Friday Security Highlights: Data Protection, Duqu Defense, Android Malware & More

It’s finally Friday once again, and time for another round of infosec news from across the web.

Here at McAfee this week, Ponemon Institute released the results of the Best Practices in Data Procection survey, conducted to determine data protection practices in leading organizations and to provide guidance on how best practice status can be achieved.

Focusing on issues relating to the use of data protection solutions such as endpoint encryption and data loss prevention within the workplace, the study provides insights on how orgs can be more successful when investing in and building data protection programs. The study’s findings revealed 5 key success factors in a data protection program.

Microsoft Issues Stopgap Fix for Duqu Flaw

Microsoft has released an advisory and a stopgap fix for the zero-day vulnerability exploited by the “Duqu” Trojan. According to the advisory, an attacker who successfully exploited this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights.

Five Things to do to Defend Against Duqu

Good advice from Kelly Higgins at Dark Reading, with a lowdown of some precautions organizations can take to protect themselves as they wait for more information on the attack:

  1. Install the just-released “hot fix” from Microsoft and workaround
  2. Run updated anti-malware – and use standard security best practices
  3. Scan or filter Word documents from unknown sources
  4. Monitor for traffic from potentially infected machines trying to “phone home” to Duqu
  5. Watch for any Port 443 traffic that’s unencrypted, and keep an eye out for ~DQ files

Soon, McAfee Labs will be releasing a thorough and consolidated whitepaper on Duqu, in an attempt to peel away the muck and the mire and expand on the critical and actionable components of this threat. Stay tuned!

Godfather of Xen: Virtualization holds a key to public cloud security

Simon Crosby, CTO & Co-founder at Bromium, a stealth mode startup working on the intersection of security and virtualization, believes that virtualization can actually hold a key to better security. This is because hypervisors can help isolate functions carried out on a system, thereby reducing the risk that an attack against one function can spread.

“The key point I’m trying to make is that virtualization technology in general through isolation provides you a different context in which to execute code of different trust levels.”

One example he pointed to was McAfee’s DeepSAFE technology developed with Intel, its direct link to the hardware giving it a trusted position and view into the events on the machine beyond what the operating system sees.

Android Malware Analysis: A How-To

Check out some great slides from Alex Kirk’s presentation at Hack in the Box Malaysia on how to go from “I’ve got an android APK file, now what?” to full static and dynamic analysis. He provides a great overview of the Android permissions system and its relevance to static analysis, as well as some example packet captures from in-the-wild malicious apps.

“We’re not saying that you shouldn’t ever pull an app from outside the market, just that you should do your homework before you do.”

For more on what McAfee is doing to secure enterprise mobility, visit our mobile security page.

We’ve also been posting a lot of videos on FOCUS11 on the McAfee YouTube channel, featuring McAfee customers, partners, industry analysts, and coverage of the McAfee booth and product demos – including a demo of McAfee Deep Command.

Thanks for joining us for another week’s Highlights, and be sure to follow us online at @IntelSec_Biz for future updates.

Leave a Comment

five × 3 =