Cyber Security Institute

Friday, August 30, 2013

Tenable Launches Security “App Store” For SecurityCenter 4.7

Tenable Network Security, the leader in real-time vulnerability management, today announced SecurityCenter 4.7&trade. With this release, Tenable introduces a first-of-its-kind security “app store” – a catalog of hundreds of apps created by Tenable researchers that provide the latest intelligence for identifying advanced threats and compliance violations.


Tuesday, August 20, 2013

Handling Incident Management in a Virtualized Environment

Good article on Incident Response in a Virtualized Environment - summary:

In my experience, this rush to a virtualized data center assumes that either existing controls are enough or that - for some unexplainable reason - virtualized servers are isolated from common attack vectors and therefore more secure. Although this increase does not correlate to an increase in disclosed virtualization vulnerabilities, as shown in Figure 1, the overall increase of vulnerabilities does track with the increase in growth of virtualization as a strategic technology. It also indicates that the increase in the number of virtualized servers increases the attack surface for those attackers focusing on the hypervisor as a high-value breach target.



Cybercrime-as-a-Service, the rise of hacking services

With the term attack-as-a-service model is indicated the practice to outsource all the phases of an attack to specialists instead to rent tools and architecture to conduct personally the illegal activities (Malware-as-a-Service). The model on sale for service is very attractive, hackers analyze in a first phase the target for a very cheap price (5$) and only in the presence of vulnerabilities they hack it for a price nearly 50$, of course for large architectures to attack the prices soar from $1000 to 50000. This type of hacking services is an example of unethically pen-testing activity, the criminals seem to not use any automated tool neither Google services to discover vulnerabilities, another singularity is that they do not operate against website and service of their country, a habit already seen in the sale of Kins and Zeus malware.



Friday, August 16, 2013

Security incident response procedures: When to do a system shutdown

At the same time, the attackers that target enterprises for their valuable information, or sometimes for political reasons, have never been more sophisticated, which has increased the pressure on enterprise security teams to be able to keep critical systems running securely and without interruption. Shutting down a system in response to an information security incident is one of the most drastic options that can be taken, but it might be the best option in certain scenarios. Occasionally, regardless of how well prepared an organization might be from a security perspective, an attack will leave the security team debating whether the risks involved with keeping a system running outweigh the potential impact of taking an infected or targeted system offline.



Hackers break into Energy’s computer networks, put employees at risk

“Individual notifications to affected current employees will begin no later than this Friday, Aug. 16, and will be completed by Aug. 30,” stated an internal Energy Department email sent to employees earlier this week, which was obtained by Federal News Radio. “While a significant number of employees whose information may have been affected may no longer be employed by the department, it will be necessary to obtain current contact information in order to notify these personnel. DoE told employees it is working with federal law enforcement agencies to find out more about the hacking incident, which happened at the end of July. In February, Energy said the attack disclosed employee PII, but didn’t offer any details of how many or which parts of the agency were affected.



Thursday, August 15, 2013

Microsoft pulls faulty Exchange 2013 patch HOURS after release

Microsoft has pulled a security update for Exchange 2013 after problems emerged with the latest patch to the email server software just hours after its release. The critical MS13-061 security update for Exchange Server 2013 broke the message index service, preventing Exchange 2013 email users from searching their mailboxes. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed.


Monday, August 12, 2013

IT security spend keeps rising: Is there ROI?

The latest data from Canalys shows that the IT security spending market will reach $30.1 billion in 2017 and grow at a 7 percent compound annual growth rate from now until then. In other words, security spending will be twice the global IT spending growth rate based on the 3 percent or so most research firms expect going forward. For instance, Gartner expects global IT spending to be up a mere 2 percent in 2013 relative to 2012 due to a strong U.S. dollar and up 3.5 percent in constant currency.


Friday, August 09, 2013

Linux gets hit by a trojan—it’s time to sudo apt-get scared!

A big selling point of Linux-based operating systems are that they are generally immune to viruses, trojans and malware. However, this is a falsehood—no OS is 100 percent safe when it comes to these things. According to security company RSA, a team of Russian cyber-criminals have developed a trojan, named “Hand of Thief”, which targets Linux.

The security company explains that the trojan is “designed to steal information from machines running the Linux OS. This malware is currently offered for sale in closed cybercrime communities for $2,000 USD (€1,500 EUR) with free updates. The current functionality includes form grabbers and backdoor capabilities, however, it’s expected that the Trojan will have a new suite of web injections and graduate to become full-blown banking malware in the very near future. At that point, the price is expected to rise to $3,000 USD (€2,250 EUR), plus a hefty $550 per major version release”.


Wednesday, August 07, 2013

Concerns Over Cyber Security Risks Outweigh Traditional Risks for Large Firms: Study

The study, titled “Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age” and conducted by Experian Data Breach Resolution and the Ponemon Institute, reported that 41 percent of large businesses (those with 500-plus employees) believe cyber security risks are greater than other insurable business risks such as natural disasters, business interruption and fires. Despite growing concerns over cyber security, the study also found that less than one-third of respondents (31 percent) have purchased cyber insurance coverage, according to the study, However, those firms that do not currently have insurance coverage – more than half of all survey respondents (57 percent) – indicated they plan to purchase cyber security coverage in the near future. Of the 56 percent of respondents that had breaches, the average cost of these incidents was reported at $9.4 million in the last 24 months.


Friday, August 02, 2013

CISO spending priorities revealed

According to a GDS International survey of more than 100 leading European information security professionals, investment priorities are changing. Spending to support business growth is at an all-time high (22% of 2013 budgets, up 5% on 2012 figures). Investments to maintain and run existing systems and processes are still the lion’s share, and have grown by 6% since 2011 (41% of 2013 budgets, up from 35% in 2011).