Skip to content

CyberSecurity Institute

Security News Curated from across the world

Menu
Menu

From:Reply-To:To:Date:Message-ID:List-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; i=mail=3Dpaulgdavis.com@mail97.us4.mcsv.net;

Posted on August 30, 2016December 30, 2021 by admini

[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:

4 things to look for in a secure email gateway

While there are several secure gateway products and services available, selecting the one that addresses your needs best isn’t that easy. To evaluate secure email gateway solutions, you need to ask yourself a few questions about their features and capabilities. You can find answers to these questions by talking to the vendor, trying the solutions out, and from online forums or network discussions with people that have experience with the service providers you’ve shortlisted.

1. Protection from Evolving Threats

2. Customization & Integration

3. False Positive and False Negative Rates

4. Advanced Threat Protection

Also critical is the ability to provide dynamic malware analysis and sandboxing and file retrospection for the continuous analysis of advanced threats, even after they have traversed the email gateway. With these features, you can block more attacks, track suspicious files, mitigate the scope of an outbreak, and remediate quickly. Even with high block rates, no solution provides 100% protection and attacks that pass an initial inspection may later start to behave maliciously, so the ability to continuously track files and emails from the moment they hit the network is imperative.

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1211858e48&e=20056c7556

How to use threat intel to boost mobile security

The first step, according to Larry Whiteside, Jr., chief security officer of the Lower Colorado River Authority, is to make sure you’re getting the same level of log information from your enterprise mobility management (EMM)/mobile device management (MDM) provider as you would from your desktop security provider.

Bring threat intelligence feeds into your MDM system so you can use the intelligence about dangerous and malicious apps to upgrade your mobile threat defenses. That’s the recommendation of David Jevans, CEO, Chairman, and CTO of Marble Security, a provider of app security services. Often, you can bring in threat intelligence feeds to your MDM/EMM platform using an API from your MDM or threat intelligence platform provider, he says.

Threats against mobile devices are part of the larger threat landscape that enterprises face each day. Bringing together MDM/EMM with threat intelligence adds a cyber security overwatch to mobile security ensuring a more expedient response to rising mobile-centric cyber security threats.

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bf7228b2aa&e=20056c7556

Awoogah: Get ready to patch ‘severe’ bug in OpenSSL this Thursday

Sysadmins and anyone else with systems running OpenSSL code: a new version of the open-source crypto library will be released this week to “fix a single security defect classified as ‘high’ severity.”

The bug, we’re told, will be addressed in versions 1.0.2d and 1.0.1p of the software. The vulnerability does not affect the 1.0.0 or 0.9.8 series. OpenSSL is a widely used library that provides encrypted HTTPS connections for countless websites, as well as other secure services.

“These releases will be made available on 9th July. They will fix a single security defect classified as “high” severity. This defect does not affect the 1.0.0 or 0.9.8 releases.”

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fea2952339&e=20056c7556

SEBI lays out cyber security policy for stock exchanges [India]

To protect the securities market from cyber threats, regulator Sebi on Monday asked stock exchanges and other key entities to put in place necessary framework to safeguard systems, networks and databases from such attacks.

Asking all exchanges, clearing corporations and depositories to implement necessary changes within six months, Sebi said these Market Infrastructure Institutions (MIIs) need to have a robust cyber security framework to provide essential facilities and perform systemically critical functions of trading, clearing and settlement in securities market.

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=47a88b3283&e=20056c7556

Supply chain and breach response troubles haunt UK CISOs

In a survey of 73 cross-sector and anonymous CISOs in May, the ClubCISO group found a mixture of positive and negative news.

On the positive front, the report found that security awareness training programmes are more frequent, that there’s increasing interaction with senior executives as well as more independent information security budgets, while security staff retention increased by 33 percent year-on-year.

However, it also details numerous areas for improvement. For example, security bods complained that infosec is still seen as tick box exercise (only 34 percent regard it as an essential business function), and that it remains a subset of IT. Meanwhile, some see a reluctance to implement SIEM solutions, and there are problems with DLP and cloud security management, as well as falling confidence in BYOD programmes.

In the supply chain, there was a marked decrease in background checks on staff. The initial level fell from 40 percent (2014) to 23 percent, although ‘repeatable’ and ‘defined’ checks increased from 12 percent each to 23 percent and 20 percent respectively.

11 percent of CISOs now report to the board

Over 80 percent of UK businesses do not have a breach response plan.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=05be606346&e=20056c7556

Leak of ZeusVM malware building tool might cause botnet surge

The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according to a malware research outfit called Malware Must Die (MMD). The leak was kept under wraps by the researchers as they tried to stop the files from becoming widely available, an effort that ultimately exceeded their resources.

As a result, the group decided to go public with the information Sunday in order to alert the whole security community so that mitigation strategies can be developed.

ZeusVM, also known as KINS, is a computer Trojan that hijacks the browser process in order to modify or steal information from websites opened by victims on their computers. It’s primarily used to steal online banking credentials, but other types of websites can also be targeted as long as attackers list them in the configuration file downloaded by the Trojan from the Internet.

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9aac9abed5&e=20056c7556

============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)

If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)

** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=60dea9d09b)

** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)

Leave a Reply

You must be logged in to post a comment.

Recent Posts

  • AI/ML News – 2024-04-14
  • Incident Response and Security Operations -2024-04-14
  • CSO News – 2024-04-15
  • IT Security News – 2023-09-25
  • IT Security News – 2023-09-20

Archives

  • April 2024
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • April 2023
  • March 2023
  • February 2022
  • January 2022
  • December 2021
  • September 2020
  • October 2019
  • August 2019
  • July 2019
  • December 2018
  • April 2018
  • December 2016
  • September 2016
  • August 2016
  • July 2016
  • April 2015
  • March 2015
  • August 2014
  • March 2014
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • October 2012
  • September 2012
  • August 2012
  • February 2012
  • October 2011
  • August 2011
  • June 2011
  • May 2011
  • April 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • June 2009
  • May 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • February 2005
  • January 2005
  • December 2004
  • November 2004
  • October 2004
  • September 2004
  • August 2004
  • July 2004
  • June 2004
  • May 2004
  • April 2004
  • March 2004
  • February 2004
  • January 2004
  • December 2003
  • November 2003
  • October 2003
  • September 2003

Categories

  • AI-ML
  • Augment / Virtual Reality
  • Blogging
  • Cloud
  • DR/Crisis Response/Crisis Management
  • Editorial
  • Financial
  • Make You Smile
  • Malware
  • Mobility
  • Motor Industry
  • News
  • OTT Video
  • Pending Review
  • Personal
  • Product
  • Regulations
  • Secure
  • Security Industry News
  • Security Operations
  • Statistics
  • Threat Intel
  • Trends
  • Uncategorized
  • Warnings
  • WebSite News
  • Zero Trust

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
© 2025 CyberSecurity Institute | Powered by Superbs Personal Blog theme