[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Cybercriminals going back to \u2018old school\u2019 techniques: Dell<\/p>\n
\u201cBased on the data gathered by SonicWALL in 2014, what we\u2019ve seen is a surge in point-of-sale (POS) malware variants and attacks targeting payment card infrastructures,\u201d he said.<\/p>\n
According to Johnston, Dell Software developed and deployed over three times more new POS malware countermeasures in 2014 than in the previous year, with the majority of these POS hits targeted at the US retail industry.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2ed814015f&e=20056c7556<\/p>\n
10 of the best Linux distros for privacy fiends and security buffs<\/p>\n
However, for the truly paranoid, privacy distros are only one part of the equation \u2013 and the greater part of that equation involves penetration testing distros. These are distros designed for analysing and evaluating network and system security. These efforts feature a vast array of forensic tools to help you test your configured systems for potential weaknesses.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f1b0115761&e=20056c7556<\/p>\n
How to Deal with Unknown Files Effectively<\/p>\n
Unknown files have become one of the biggest security threats to organizations, catching the attention of C-suite officers. Highly-publicized data breaches at brands like Target, Home Depot and Sony have raised awareness of the damage that unknown files can cause. What was once a simple computer virus has evolved into sophisticated malware that can be the basis for an advanced persistent threat (APT) attack designed to wrest sensitive data and wreak financial harm.<\/p>\n
The simplest way to frame the issue is with the \u2018three-file rule\u2019, which argues that we can group files for security purposes into three types: the good, the bad and the unknown. Until recently, there have been two basic approaches for vetting files entering a system, each with limitations.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fad4094a92&e=20056c7556<\/p>\n
Are you playing data security \/ compliance \/ privacy whack-a-mole?<\/p>\n
Earlier this year, European Commission VP Andrus Ansip and commissioner Vera Jourov\u00e1 made a statement regarding the EU\u2019s long-awaited data protection reform, confirming a commitment to pass the new laws by the end of this year. Unfortunately for the organisations that will need to adhere to these rules, there is still little available in terms of definite details. Up until now, some of the key details to be aware of are that companies will likely be expected to respond more quickly, being ready to notify their customers within 24 hours in the event of a breach, as well as the possibility of fines being raised to 5 percent of global turnover for noncompliance.<\/p>\n
For companies concerned about privacy, they should be actively thinking now about how their data is organised and, in turn, how it is being protected. One thing we can presume is that the revamped data protection regulation will include a greater prescription for businesses to obfuscate \u2018sensitive\u2019 data. Given the definition of \u2018sensitive\u2019 is open to interpretation and will constantly change as more information about our lives is electronically stored, there is going to be a need for much more dynamic and powerful tools and systems for protecting data.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6445f4516d&e=20056c7556<\/p>\n
Don’t Fake It When It Comes to Securing Sensitive Data on Mobile Devices<\/p>\n
While encryption is the driving force behind mobile device security (for laptops, in particular), it alone could do nothing to protect sensitive data from this once-authorized and still very much alive (ab)user \u2013 he had the credentials! You never know when data will be put at risk and you’ll want to remove access to it or wipe all sensitive data from a device altogether. Whether via careless negligence (the more common occurrence) or by the malfeasance of an administrator who’d go so far as to fake his own death for a free laptop, the right tools can really save the day.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e6d16568ee&e=20056c7556<\/p>\n
Combating the Notorious Nine with Zero Trust Data Security<\/p>\n
The Cloud Security Alliance surveyed industry experts to identify the top nine threats, which they labeled as the \u201cNotorious Nine.\u201d Before discussing solutions to these major threats, I\u2019ll provide a brief description of each of them below.<\/p>\n
End-to-end encryption is critical for combating the \u201cNotorious Nine\u201d threats \u2013 ultimately maintaining the most secure network. With encryption, even if firewalls or other safeguards fail, hackers will not be anything to do anything with the data due to a lack of keys. In addition, unlike other security protocols, such as Secure Socket Layers, encryption does not cause computer-intensive processing to function. Therefore, encryption provides the necessary security, without negatively affecting the end-user experience.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ec525ddafb&e=20056c7556<\/p>\n
Economic Impact from a Company\u2019s Data Breach \u2013 No Big Deal? Not So Fast!<\/p>\n
A recent article in the Harvard Business Review found that \u201ceven the most significant recent breaches had very little impact on the company\u2019s stock price.\u201d Similarly, \u201cactual expenses \u2026 amount to less than 1% of each company\u2019s annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less,\u201d according to a new analysis from a fellow at the Columbia School of International and Public Affairs.<\/p>\n
What about the longer term? It is not clear to what extent corporate data breach victims incur damages that are not subject to data breach notification laws \u2013 e.g., losses from competitor or state-sponsored theft of intellectual property, customer lists, business plans, and other proprietary data that, while sensitive and valuable to the owner, may not contain personal identifying information. The incentives to protect access to this data may outweigh any notion that the costs of consumer data breaches are too low to justify additional investment in cybersecurity.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=88638d5f0a&e=20056c7556<\/p>\n
New Linux rootkit leverages graphics cards for stealth<\/p>\n
A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden.<\/p>\n
The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs (graphics processing units) is a viable option. This is possible because dedicated graphics cards have their own processors and RAM.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e581c45011&e=20056c7556<\/p>\n
Get ready: ‘Critical’ Adobe Reader patches coming on Tuesday 12 May<\/p>\n
Windows and Mac versions of Adobe Reader XI (11.0.10, 10.1.13) as well as Adobe Acrobat XI (11.0.10, 10.1.13) will all need patching against (unspecified) critical vulnerabilities in the software. Adobe assigned these security bugs at a severity rating as “2”, one step down from its most severe rating.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=befbcc25c7&e=20056c7556<\/p>\n
$7500 DDoS extortion hitting Aussie, Kiwi enterprises<\/p>\n
New Zealand Internet Task Force (NZITF) chair Barry Brailey is warning Australian and New Zealand enterprises to be on the look out for distributed denial of service extortion attacks demanding payment of up to AU$7500.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0620b13b1c&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1d5b3e3240)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Cybercriminals going back to \u2018old school\u2019 techniques: Dell \u201cBased on the data gathered by SonicWALL in 2014, what we\u2019ve seen is a surge in point-of-sale (POS) malware variants…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1071","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1071"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1071\/revisions"}],"predecessor-version":[{"id":3558,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1071\/revisions\/3558"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}