[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
5 common misconceptions about DDoS protection<\/p>\n
Misconception #1: Firewalls, IPS or Content Delivery Networks Are the Answer<\/p>\n
Misconception #2: A Single Layer of DDoS Protection is Enough<\/p>\n
Misconception #3: The Odds Are We Will Not Become a Target, So It\u2019s Worth the Risk<\/p>\n
Misconception #4: The Impact of a DDoS Attack Does Not Justify the Cost for Protection<\/p>\n
Misconception #5 \u2013 DDoS Attacks Are Not Advanced Threats<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f822ead8a9&e=20056c7556<\/p>\n
How risk management leads to increased profit margins<\/p>\n
Companies that put a premium on risk management can cope with ever-increasing business risks while seizing opportunities that present themselves.<\/p>\n
PwC surveyed more than 1,200 senior executives and board members for the report, Risk in review: Decoding uncertainty, delivering value. It found that companies that lead in risk management tend to take a holistic view of risk and involve risk management in the business at a strategic level. As a result, over the past three years, 55 percent of risk management leaders recorded increased profit margins and 41 percent achieved an annual profit margin of more than 10 percent.<\/p>\n
While 73 percent of executives say that risks to their companies are rising, only 12 percent of respondents demonstrate the hallmarks of risk management leaders. PwC says risk management leaders set themselves apart in four key areas…<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d42722812f&e=20056c7556<\/p>\n
Trojan Hides In Microsoft SQL Database<\/p>\n
The infection begins with an infected e-mail attachment that contains a downloader. Once the attachment is opened will download the final malware.<\/p>\n
Normally this is done via a URL, but does in the case of the now discovered downloader that connects to a Microsoft SQL database. That makes it difficult for administrators to find out where the malware comes from. To download the Trojan horse downloader makes the connection to the database, check the correct table and downloads the malware via the response from the database.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ac09ffbefa&e=20056c7556<\/p>\n
Malware industry maturing<\/p>\n
Group Executive – Security, says threats targeting end users are higher than ever. In addition, security vulnerabilities are mostly related to end-user systems and not servers. \u201cIt appears that successful exploits occurs over the weekend when end users – and their devices – are outside the security controls of the corporate network. This indicates that traditional security controls are effective at protecting the corporate network, however assets that transition between corporate and external access points are at greater risk.<\/p>\n
According to Gyde, the malware industry is maturing, with malware becoming commoditised and available through dark net marketplaces. This means the barrier to entry for cybercriminals is a minimal financial investment, but for a potentially large return.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=efda4707e6&e=20056c7556<\/p>\n
Drinking from the Malware Fire Hose<\/p>\n
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them.<\/p>\n
This past Thursday, Virustotal, a free service that analyzes suspicious files and URLs, said it detected almost 400,000 unique malware instances on that day alone. Keep in mind that number doesn\u2019t include malware that wasn\u2019t sent to Virustotal, or malware that isn\u2019t detected by antivirus engines. The number of truly unique malware families is, of course, lower but each of these samples may have unique configuration items that could be useful for threat intelligence. That leaves a lot of malware to process and not a lot of time or resources — reverse engineering and sandboxing isn\u2019t cost effective when dealing with this quantity of samples.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9473ce4b04&e=20056c7556<\/p>\n
Businesses Lack Enforceable Policy, Control Over Mobile Workers<\/p>\n
At more than 64 percent of businesses, a majority of mobile workforces can access their organizations’ secure data remotely, yet less than 25 percent of businesses have sufficient policies and controls in place for mobile media, such as USB drives, according to a survey of 330 IT and security professionals.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3100e5903b&e=20056c7556<\/p>\n
What We Learned From a Data Exfiltration Incident at an Electric Utility<\/p>\n
The utility employed a range of security devices to gather forensics information over months. Eventually, and consistent with suspicions, the traffic was traced back to the third-party enclave. A 4-G “puck” was found that the spies used to transmit sensitive information back to the Far East. These actors were caught, but only after the loss of confidential data and a lot of time and resources were expended on forensics. Analysis shows that the attackers were exploiting open ports and using a legacy high-speed token ring protocol, encapsulated in Internet Protocol, as a means for stealthy communications. We don’t know all the details and can’t make full conclusions, but let’s look at some best practices and technologies that possibly could have prevented or at least mitigated this event:…<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cf2dd465de&e=20056c7556<\/p>\n
Malicious keylogger malware found lurking in highly publicized GTA V mod<\/p>\n
Why this matters: Bad guys always find a way to ruin a good thing. But this fiasco drives home an important point: Mods are software designed to run on your system, and you should religiously scan all software you download with anti-virus and anti-malware tools before you run them. Yes, even mods.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=11f71fc87f&e=20056c7556<\/p>\n
MediaClone, Inc introduces SuperImager Plus<\/p>\n
To allow investigators to use the SuperImager\u00ae Plus field units as a complete mobile investigation platform, the new units provide optional dual-boot feature, with Windows 7 as the second OS. When this feature is enabled, the investigator can, after completing forensic imaging, reboot the unit to Windows, and run third-party applications, such as Computer Forensic cellphone data extraction and analysis, Forensic Triage data collections, and full computer forensic analysis.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d7b82cf048&e=20056c7556<\/p>\n
Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked<\/p>\n
mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company\u2019s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy \u201cusers.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8798837925&e=20056c7556<\/p>\n
VENOM virtual vuln proves less poisonous than first feared<\/p>\n
\u201cIt\u2019s serious, but not Heartbleed serious,\u201d said Karl Sigler, threat intelligence manager at Trustwave. \u201cThere are no known in-the-wild attacks and a patch is available.”<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=91e7e0a7ae&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=a8e02f3c7e)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: 5 common misconceptions about DDoS protection Misconception #1: Firewalls, IPS or Content Delivery Networks Are the Answer Misconception #2: A Single Layer of DDoS Protection is Enough Misconception…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1076","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1076"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1076\/revisions"}],"predecessor-version":[{"id":3563,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1076\/revisions\/3563"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}