- GSA unveils governmentwide MDM program - “The General Services Administration launched May 30 the new governmentwide Mobile Device Management Program that aims to streamline the procurement process for agencies to access mobile solutions.” This will provide a unified platform and oversight into MDM programs that federal decision makers buy. By having a list of pre-certified providers, the GSA will help save thousands (millions) of tax paying dollars and speed MDM implementation. Via FedScoop, more here.
- Signature-based endpoint security on its way out – Most security professionals have been waiting years for this to happen. The simple fact is that signatures can be mutated, and are continuously piling up, creating a ridiculously large set of data, and increasing the onus on the defender. Instead, many are moving towards behavioral based detection and identification, which can track malware based on actions. Via ComputerWorld, more here.
- Legal counterhacking a ‘remarkably bad idea’ – Cybersecurity analyst James Andrew Lewis, “director of the technology and public policy program at the Center for International and Strategic Affairs,” believes that any legalized counterhacking to be a “remarkably bad idea.” Not only would it be hard to legislate, but would be hard to determine the collateral effects. If someone’s machine had been used for a botnet, and was counterhacked and fried, who would be held liable? Via FierceGovernmentIT, more here.
Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet – “
Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.” This weakness was actually patched in January, but apparently many server administrators have yet to implement it. Patch management, people! Via ComputerWorld, more here.
- Skype Used to Spread Trojan – There is a new Trojan floating around the internet in shortened URLs. I’ll be honest, I thought we had gotten smart enough to ignore these shortened URLs at least a few years ago, so in my opinion, if you click on one (especially in a foreign language?) it is on you. Apparently 170,000 users have already clicked the link, so be careful. Via ISS Source, more here.
- Microsoft moving bot-busting fight to the cloud – Microsoft is moving their botnet-fighting Microsoft Active Response for Security (MARS) capability to the cloud to decrease response times and increase capabilities in the fight against botnets. Their new capability, known as the Cyber Threat Intelligence Program will shoot updates from the cloud to clients in near real time. Via ComputerWorld, more here.