Posted by Kevin on August 12, 2014.
(This is a pilot for what will hopefully become a daily service. All thoughts and opinions, advice and criticisms on content, length and design would be gratefully received – either here in the comments or by email to kevtownsend at gmail.com. Blatant trolling will simply be ignored.)
BlackHat USA 2014 – archives
Includes links to many (not all) of the presentations/reports
Rethinking Security Incident Response: The Integration of Agile Principles
This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization‟s security incident response posture.
Millions of PCs Affected by Mysterious Computrace Backdoor
(Black Hat, by Kaspersky)
Computrace is a legitimate, trusted application developed by Absolute Software. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine.
Governance, Risk, and Compliance: A Survey of IT Professionals in Retail, Healthcare, and Financial Services
So, You Want to Be a CISO?
by: Derek Brink; VP & Research Fellow, IT Security and IT GRC, Aberdeen Group
“Today’s security leaders have already started to recognize that “the skills that got them there were not the skills that are enough to keep them there,” as a wise colleague once observed. Continued progress down this path will result in even greater relevance to their respective organizations.”
Adobe Reader Update: CVE-2014-0546 used in targeted attacks
Today Adobe released the security bulletin APSB14-19, crediting Kaspersky Lab for reporting CVE-2014-0546.
Fake BBC Finance Site Delivers Proxy Crimeware and Rootkit
“…a fake BBC Financial News site called BBCFinanceNews[.]com. Warning! Possible Live Malware Site!”
Vulnerability in Android Spotify
Fixed in version 1.1.1. Older versions could be abused to launch phishing attacks. More from Trend Micro: http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-in-spotify-android-app-may-lead-to-phishing/
Krysanec trojan: Android backdoor lurking inside legitimate apps
“We found a RAT (Remote Access Trojan) masquerading as several legitimate Android applications…” ESET
13 November-14 November 2014; Izmailovo Concert Hall, Moscow, Russia
ZeroNights is an international conference dedicated to the practical side of information security.
Cisco Conference Call: Q4 Fiscal Year 2014
Scheduled for August 13, 2014, at 1:30 PM (PT). More from: http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1466111
Aug 24-28. Moscone Center, San Francisco.
More details: http://www.vmworld.com/community/conference/us
Webcast: Mobility in Healthcare
By Lysa Myers, ESET.
08/13/2014, 10:00am PT
More details: http://www.eset.com/us/webcasts/mobility-in-healthcare/
Kaseya acquires Scorpion Software
“Acquisition to form the Foundation for Kaseya’s Identity Management as a Service (IDaaS) Offering.”