July 03, 2014

CosmicDuke malware surprisingly linked to Miniduke campaign
The bad actors behind the CosmicDuke campaign specifically crafted filenames and content files to lure victims contain, the sample analyzed by F-Secure makes reference to Ukraine, Poland, Turkey, and Russia. The CosmicDuke gang used the language of targets and included details and information related to specific events of interest for victims.  CosmicDuke campaign targeted Windows machines, victims were lured into opening a malicious PDF file contains an exploit or a Windows executable whose filename isartefact to appear like a legitimate document or image file.


Constructing a Term Structure of Interest Rates Using R (part 2 of 2)
In this article, we will look at how we can implement the two essential functions of a term structure: the forward interest rate, and the forward discount factor. We will apply a mix of notation adopted in the lecture notes Interest Rate Models: Introduction, pp 3-4, from the New York University Courant Institute (2005), along with chapter 1 of the bookInterest Rate Models — Theory and Practice (2nd edition, Brigo and Mercurio, 2006). A presentation by Damiano Brigo from 2007, which covers some of the essential background found in the book, is available here, from the Columbia University website.


Apple patent details automatically adjusting security settings based on location, biosensors
The term “security level” can refer to the types of security measure used (e.g., passcode, retinal scan, etc.) to control access to a mobile device. Each type of security measure used may be associated with a level of inherent security. For example, passcode-based security may be considered less secure than a retinal scan. The term “security level” can refer to the frequency with which a particular security measure is used. For example, a passcode may be required immediately or may only be required after 5 or more minutes of inactivity. The term “security level” can refer to the level of strength of a particular security measure used. For example, 4-digit numerical passcode may be associated with a lower security level than a longer alphanumeric password.


Cisco patches communications manager to close backdoor access vulnerability
"The vulnerability is due to the presence of a default SSH private key, which is stored in an insecure way on the system," Cisco said in a security advisory. "An attacker could exploit this vulnerability by obtaining the SSH private key. For example, the attacker might reverse engineer the binary file of the operating system." The other flaw, which enables privilege escalation, is located in the CUCDM application software and stems from the improper implementation of authentication and authorization controls for the Web-based user interface. An attacker can exploit the flaw to change the credentials of an administrative user by opening a specifically crafted URL. The attacker needs to be authenticated as a different user in the system or to trick an active user to click on a malicious link.


7 Strategic Givens for CISOs on Foreign State Threats to IP/Trade Secrets
If you're responsible for protecting your company’s Intellectual Property or Trade Secrets from Cyberattacks, you can improve your Information Security Program by understanding some of the key Strategic givens I've found at my Fortune 500 clients on Nation-State Adversaries. ...  These compromises are increasingly driven by Nation-State Adversaries and often include companies that have physically deployed their high value company assets directly into “hostile” regions by either moving or outsourcing their manufacturing, research, or other core business functions. Here are some of the Strategic givens I’ve identified:


Intelligent cars draw investors to tech stocks
"It's a whole new market emerging," said Christian Jimenez, fund manager and president of Diamant Bleu Gestion. "The best way to play it for investors in the long term is to buy names such as Microsoft or chip makers such as Infineon, not (automakers) Peugeot and Renault". If the new market grows to $50 billion as forecast by French bank Exane BNP Paribas that would be roughly half the size of German carmaker BMW's revenues last year. Internet giant Google Inc is leading the charge among tech companies, trying to break into the century-old industry as it works on its own prototypes of fully autonomous vehicles.


End users matter most with today's performance management
As performance management systems have evolved, two different ways to get at the end-user experience have also emerged. Businesses can choose accordingly, depending on their needs. For now, application performance management tools are monitoring the user experience, but future incarnations of APM tools will employ end user performance management to predict what the user is going to do next. In this podcast, Modern Infrastructure editors also discuss Robert Green's June issue feature story on controlling cloud costs. Green has shared his expertise at Modern Infrastructure seminars, and lays out the five best ways to keep cloud costs transparent and under control.


Will Physical Location of Data Become Irrelevant for CIOs?
Logical location: This is emerging as the most likely solution for international data processing arrangements and is determined by who has access to the data. ... While the legal location of the provider would beIreland, the political location would be theU.S. and the physical location would beIndia, logically, all data could still be inGermany. For that to happen, all data in transit and all data at rest (inIndia) would have to be defensibly encrypted, with keys residing inGermany. With such an architecture there is an increase in cost and complexity and a reduction of usability through functions like preview and search, mobility and latency.


Analytics Vendors See a Fast-Maturing Health Care Audience
CFOs and CEOs soon will start having difficult decisions to make because of what they will learn from analytics, predicts David Janotha, vice president of healthcare at Axiom EMP, a vendor specializing in financial and operational analytics. CFO roles are changing; they have provided financial data to support basic financial analytics for reporting purposes, and now they need to take a more strategic leadership position “looking for outside-the-box solutions rather than building towers,” he predicts. CFOs need to become more clinically astute, find new avenues for providing care such as clinics in pharmacies, and give physicians data they need on the treatments they gave and the costs.


Four Questions to Revolutionise Your Business Model
The “four questions” of the book’s title -- Who, What, When, and Why – are hardly unique to the business world, but according to the authors, few firms subject their business model to such basic scrutiny frequently enough. There’s no substitute, Girotra and Netessine say, for the fundamental questions, such as “What should we sell?” and “When should we introduce our new products?” “I like to compare it to financial auditing, which every organisation does every year, many times,” Netessine said in an interview with INSEAD Knowledge. “Often, a public company will do it once a quarter. But then you ask the same company how often [it examines] its own business models, they’ll tell you, ‘Well, I don’t know. Twenty years ago? Thirty years ago?’”



Quote for the day:

"All you need in this life is ignorance and confidence; then success is sure" -- Mark Twain