[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Baidu Search Toolbar Tapped to Steal Data
The toolbar distributed by Chinese-language search engine Baidu is being targeted by opportunistic attackers and used to exfiltrate corporate secrets, says Rob Eggebrecht, president and CEO of security firm InteliSecure.
Baidu, like all major search engines, including Bing, Google and Yahoo, distributes a toolbar that can be used to speed up searches. But Eggebrecht says that multiple organizations have traced data breaches to an intrusion that began when outside attackers used the Baidu toolbar to sneak data-stealing malware into their enterprise. Without naming names, he says that one recent victim was a U.S. pharmaceutical firm, from which attackers compromised research and development work worth hundreds of millions of dollars.
His firm believes that the attacks trace back to individuals associated with the Chinese government. “Our take on it, not trying to directly pick on the Chinese, is that … when users hit certain links, attackers drop down … malware, or phone-home technology, that starts capturing information.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a49694e9dc&e=20056c7556
Do you need a cybersecurity attorney on retainer?
In-house counsel remains imperative for corporations, particularly for financial institutions, banks, and the healthcare industry. Corporate attorneys are learning more about the cyber security laws, but the number of industries who need cybersecurity attorneys has increased in the last five to 10 years.
Having the consultation of a cybersecurity attorney while developing an incident response plan is instrumental. Because time is not a friend in any breach situation, companies that have cyber security attorneys on retainer are better positioned to quickly and efficiently respond to incidents.
Being informed and knowing when to call upon the expertise of an outside attorney is a critical step in security. “Knowing industry technology standards is quite different from being able to interpret the law,” Cordero said. Having a cybersecurity attorney on retainer means, “not exposing your organization to additional risk that could result in collateral damage,” Cordero said.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6054eea4b1&e=20056c7556
Key Data Centre Trends for the Financial Services Industry
In this article, we examine the five key data centre trends that we believe shape and will continue to be priorities for the data centre in a financial services context, and how firms can plan data centre roll-outs that won’t compromise performance, security, or the customer experience.
The need for speed is paramount in the financial services industry. Bandwidth-hungry apps, mission-critical systems and high performance activities such as high frequency trading and digital transfers demand ever more throughput and capacity.
From the location of the data centre to the security measures in place, banks and financial institutions must be vigilant and ensure that security is built into servers as a core component. To put it simply, firewalls are not enough! In order to prevent against ever more sophisticated and complex data breaches, financial services firms need to build highly secure infrastructure with fine-grained control (including application level security), visibility and centralised automation from foundation to the application level.
Financial services companies are now looking for open, programmable SDN for the data centre.
In addition to selecting SDN and application-ready infrastructure, financial services customers must look for converged architectures that can manage application provisioning centrally and ensure that the Power Usage Effectiveness (PUE) level remains low. As an example, the latest generation of data centre servers are designed as converged platforms that combine high performance compute, network and storage access. To put it simply, converged infrastructure can significantly save costs, reduce management headaches, and offer a significantly lower data centre footprint for a greener environment.
With the average consumer cloud storage traffic set to reach 811 megabytes per month by 2018, compared to 186 megabytes per month in 2013 (Cisco Global Cloud Index, 2014), supporting the rise in storage needs and achieving better business outcomes will become increasingly complex. Critically, banks and financial institutions need to understand the amount and the nature of the data that their customers are generating in order to put the storage in place to support this growth. Only then will they be able scale and introduce new capabilities that can ultimately drive more revenue.
There is no denying that the data centre is the backbone of the financial services industry and holds the key to its growth. However, it is a complex relationship built on regulatory restrictions, security measures and an ambition to cope with the huge amount of data that is flowing through its network. The five key trends discussed demonstrate the power and possibility of the data centre and its impact on the financial services industry. As the data centre evolves to support the increasing need for data storage, financial institutions must embrace a more holistic approach adapting their infrastructure to suit the needs of the business. By doing so, they will be able to access and truly utilise the vast amounts of data they have at their disposal.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b999f826ee&e=20056c7556
Yahoo tackles large ‘malvertising’ campaign in its ad network
Yahoo said Monday it had removed malware from its advertising network, after malicious code there had gone undetected for at least six days.
The malware was found in Yahoo’s ads network at ads.yahoo.com, which runs ads across Yahoo’s sites like its finance, games and news portals, as well as Yahoo.com. Users may have come across the infected ads when visiting Yahoo’s sites.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e8f4e889cf&e=20056c7556
Lockheed Open Sources Its Secret Weapon In Cyber Threat Detection
The cybersecurity team at Lockheed Martin will share some defensive firepower with the security community at Black Hat this week with the open source release of an internal advance threat tool it has been using in house for three years now. Dubbed Laika BOSS, this malware detection platform is meant to help security analysts better hunt down malicious files and activity in an enterprise environment.
Laika BOSS is different than many malware detection tools due to its ability to essentially ‘atomize’ individual file elements for analysis, says Adam Zollman, a network defender for the company and one of the user/designers of Laika BOSS.
For example, if an email has a body and attachments, the tool will look at the email body itself, break out the attachments and then look at all of the components within the attachment file itself. Each step of this analysis is done by its own self-contained module. This ensures that the tool never tries to eat the proverbial elephant all in one bite.
The tool is now available on GitHub and Lockheed will be presenting technical details about it at Black Hat on Thursday.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b5e7d8a872&e=20056c7556
Organizations should focus data sharing post-incident, not attribution
Assistant US Attorney Ed McAndrew shares tips on what organizations should do after a breach has been discovered. The key is information, not attribution
McAndrew says that instead of focusing on who is responsible, organizations should resist this and direct their energies towards damage and data loss mitigation, while providing details to law enforcement so they can be the ones to determine who committed the crime, and what actions need to be taken against them – whether that is capture and prosecution or disruption and deterrence.
“Organizations should contact federal law enforcement agencies – particularly the FBI and/or the United States Secret Service. Network intrusions and resulting ID and IP theft are, by their very nature, interstate or international in scope. Cyber actors often victimize multiple organizations during the same time period. Both the cyber actors and the victims are often spread across multiple jurisdictions and countries,” McAndrew explained.
So when a breach happens, don’t focus on attribution, focus on recovery and mitigating the damage and data loss. After that, focus on getting the necessary information to law enforcement as quickly as possible, while starting the process of informing customers and those impacted within a proper time frame.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f0533df59a&e=20056c7556
3 Key Characteristics of a Hybrid Security Operations
With the hybrid approach, the solution can be set up quickly, has the flexibility to scale effectively and minimizes risks and unforeseen costs. The services provider offers extended resources to supplement your internal staff in the operation of the CPE SIEM environment. With a hybrid solution, the organization now has access to named resources to overcome staffing challenges.
Second, the services provider can provide broad threat intelligence resulting from their global visibility across hundreds and thousands of customer environments…
Lastly, the services provider can flex staffing to scale as the need arises or take on planned coverage and/or unforeseen resource requirements.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bed593309d&e=20056c7556
QEMU may be fro-Xen out after two new bugs emerge
The Xen project has revealed another two bugs in the QEMU hypervisor and is now wondering whether the extent to which it should support the buggy code.
The first of the flaws, CVE-2015-5165, means “A guest may be able to read sensitive host-level data relating to itself which resides in the QEMU process” and impacts “All Xen systems running x86 HVM guests without stubdomains which have been configured with an emulated RTL8139 driver mode”.
CVE-2015-5166 comes about “When unplugging an emulated block device the device was not fully unplugged, meaning a second unplug attempt would attempt to unplug the device a second time using a previously freed pointer.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5e4e258dad&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=fd85105bb4)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)