[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
How to securely erase hard drives (HDDs) and solid state drives (SSDs)
HDDs
There are three approaches you can take to securely wiping hard drives.
SSDs
This is where things can get very complicated, and I could write reams about TRIM commands and garbage collection and so on. The problem is things get convoluted, which is when mistakes happen and your precious baby pictures or work project gets deleted. With that in mind, I’m going to keep things simple.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c8720a7622&e=20056c7556
More Java holes found in Google App Engine
A Polish security firm has discovered more vulnerabilities in the Java coding platform used on Google’s App Engine (GAE) cloud computing service, which could allow users to get access beyond their own virtual machines.
Three of the flaws allow complete bypass of the GAE Java security sandbox. Such a bypass could be used by attackers to glean information about the Java Runtime Environment as well as Google’s internal services and protocols to spawn further attacks on the GAE platform itself.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=65060ba838&e=20056c7556
Intelligence Driven Analysis Is The Key To Improved Cybersecurity
Security intelligence is the fusion of statistical models, machine learning, visualization and big data, and provides better analysis through: – Re-prioritization of alerts leading to remediation of right events
– False positive reduction
– Detection of advanced and hidden attacks
– Prediction of security failures or risk areas
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a486dd6dd3&e=20056c7556
Q&A: Data Privacy and Security in the Legal Industry
Data privacy is becoming more important, as the legal industry by nature deals with a great deal of potentially sensitive information. Traditionally, legal professionals have seen themselves as somewhat immune as experts, with their understanding of all the regulations and all the necessary safeguards. However, the increased overall focus on privacy and recent data breaches is affecting the legal sector just like any other. I’m seeing a lot of pressure recently for law departments, law firms, and legal vendors to catch up.
he most important consideration when dealing with privacy and security is understanding that it’s a fast-moving field. The definitions are changing. The laws are changing, both within the U.S. and abroad. So you need to be prepared for change and be flexible. Design your services, design your processes, design new technology with that in mind and be able to isolate information and treat it differently. The laws today may be different in two years, so just design and plan with that in mind.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=14355fc6cd&e=20056c7556
Cybersecurity information sharing: Industries join forces
When a new attack presents itself, it’s vital that you have the capability to properly detect it and begin cataloging the TTP information. Other companies can benefit from this type of data, and industries as a whole have more protection. Because many attacks begin with the same reconnaissance and delivery methods, collecting TTP information at the early stages of an event increases the probability that further detection will be successful, thus decreasing the damage that an attacker could cause.
Due to the value of intelligence information, numerous sources of TTPs and IOCs exist. Commercial technology providers, and consulting companies, are clamoring to provide the latest and greatest threat intelligence to mid- to large-size organizations.
For information sharing to be truly successful, there needs to be a champion or some key sponsor organizations willing to put forth the necessary effort to ensure its success.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fd02bf9982&e=20056c7556(UserUniverse:%201525579)_myka-reports@techtarget.com&utm_source=ERU&src=5389740 (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9c95bdadf6&e=20056c7556)
Accidental insider threats and four ways to prevent them
While the “malicious” insider threat will always be a concern, many may be surprised to learn that it isn’t the primary area of damage for most organizations today. The main point of compromise for many attacks today is the “accidental” insider.
It can’t be emphasized enough that the most important part of understanding accidental insider threats is that the non-malicious employees, partners and others with privileged access represent the greatest potential for malice, simply because of the ease with which the average person can be manipulated. The good news is that once an organization understands that the accidental insider is the greatest potential cause of insider-related damage, actionable steps can be taken to control and minimize the impact this risk has on an organization.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=57abf141c9&e=20056c7556 (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d3bce11fec&e=20056c7556(UserUniverse:%201525579)_myka-reports@techtarget.com&utm_source=ERU&src=5389740)
SQL Server 2016 to include R
In one of the first concrete results of Microsoft’s purchase of R vendor Revolution Analytics, R will be incorporated into SQL Server 2016, according to David Smith at Revolution Analytics. “SQL Server 2016 (which will be in public preview this summer) will include . . . the ability to run R within the database itself,” he posted on the Revolutions blog today.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fd8c183dba&e=20056c7556
G DATA Releases Malware Report for Second Half of 20149
New high in the defence against banking Trojans: the number of foiled attacks rose by 44.5 percent in 2014. An analysis of the Top 25 targets of banking attacks, carried out by G DATA security experts, has revealed that over 70 percent of the targets were in the USA, Canada and Great Britain. Only 4 percent of the targets were in Germany. Overall the analysts discovered over 4.1 million new malware strains in the second half of 2014. This brings the total for 2014 to almost 6 million new malware strains. The forecast of over 3.5 million malware types was far exceeded. The Malware Report is available immediately on the G DATA website.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4eb9e43fc4&e=20056c7556 (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=40fb2adfe5&e=20056c7556)
N.Y. to Propose Cybersecurity Regulations
In April, the New York State Department of Financial Services issued a report about significant third-party and vendor management risks that numerous banks throughout the state were failing to address (see Banks’ Vendor Monitoring Comes Up Short).
Now, just one month later, the head of the agency says he plans to propose by year’s end new cybersecurity regulations that would better ensure banks are addressing those risks. Plus, the agency may propose new requirements for stronger user authentication.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bfea938edb&e=20056c7556
Safari address-spoofing bug could be used in phishing, malware attacks
The recently published proof-of-concept exploit causes the Safari address bar to display dailymail.co.uk even though the browser is displaying content from deusen.co.uk. It works on fully patched versions of iOS and OS X. Malicious attackers might use the bug to dupe Safari users into thinking they’re connecting to a trusted site instead of one that’s phishing their login credentials or attempting to install malware.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1aff048f23&e=20056c7556
Every 4 Seconds New Malware Is Born
New research data out today shows that the rate of new malware variants released by malicious attackers continues to break records. According to the G DATA SecurityLabs Malware Report, new malware types were discovered less than every four seconds and 4.1 million new strains were found in the second half of 2014, an increase of close to 125 percent over the first half. Over the course of the entire year, nearly 6 million new malware strains were discovered. This is a 77 percent increase over 2013.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5cb79caafb&e=20056c7556
6 Steps for Adding WISP to Your Cybersecurity Strategy
Implementing a WISP can work to avoid a breach by identifying potential security failures before they occur. The act of preparing a WISP will require your company to analyze its existing practices and the types of breaches that are likely to occur, thus highlighting areas for improvement and prevention. A WISP also can minimize liability in the event of a breach by establishing beforehand a specific procedure to be followed and by demonstrating that your company attempted to protect its data and comply with applicable data security laws. In particular, regulatory agencies and state attorneys general often examine a WISP as an indicator that a company took reasonable steps to ensure data security.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5d5dce9a6f&e=20056c7556
Unusual IBM Breach Could Make Coverage Ruling An Outlier
Law360, Los Angeles (May 18, 2015, 8:51 PM ET) — The Connecticut Supreme Court’s ruling that an IBM Corp. contractor isn’t insured for $6 million in losses stemming from a traffic mishap that exposed IBM employees’ personal information gives insurers stronger footing to argue against coverage for data breaches, but the peculiar facts of the case could limit the decision’s effects, attorneys say.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=656f76cea3&e=20056c7556
Gallup survey proves millennials are most trusting generation for information privacy
Gallup on May 11, 2015 almost 44 percent of millennials in the US believe that the personal information they share with companies they do business with is kept private most of the time (or all the time). This survey was executed over the telephone by Gallup to 1,525 adults (aged 18 and above) in the US between February 23 and March 3, 2015. It is heartening to see some amount of trust being exhibited by a generation of young Americans.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b37dff8d22&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=51d2701865)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)