[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Intel says GPU malware is no reason to panic, yet
\nResearchers from Intel division McAfee Labs teamed up with members of Intel’s Visual and Parallel Computing Group to analyze a proof-of-concept GPU malware program dubbed JellyFish that was released in March.
\nTheir conclusion, which was included in McAfee’s latest quarterly threat report, is that running malicious code inside GPUs still has significant drawbacks and is not nearly as stealthy as its developers suggested.
\nWhile it’s true that there is a shortage of tools to analyze code running inside GPUs from a malware forensics perspective, endpoint security products don’t need such capabilities because they can detect the other indicators left by such attacks on the system.
\nSome of the defenses built by Microsoft against kernel-level rootkits, such as Patch Guard, driver signing enforcement, Early Launch Anti-Malware and Secure Boot, can also help prevent the installation of GPU threats.
\nMicrosoft\u2019s Device Guard feature in Windows 10, which allows only Microsoft-signed and trusted applications to run, can be particularly effective against such attacks, according to the researchers.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ab48b1a933&e=20056c7556<\/p>\n
States and Localities Consider Security as a Service
\nCost savings are one obvious consideration, but so is the fact that state and local governments are finding it next to impossible to compete with the private sector for cybersecurity talent.
\nIn a 2015 NASCIO state government IT workforce study, 67 percent of respondents said security was the most difficult position to fill and retain.
\n\u201cSecurity is becoming highly specialized, and we are having a very difficult time finding appropriate people to do in-house security,\u201d said Ralph Johnson, chief information security and privacy officer of King County, Wash., whereas a managed security services team often has the expertise and concentration he needs.
\nFor example, King County uses a managed security service for its network log and security event management. \u201cFor me to appropriately run that with an in-house solution, I would have had to hire three staffers and that would have been their sole function,\u201d Johnson explained. \u201cThat would cost me $1.5 million over five years.
\nI got a managed security product from a vendor that cost me $850,000 over the same time period.\u201d
\nAlthough its IT structure is federated rather than consolidated, the Texas Department of Information Resources is planning to do a feasibility study for a statewide identity access management solution. \u201cWe will look at whether it makes sense to do that internally or if it is better suited as an outsourced, cloud-based service,\u201d Block said.
\nBut not all CISOs are comfortable with the idea of identity and access management in the cloud. \u201cI don\u2019t support outsourcing the keys to the kingdom,\u201d said Agnes Kirk, CISO for Washington state. \u201cThat authentication and ID management are how we ensure we are protecting privacy and data entrusted to us.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7fec9efe49&e=20056c7556<\/p>\n
Blue Coat Reveals the Web’s Shadiest Neighborhoods
\nSUNNYVALE, CA–(Marketwired – Sep 1, 2015) – Blue Coat Systems, Inc., a market leader in enterprise security, today revealed new research for consumers and businesses that shows the Top-Level Domains (TLDs), or “neighborhoods,” most associated with suspicious websites.
\nAmong the key findings in the report are that more than 95 percent of websites in 10 different TLDs are rated as suspicious, with that percentage increasing to 100 percent for the top two highest ranking TLDs, .zip and .review.
\nMuch has changed since the early days of the Internet when the Web had only six common top level domains (TLDs).
\nBack then, what most consumers and businesses encountered were a small number of standard TLDs, such as .com, .net, .edu and .gov, as well as some “country code” domains like .fr (France), and .jp (Japan).
\nHowever, since 2013, the number of new TLDs has skyrocketed.
\nThere has been an explosion of new neighborhoods on the Web, many of which may be considered for web security purposes as neither safe nor friendly.
\nBy June 2015, the count of validly issued TLDs stood at over one thousand.
\nAs the number of TLDs has increased, so have the opportunities for attackers.
\nThese TLDs, with high numbers of shady sites dubbed “Shady TLDs,” can provide fertile ground for malicious activity including spam, phishing, and distribution of Potentially Unwanted Software (PUS).
\nThe report also reveals examples of nefarious activity taking place on shady websites of some of the top ranked Shady TLDs, including the fourth most seemingly dangerous neighborhood, .kim.
\nBlue Coat researchers recently discovered websites serving up pages which mimic popular video and image sites and prompt unprotected visitors to unwittingly download malware.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=962551106b&e=20056c7556<\/p>\n
ThreatQuotient Announces General Availability of ThreatQ Threat Intelligence Platform
\nSTERLING, Va., Aug. 31, 2015 \/PRNewswire\/ — ThreatQuotient, a threat intelligence platform provider, today announced the general availability of ThreatQ.
\nThreatQ is the only Threat Intelligence Platform (TIP) that centrally manages and correlates unlimited threat data from external sources with internal security and analytics solutions for contextual, operationalized intelligence within a single pane of glass.
\nThreatQuotient is also introducing Indicator Nurturing, unique to ThreatQ, which goes beyond enrichment to help customers tailor indicators of compromise (IOCs) more specifically to their infrastructure.
\nWith ThreatQ, enterprises can finally improve their threat intelligence and security operations through an on-premise, vendor-agnostic platform that can import commercial, open source, and private or industry threat intelligence.
\nThreatQ provides a seamless integration with existing security solutions to enrich and nurture indicators, and turn multiple data sources into operationalized intelligence.
\nThreatQ’s General Availability will offer customers several unique benefits, including:
\n– Indicator Nurturing \u2013 ThreatQ goes beyond enrichment and actually nurtures indicators to help customers tailor indicators of compromise (IOCs) more specifically to their infrastructure.
\n– Extensible Intelligence Platform
\n– Flexible Scoring Engine
\n– Central Search Engine for Intelligence
\n– Aggregated Visualization
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1c59bebfd6&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=fe22a4ce2a)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Intel says GPU malware is no reason to panic, yet Researchers from Intel division McAfee Labs teamed up with members of Intel’s Visual and Parallel Computing Group to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1139","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1139"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1139\/revisions"}],"predecessor-version":[{"id":3626,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1139\/revisions\/3626"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}