[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
4 no-bull facts about Microsoft’s HTTP.sys vulnerability
The latest Web server vulnerability affects desktop systems as well as Microsoft products
1. The problem affects systems that aren’t servers or even running IIS
2. It’s easy to exploit
3. This variety of attack has been used on other Web servers
4. You can easily check if you’re vulnerable
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=14fe1c4974&e=20056c7556
Journalists should make ‘”digital hygiene a habit”
The UNESCO report, Building Digital Safety for Journalism, is a valuable resource for those who are struggling to keep up with these challenges. It calls on journalists and editors to develop a security plan that makes “digital hygiene” as common as brushing their teeth.
The report offers a number of recommendations to ensure that digital security is taken more seriously. These range from calling on news organizations and journalism institutions to provide regular digital security training for journalists. For example, reporters should know how to secure data on a laptop if it’s stolen or confiscated, and news outlets need to adopt secure technologies for all information and file-sharing.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=557852f6c1&e=20056c7556
Brits warming to biometric technology for online banking access
In a survey of 2,090 UK adults conducted by YouGov on behalf of credit reference agency Equifax it was found that nearly as many consumers would prefer fingerprint recognition (31%) to gain access to online banking as would prefer passwords (32%). Two banks in the UK, the Royal Bank of Scotland and NatWest, have already implemented fingerprint recognition technology for logins due to customer demand for the service.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7cc80fd015&e=20056c7556
Infosec taking the strain as threats evolve and skills gap widens
Analyst forecasts of a 1.5 million shortfall of information security professionals by 2020 come amid reports of rising salaries, an ageing workforce and the inability to fill existing positions.
Organisations are increasingly struggling to manage threats, avoid errors and are taking longer to recover from cyber attacks, according to the 2015 (ISC)2 Global Information Security Workforce Study.
Frost & Sullivan estimates that the global workforce shortage will widen to 1.5 million in five years, while the variety and sophistication of cyber threats are expected to continue.
“The survey shows we are at an inflection point where it is probably going to get worse before it gets better, but we will not see that for at least a few more years,” he added.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c438e75856&e=20056c7556
DATA BREACH NOTIFICATION LEGISLATION MOVES FORWARD
The Data Security and Breach Notification Act of 2015, which was sponsored by Republican Rep. Marsha Blackburn and Democrat Peter Welch, was approved by the House Energy and Commerce Subcommittee on Trade in late March, and will now head to the full Energy and Commerce committee with amendments.
The bill requires that a business inform customers within 30 days if their data might have been stolen during a breach. The clock starts after the business has discovered the breach and conducted a good-faith investigation to determine if there’s a reasonable risk of identity theft, financial fraud or economic loss or harm, and restored the security of the breached systems.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2537566977&e=20056c7556
Iran Is Raising Sophistication and Frequency of Cyberattacks, Study Says
The evidence from the Norse report, along with analyses by American intelligence agencies, strongly suggests that Iran has made much greater use of cyberweapons over the past year, despite international sanctions. The attacks have mostly involved espionage, but a few, like the Sands attack, have been for destructive purposes.
The report, and a similar one from Cylance, another cybersecurity firm, make clear that Iranian hackers are moving from ostentatious cyberattacks in which they deface websites or simply knock them offline to much quieter reconnaissance. In some cases, they appear to be probing for critical infrastructure systems that could provide opportunities for more dangerous and destructive attacks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bef4699377&e=20056c7556
Security pros name their must-have tools
Secure file sharing is imperative for Lawyers Without Borders, a group that works with volunteer lawyers to advance human rights law in conflict-ridden regions. The nonprofit organization, headquartered in Hartford, Conn., uses Intralinks VIA to protect confidential legal documents and court papers from unsanctioned access.
Two other IT pros who shared their favorite products also hail from the healthcare industry: Josh Bauer, assistant director of network operations at Acorda Therapeutics, and Derek Grocke, service delivery manager at HAMBS.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2cff57804d&e=20056c7556
Incapsula Introduces New DDoS Downtime Calculator
Incapsula’s new DDoS Downtime Calculator is designed to help you assess the risks associated with an attack, offering case-specific information adjusted to the realities of your organization.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=543211e56d&e=20056c7556
PhishMe Unveils New Security Solution for Enhanced Visibility into Targeted Phishing Attacks
LEESBURG, Va., April 15, 2015 /PRNewswire-USNewswire/ — PhishMe® Inc., introduces PhishMe Triage, a new product offering that gives incident responders the analytics and visibility into email-based attacks occurring against their organizations in near real-time. The patent-pending technology, Triage, provides security operations center (SOC) analysts and incident responders insight into ongoing spear phishing attacks by automating the analysis and orchestrating the workflow associated with employee reported suspicious emails to reduce the detection deficit facing their enterprises. Triage is currently the only offering that leverages human intelligence inside the organization and turns conditioned employees, traditionally considered the weakest link, into the strongest detection asset for security operators.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=575cfd21f9&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=0fdd1fe013)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)