world, including Lyft, Taxify, Careem and Ola in the U.S., Latin America, Europe, the Middle East and India respectively. The widely held belief is that physical expansion is soon to follow, but where it might start remains very much up in the air.
Didi was linked with an expansion to Mexico, and Bloomberg has been reporting that it is considering Taiwan to test out a “franchise model.”

Read more

Federal Appeals Court Revives Class-Action Suit Against Capital One

A federal appeals court has revived a proposed class-action lawsuit accusing Capital One Financial Corp. of imposing illegal overdraft fees on customers.
According to news from Reuters, the 2nd U.S. Circuit Court of Appeals in Manhattan said today that a lower court judge was wrong to dismiss a breach of contract claim. It also revived a claim under a New York state consumer protection law.
“We’re pleased with the outcome,” said Matthew Wessler, a lawyer for the plaintiff Tawanna Roberts, a Capital One customer in New York City. “Capital One illegally extracted overdraft fees for purchases that were made when consumers had enough funds in their accounts.”
Capital One did not respond to a request for comment.
While it’s common for banks to instate an overdraft policy, typically a fee of $35, when they pay merchants for purchases by customers with insufficient funds in their accounts, Roberts accused Capital One of illegally imposing overdraft fees when it settled transactions — the time it paid merchants — instead of when it authorized transactions at the cash register.
For example, if a customer with $100 in her account made five $10 purchases and then made a $100 purchase, she would face only one overdraft fee if the transactions were settled in order, but five fees if the $100 purchase were settled first.
Capital One told customers they could “elect to pay checks and other items drawn on your deposit account or to permit automatic bill payments and withdrawals against your account for an amount in excess of your available balance (an ‘Overdraft’).”
But the three-judge appeals court found it “equally reasonable” to understand the term “overdraft” as referring to Capital One’s decision to make a payment at the time of authorization, or the payment itself at the time of settlement.
As a result, it returned the case to U.S. District Judge Lorna Schofield in Manhattan for further proceedings. The appeals court upheld Schofield’s dismissal of three other claims.
The Consumer Financial Protection Bureau has said fees from U.S. overdraft policies and bounced checks totaled about $15 billion in 2016.

Read more

Foundational controls: The key to defending against cyberattacks

Cyberattacks are, without a doubt, one of the biggest threats organisations face today. New attack techniques emerge on a daily basis, and a recent piece of research from Beaming revealed that 52 per cent of UK businesses were hit by some form of cyberattack in 2016, which resulted in the loss of over £29 billion.Cyberattacks are rife, and with hackers motivated by a plethora of reasons – from money to politics – every organisation is a target.In the face of the immense growth of cyberattacks, it is now imperative that organisations have a good understanding of today’s threatscape and deploy the correct security controls to ensure their digital assets are comprehensively protected. However, due to the speed at which attack techniques are changing, it’s often more challenging than it seems.
The latest tools in a cyber criminal’s arsenal
In recent years cybercrime has grown into a billion-pound industry. Cybercriminals follow the money, and with so much valuable information now being hosted on the web there’s plenty of opportunity for profit. In order to be successful, however, criminals need to be innovative. They must constantly develop new attack techniques and altered malware variants to avoid detection from security products.With attackers working at this pace, organisations are under pressure to keep up, and ensure they are continually protected as attack tools evolve. In this year alone, we have witnessed a huge number of seemingly novel techniques, including sophisticated new pieces of malware, and ransomware variants like Petya and WannaCry. Organisations need to ensure they are protected against them all, which can be a major challenge. IT teams are often left confused, unsure if their current solutions protect against specific threats or whether they need to purchase expensive new products. In fact, a recent study from Tripwire revealed that 46 per cent of organisations have purchased security tools that failed to meet their organisation’s needs.In addition to the challenge of keeping up with known tools, because hacking techniques develop at such a high speed and it is hard to predict what cybercriminals have up their sleeves next. There is no way an organisation can guarantee 100 per cent protection. The same Tripwire study also revealed that 75 per cent of organisations do not believe that buying every security tool available on the market would enable them to fully protect their organisations, indicating the information security professionals are aware of this reality. The findings also suggested that the larger the company, the less confident employees are about cybersecurity tools fully protecting their organisations. For organisations with fewer than 1,000 employees, only 32 per cent felt they would be fully protected if they had invested in all the available security tools. This figured decreased in businesses with 1,000 to 5,000 employees to19 per cent and dropped even further with businesses that have more than 5,000 employees to 15 per cent.These findings highlight just how confused many organisations are today about the steps they need to take to protect against new and evolving attack techniques. Do they buy new solutions or try to make use of what they already have? And, more importantly, if all the security solutions available today can’t provide 100 per cent protection how can they operate their businesses safely?
Back to basics – The importance of foundational controls
It’s common in information security to look at the most recent innovative attack in the news and imagine that you need a shiny new tool to deal with it, however that’s not usually the case. Very often, the biggest bang for the security buck lies in making sure foundational security controls are in place. The fundamentals of finding and patching vulnerabilities, making sure systems are securely configured and monitoring your systems for change go a long way in maintaining a strong security posture.The benefits of strong foundational controls are supported by clear evidence. Recent events have shown that basic security controls can effectively protect organisations, even without the help of some of the latest tools on the market. The scale of attacks such as Heartbleed, WannaCry, and now Petya have been attributed to organisations using outdated and unpatched systems, rather than a lack of artificial intelligence, big data, or the next ‘next generation’ defensive tool. These high-profile attacks have highlighted that paying attention to basic security hygiene and ensuring foundational controls are in place can effectively fend off damaging attacks. Despite cybercriminals developing new attack tools on a daily basis, the core techniques used for compromise are most effectively addressed with foundational controls. Cybercriminals always need to have an initial entry point for their attacks to be effective. If an organisation stays up-to-date with patching against the latest vulnerabilities, hardens its systems, and had properly trained its staff about the dangers of phishing emails and ransomware, it lessens its attack surface. Key steps that organisations can take to ensure a strong foundation of security include:1. Know Your Attack SurfaceOrganisations should make sure they have visibility into the devices and software they have on their networks. Are there unauthorised devices on your network? Is there unauthorised or unmanaged software throughout the network, bringing risk into your environment? You have to know your environment in order to protect it effectively.2. Minimise Your Attack SurfaceNow that you know what’s on your network, make sure that all those devices, applications and operating systems are configured properly and securely. This control is about configuring your systems to a defined ideal and secure state (following cybersecurity best practices and your organisation’s own policies). This is often called “hardening” your systems, and doing so shrinks your attack surface. You can never entirely eliminate an attack surface, but you can get it to—and keep it at—a more secure level.3. Monitor Your Attack SurfaceNow you want to keep an eye on your systems for any changes and new risks. This includes checking for and fixing vulnerabilities, making sure secure configurations are maintained, managing administrative privileges, and paying attention to log data. Organisations should be able scan for vulnerabilities and prioritise the most critical and relevant results to address. Again, many successful breaches have been attributed to organisations failing to patch or mitigate known vulnerabilities. Misconfiguration is also a prevalent entry for attackers. After hardening your systems (as discussed above), you need to monitor them for any changes and ensure configurations stay in a secure state. Lastly, keeping track of administrative privileges and log activity will help you identify and investigate suspicious activity.Cybercrime is a key threat that organisations face today, and hackers are constantly developing new and innovative ways to launch attacks. However, in order to stay ahead in the game, organisations do not necessarily need to buy every new security product that comes on the market. Sometimes getting back to basics is the most important step. Foundational controls deal with the breadth necessary to manage risk in a changing landscape. New controls may become foundational over time, but the old ones largely remain core to successful risk management. Anytime there’s a new threat to deal with, rather than using it as a means to acquire new shiny objects, organisations should consider how it might be used to drive excellence in the foundational controls they already have today.Tim Erlin, VP of Product Management & Strategy, TripwireImage source: Shutterstock/GlebStock

Read more