ITsecurity
twitter facebook rss

Daily ITsecurity Briefings: 08/12/2014

Posted by on August 12, 2014.

(This is a pilot for what will hopefully become a daily service. All thoughts and opinions, advice and criticisms on content, length and design would be gratefully received – either here in the comments or by email to kevtownsend at gmail.com. Blatant trolling will simply be ignored.)

 

WHITEPAPERS & REPORTS

BlackHat USA 2014 – archives
Includes links to many (not all) of the presentations/reports
https://www.blackhat.com/us-14/archives.html

Rethinking Security Incident Response: The Integration of Agile Principles
http://cryptome.org/2014/08/rethink-security-response.pdf
This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization‟s security incident response posture.

Millions of PCs Affected by Mysterious Computrace Backdoor
(Black Hat, by Kaspersky)
Computrace is a legitimate, trusted application developed by Absolute Software. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine.
http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700

Governance, Risk, and Compliance: A Survey of IT Professionals in Retail, Healthcare, and Financial Services
Dell
https://software.dell.com/whitepaper/governance-risk-and-compliance-survey-of-it-professionals-in-retail-he829950

So, You Want to Be a CISO?
by: Derek Brink; VP & Research Fellow, IT Security and IT GRC, Aberdeen Group
“Today’s security leaders have already started to recognize that “the skills that got them there were not the skills that are enough to keep them there,” as a wise colleague once observed. Continued progress down this path will result in even greater relevance to their respective organizations.”
http://securityintelligence.com/so-you-want-to-be-a-ciso/

 

NEWS

Adobe Reader Update: CVE-2014-0546 used in targeted attacks
Today Adobe released the security bulletin APSB14-19, crediting Kaspersky Lab for reporting CVE-2014-0546.
https://securelist.com/blog/65577/cve-2014-0546-used-in-targeted-attacks-adobe-reader-update/

Fake BBC Finance Site Delivers Proxy Crimeware and Rootkit
“…a fake BBC Financial News site called BBCFinanceNews[.]com.  Warning! Possible Live Malware Site!”
http://www.invincea.com/2014/08/fake-bbc-finance-site-delivers-proxy-crimeware-and-rootkit/

Vulnerability in Android Spotify
Fixed in version 1.1.1. Older versions could be abused to launch phishing attacks. More from Trend Micro: http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-in-spotify-android-app-may-lead-to-phishing/

Krysanec trojan: Android backdoor lurking inside legitimate apps
“We found a RAT (Remote Access Trojan) masquerading as several legitimate Android applications…” ESET
http://www.welivesecurity.com/2014/08/12/krysanec-trojan-android/

 

EVENTS

ZeroNights 2014
13 November-14 November 2014; Izmailovo Concert Hall, Moscow, Russia
ZeroNights is an international conference dedicated to the practical side of information security.
http://2014.zeronights.org/

Cisco Conference Call: Q4 Fiscal Year 2014
Scheduled for August 13, 2014, at 1:30 PM (PT). More from: http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1466111

VMworld 2014
Aug 24-28. Moscone Center, San Francisco.
More details: http://www.vmworld.com/community/conference/us

 

WEBCASTS & WEBINARS

Webcast: Mobility in Healthcare
By Lysa Myers, ESET.
08/13/2014, 10:00am PT
More details: http://www.eset.com/us/webcasts/mobility-in-healthcare/

 

MERGERS & ACQUISITIONS

Kaseya acquires Scorpion Software
“Acquisition to form the Foundation for Kaseya’s Identity Management as a Service (IDaaS) Offering.”
http://www.kaseya.com


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News | Tags: , , , , , , , , ,