[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Intel says GPU malware is no reason to panic, yet
Researchers from Intel division McAfee Labs teamed up with members of Intel’s Visual and Parallel Computing Group to analyze a proof-of-concept GPU malware program dubbed JellyFish that was released in March.
Their conclusion, which was included in McAfee’s latest quarterly threat report, is that running malicious code inside GPUs still has significant drawbacks and is not nearly as stealthy as its developers suggested.
While it’s true that there is a shortage of tools to analyze code running inside GPUs from a malware forensics perspective, endpoint security products don’t need such capabilities because they can detect the other indicators left by such attacks on the system.
Some of the defenses built by Microsoft against kernel-level rootkits, such as Patch Guard, driver signing enforcement, Early Launch Anti-Malware and Secure Boot, can also help prevent the installation of GPU threats.
Microsoft’s Device Guard feature in Windows 10, which allows only Microsoft-signed and trusted applications to run, can be particularly effective against such attacks, according to the researchers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ab48b1a933&e=20056c7556
States and Localities Consider Security as a Service
Cost savings are one obvious consideration, but so is the fact that state and local governments are finding it next to impossible to compete with the private sector for cybersecurity talent.
In a 2015 NASCIO state government IT workforce study, 67 percent of respondents said security was the most difficult position to fill and retain.
“Security is becoming highly specialized, and we are having a very difficult time finding appropriate people to do in-house security,” said Ralph Johnson, chief information security and privacy officer of King County, Wash., whereas a managed security services team often has the expertise and concentration he needs.
For example, King County uses a managed security service for its network log and security event management. “For me to appropriately run that with an in-house solution, I would have had to hire three staffers and that would have been their sole function,” Johnson explained. “That would cost me $1.5 million over five years.
I got a managed security product from a vendor that cost me $850,000 over the same time period.”
Although its IT structure is federated rather than consolidated, the Texas Department of Information Resources is planning to do a feasibility study for a statewide identity access management solution. “We will look at whether it makes sense to do that internally or if it is better suited as an outsourced, cloud-based service,” Block said.
But not all CISOs are comfortable with the idea of identity and access management in the cloud. “I don’t support outsourcing the keys to the kingdom,” said Agnes Kirk, CISO for Washington state. “That authentication and ID management are how we ensure we are protecting privacy and data entrusted to us.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7fec9efe49&e=20056c7556
Blue Coat Reveals the Web’s Shadiest Neighborhoods
SUNNYVALE, CA–(Marketwired – Sep 1, 2015) – Blue Coat Systems, Inc., a market leader in enterprise security, today revealed new research for consumers and businesses that shows the Top-Level Domains (TLDs), or “neighborhoods,” most associated with suspicious websites.
Among the key findings in the report are that more than 95 percent of websites in 10 different TLDs are rated as suspicious, with that percentage increasing to 100 percent for the top two highest ranking TLDs, .zip and .review.
Much has changed since the early days of the Internet when the Web had only six common top level domains (TLDs).
Back then, what most consumers and businesses encountered were a small number of standard TLDs, such as .com, .net, .edu and .gov, as well as some “country code” domains like .fr (France), and .jp (Japan).
However, since 2013, the number of new TLDs has skyrocketed.
There has been an explosion of new neighborhoods on the Web, many of which may be considered for web security purposes as neither safe nor friendly.
By June 2015, the count of validly issued TLDs stood at over one thousand.
As the number of TLDs has increased, so have the opportunities for attackers.
These TLDs, with high numbers of shady sites dubbed “Shady TLDs,” can provide fertile ground for malicious activity including spam, phishing, and distribution of Potentially Unwanted Software (PUS).
The report also reveals examples of nefarious activity taking place on shady websites of some of the top ranked Shady TLDs, including the fourth most seemingly dangerous neighborhood, .kim.
Blue Coat researchers recently discovered websites serving up pages which mimic popular video and image sites and prompt unprotected visitors to unwittingly download malware.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=962551106b&e=20056c7556
ThreatQuotient Announces General Availability of ThreatQ Threat Intelligence Platform
STERLING, Va., Aug. 31, 2015 /PRNewswire/ — ThreatQuotient, a threat intelligence platform provider, today announced the general availability of ThreatQ.
ThreatQ is the only Threat Intelligence Platform (TIP) that centrally manages and correlates unlimited threat data from external sources with internal security and analytics solutions for contextual, operationalized intelligence within a single pane of glass.
ThreatQuotient is also introducing Indicator Nurturing, unique to ThreatQ, which goes beyond enrichment to help customers tailor indicators of compromise (IOCs) more specifically to their infrastructure.
With ThreatQ, enterprises can finally improve their threat intelligence and security operations through an on-premise, vendor-agnostic platform that can import commercial, open source, and private or industry threat intelligence.
ThreatQ provides a seamless integration with existing security solutions to enrich and nurture indicators, and turn multiple data sources into operationalized intelligence.
ThreatQ’s General Availability will offer customers several unique benefits, including:
– Indicator Nurturing – ThreatQ goes beyond enrichment and actually nurtures indicators to help customers tailor indicators of compromise (IOCs) more specifically to their infrastructure.
– Extensible Intelligence Platform
– Flexible Scoring Engine
– Central Search Engine for Intelligence
– Aggregated Visualization
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1c59bebfd6&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=fe22a4ce2a)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)