[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Cybercriminals going back to ‘old school’ techniques: Dell
“Based on the data gathered by SonicWALL in 2014, what we’ve seen is a surge in point-of-sale (POS) malware variants and attacks targeting payment card infrastructures,” he said.
According to Johnston, Dell Software developed and deployed over three times more new POS malware countermeasures in 2014 than in the previous year, with the majority of these POS hits targeted at the US retail industry.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2ed814015f&e=20056c7556
10 of the best Linux distros for privacy fiends and security buffs
However, for the truly paranoid, privacy distros are only one part of the equation – and the greater part of that equation involves penetration testing distros. These are distros designed for analysing and evaluating network and system security. These efforts feature a vast array of forensic tools to help you test your configured systems for potential weaknesses.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f1b0115761&e=20056c7556
How to Deal with Unknown Files Effectively
Unknown files have become one of the biggest security threats to organizations, catching the attention of C-suite officers. Highly-publicized data breaches at brands like Target, Home Depot and Sony have raised awareness of the damage that unknown files can cause. What was once a simple computer virus has evolved into sophisticated malware that can be the basis for an advanced persistent threat (APT) attack designed to wrest sensitive data and wreak financial harm.
The simplest way to frame the issue is with the ‘three-file rule’, which argues that we can group files for security purposes into three types: the good, the bad and the unknown. Until recently, there have been two basic approaches for vetting files entering a system, each with limitations.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fad4094a92&e=20056c7556
Are you playing data security / compliance / privacy whack-a-mole?
Earlier this year, European Commission VP Andrus Ansip and commissioner Vera Jourová made a statement regarding the EU’s long-awaited data protection reform, confirming a commitment to pass the new laws by the end of this year. Unfortunately for the organisations that will need to adhere to these rules, there is still little available in terms of definite details. Up until now, some of the key details to be aware of are that companies will likely be expected to respond more quickly, being ready to notify their customers within 24 hours in the event of a breach, as well as the possibility of fines being raised to 5 percent of global turnover for noncompliance.
For companies concerned about privacy, they should be actively thinking now about how their data is organised and, in turn, how it is being protected. One thing we can presume is that the revamped data protection regulation will include a greater prescription for businesses to obfuscate ‘sensitive’ data. Given the definition of ‘sensitive’ is open to interpretation and will constantly change as more information about our lives is electronically stored, there is going to be a need for much more dynamic and powerful tools and systems for protecting data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6445f4516d&e=20056c7556
Don’t Fake It When It Comes to Securing Sensitive Data on Mobile Devices
While encryption is the driving force behind mobile device security (for laptops, in particular), it alone could do nothing to protect sensitive data from this once-authorized and still very much alive (ab)user – he had the credentials! You never know when data will be put at risk and you’ll want to remove access to it or wipe all sensitive data from a device altogether. Whether via careless negligence (the more common occurrence) or by the malfeasance of an administrator who’d go so far as to fake his own death for a free laptop, the right tools can really save the day.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e6d16568ee&e=20056c7556
Combating the Notorious Nine with Zero Trust Data Security
The Cloud Security Alliance surveyed industry experts to identify the top nine threats, which they labeled as the “Notorious Nine.” Before discussing solutions to these major threats, I’ll provide a brief description of each of them below.
End-to-end encryption is critical for combating the “Notorious Nine” threats – ultimately maintaining the most secure network. With encryption, even if firewalls or other safeguards fail, hackers will not be anything to do anything with the data due to a lack of keys. In addition, unlike other security protocols, such as Secure Socket Layers, encryption does not cause computer-intensive processing to function. Therefore, encryption provides the necessary security, without negatively affecting the end-user experience.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ec525ddafb&e=20056c7556
Economic Impact from a Company’s Data Breach – No Big Deal? Not So Fast!
A recent article in the Harvard Business Review found that “even the most significant recent breaches had very little impact on the company’s stock price.” Similarly, “actual expenses … amount to less than 1% of each company’s annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less,” according to a new analysis from a fellow at the Columbia School of International and Public Affairs.
What about the longer term? It is not clear to what extent corporate data breach victims incur damages that are not subject to data breach notification laws – e.g., losses from competitor or state-sponsored theft of intellectual property, customer lists, business plans, and other proprietary data that, while sensitive and valuable to the owner, may not contain personal identifying information. The incentives to protect access to this data may outweigh any notion that the costs of consumer data breaches are too low to justify additional investment in cybersecurity.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=88638d5f0a&e=20056c7556
New Linux rootkit leverages graphics cards for stealth
A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden.
The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs (graphics processing units) is a viable option. This is possible because dedicated graphics cards have their own processors and RAM.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e581c45011&e=20056c7556
Get ready: ‘Critical’ Adobe Reader patches coming on Tuesday 12 May
Windows and Mac versions of Adobe Reader XI (11.0.10, 10.1.13) as well as Adobe Acrobat XI (11.0.10, 10.1.13) will all need patching against (unspecified) critical vulnerabilities in the software. Adobe assigned these security bugs at a severity rating as “2”, one step down from its most severe rating.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=befbcc25c7&e=20056c7556
$7500 DDoS extortion hitting Aussie, Kiwi enterprises
New Zealand Internet Task Force (NZITF) chair Barry Brailey is warning Australian and New Zealand enterprises to be on the look out for distributed denial of service extortion attacks demanding payment of up to AU$7500.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0620b13b1c&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1d5b3e3240)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)