Cyber Security Institute

Friday, April 24, 2015

Newsalert - 2015 Apr 23

Threat intelligence programs maturing despite staffing, tech obstacles
During a Tuesday session at RSA Conference 2015, entitled “Threat Intelligence is Like Three-Day Potty Training,” Forrester Principal Analyst Rick Holland used the analogy to highlight how threat intelligence is increasingly becoming a requirement for enterprises, but building a program and advancing it to the point where it supports an organization’s strategic objectives often takes much longer than anticipated.
Citing data from Forrester’s 2014 global security survey, Holland said that for the past two years more than three-quarters of North American enterprises said establishing or improving threat intelligence was a priority in the next 12 months.
Link: [ http://searchsecurity.techtarget.com/news/4500244809/Threat-intelligence-programs-maturing-despite-staffing-tech-obstacles ] ( http://searchsecurity.techtarget.com/news/4500244809/Threat-intelligence-programs-maturing-despite-staffing-tech-obstacles )

IDC Analysts Identify IT Security Trends at RSA
in the world of cyber-fraud (or “consumer cyber security”), intelligence has not significantly advanced in recent years. While in the world of enterprise security, advanced threat intelligence identifies IOCs, TTPs, and causes pain to the threat actor, in the world of fraud, intelligence has remained superficial – here’s a compromised credit card number, or here’s a ZeuS hash. No depth or insight. In the world of fraud, we receive disconnected data points for the most part.
Link: [ http://pulseblog.emc.com/2015/04/22/the-need-for-advanced-fraud-intelligence/ ] ( http://pulseblog.emc.com/2015/04/22/the-need-for-advanced-fraud-intelligence/ )

IRC Botnets alive, effective & evolving
In this era of sophisticated Botnets with multiple C&C communication channels, custom protocols, and encrypted communication; we continue to see a steady number of new IRC based Botnet payloads being pushed out in the wild on a regular basis. As we saw in our analysis, IRC based Botnet families continue to evolve in terms of sophisticated features incorporated in the bots.
Link: [ http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html?m=1 ] ( http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html?m=1 )

5 Overlooked IT Risk Management Issues That Can Bite You In The Budget
The cold, stark reality of IT budgeting is that there are plenty of IT risk management issues that can easily be overlooked … and end up biting you in the budget. Here are five to put on the agenda for your next IT staff meeting so that you don’t find yourself footing an unexpected (and nasty) bill later in the fiscal year.
Link: [ http://www.forbes.com/sites/sungardas/2015/04/22/5-overlooked-it-risk-management-issues-that-can-bite-you-in-the-budget/ ] ( http://www.forbes.com/sites/sungardas/2015/04/22/5-overlooked-it-risk-management-issues-that-can-bite-you-in-the-budget/ )

New F-Secure Report Warns of Growth in Extortion Malware
New research from cyber security firm F-Secure points to an increase in the amount of malware designed to extort money from unsuspecting mobile phone and PC users. New F-Secure Report Warns of Growth in Extortion Malware According to the new Threat Report, malware such as premium SMS message sending trojans and ransomware continue to spread, making them a notable presence in today’s digital threat landscape.
Link: [ http://www.reuters.com/article/2015/04/23/idUSnMKWHJ1bYa+1f2+MKW20150423 ] ( http://www.reuters.com/article/2015/04/23/idUSnMKWHJ1bYa+1f2+MKW20150423 )

Conficker remains top of the threats as existing malware for Windows dominates
Android is still the main target for mobile malware, with 61 new families discovered compared to only three for iOS. The fastest growth has been in malware that sends premium SMS messages. Ransomware is still growing too, the Koler and Slocker trojans being the largest ransomware families on Android.
Looked at geographically, most threats reported by F-Secure users in the second half of 2014 originated from Europe and Asia, but in the last six months the company saw more activity reported in South America.
Link: [ http://betanews.com/2015/04/23/conficker-remains-top-of-the-threats-as-existing-malware-for-windows-dominates/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN ] ( http://betanews.com/2015/04/23/conficker-remains-top-of-the-threats-as-existing-malware-for-windows-dominates/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN )

Mobile malware infections may be overhyped
Mobile users in the US are 1.3 times more likely to be struck by lightning than malware, new research has found.
Atlanta-based security firm, Damballa, has released data at the RSA conference in San Francisco that suggests the problem of mobile malware has been overemphasised.
Link: [ http://www.arnnet.com.au/article/573309/mobile-malware-infections-may-overhyped/?fp=2&fpid=1 ] ( http://www.arnnet.com.au/article/573309/mobile-malware-infections-may-overhyped/?fp=2&fpid=1 )

Kaspersky Lab Finds “Darwin Nuke” Vulnerability in OS X and iOS
The “Darwin Nuke” vulnerability is exploited while processing an IP packet of specific size and with invalid IP options. Remote attackers can initiate a DoS (denial of service) attack on a device with OS X 10.10 or iOS 8, sending an incorrect network packet to the target. After processing the invalid network packet, the system will crash. Kaspersky Lab’s researchers discovered that the system will crash only if the IP packet meets the following conditions:
Link: [ http://www.equitybulls.com/admin/news2006/news_det.asp?id=158598 ] ( http://www.equitybulls.com/admin/news2006/news_det.asp?id=158598 )

Wednesday, April 22, 2015

Newsalert - 2015 Apr 22

**RSA Conference: ThreatStream Announces First Apple Watch App for Managing Threat Intelligence On-the-Go** 
SAN FRANCISCO AND REDWOOD CITY, Calif., April 21, 2015 /PRNewswire/—ThreatStream® (RSA booth #S2727), the leading provider of an enterprise-class threat intelligence platform, today announced the first iOS threat intelligence app for the Apple Watch. The app, which is also available for the iPhone and iPad, provides full access to the ThreatStream Optic threat intelligence platform dashboard and displays, and enables users to take action with a simple tap of the screen or voice command. The new Apple Watch app will be demonstrated in the ThreatStream booth during the RSA Conference (@rsaconference) this week. ThreatStream will also be giving away one Apple Watch a day to visitors who come by their booth. 
**Link:** [  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ] (  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ) 

**Corporate privacy policies are out of step with protecting sensitive data** 
Data protection specialist Druva has released the results of a new study conducted by Dimensional Research which examines companies’ efforts to protect sensitive data, the challenges they face ensuring data privacy and gathers respondent views on protecting data privacy in the cloud. 
Among the findings are that 99 percent of respondents reported having some for of sensitive data, including personal financial, healthcare and authentication-related data, they needed to manage. 84 percent reported plans to boost their efforts to protect the privacy of sensitive data. There are problems with enforcement, however, with almost 84 percent of respondents reporting that employees don’t follow data privacy policies. 
**Link:** [  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ] (  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ) 

**Corporate privacy becoming a top business concern in 2015** 
(BPT) – As many as 43 percent of companies experienced a data breach in the past year – a 10 percent increase from last year, according to an annual study conducted by the Ponemon Institute. As companies scramble to keep their names out of the headlines by bolstering up security practices and protocols, it’s important to take a deeper look into the little things you can do to better manage privacy and security within your own company. 
**Link:** [  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ] (  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ) 

**Governor Terry McAuliffe announced today that the Commonwealth of Virginia is establishing the Nation’s first state-level Information Sharing and Analysis Organization (ISAO). ** 
“As Governor McAuliffe’s homeland security advisor, I’m excited that Virginia is leading the ISAO movement and look forward to working alongside our DHS, state, and other cybersecurity partners to help develop standards and best practices for information sharing with the private sector,” said Secretary of Public Safety and Homeland Security Brian Moran. 
**Link:** [  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ] (  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ) 

**This month’s second Patch Tuesday brings 34 Windows updates, all optional** 
Today’s list is much larger than normal, with 34 patches all rated Optional, meaning they will not be installed automatically. You have to open Windows Update and manually select one or more updates to install them. 
**Link:** [  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ] (  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ) 

**CIO-CSO tension makes businesses stronger** 
“There’s a natural tension between these roles because they have what appear to be different priorities, and because in many larger organizations, the CSO role, and security in general, becomes a higher priority,” says Justin Cerilli, managing director, financial services technology and operations, Russell Reynolds and Associates. 
One of the struggles in achieving this balance and laying the foundation for a good working relationship between CIOs and CSOs is the potential for personality clashes, says Cerilli. Human Resources can and should play a major role in finding leaders who can work well together and put the business’ needs ahead of any personal need for career advancement or recognition, he says. 
**Link:** [  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ] (  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ) 

**Report: Need better breach crisis? IT manager may not be best bet** 
Companies must have a strategy in place when a data breach occurs, and it looks like IT managers may not be best to handle a breach crisis, according to a new report by Booz Allen Hamilton. Instead, a business savvy leader at the company is better prepared to handle the problem, as they will be prepared to address crisis communications, legal issues, disaster recovery, and other strategic decisions that must be made. 
**Link:** [  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ] (  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ) 

**Webroot 2015 Threat Brief Reveals Smarter Threats and Rising Complexity of Cybercrime** 
The data shows that organizations need to bolster their security posture with real-time, highly accurate threat intelligence to protect themselves from cybercriminal activity. This enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defense-in-depth strategy. This is crucial when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them. Individuals also need to be more vigilant than ever about the websites they visit, the URLs they follow from emails, and the applications and mobile apps that they use. 
**Link:** [  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ] (  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ) 

**Standard Chartered hires former UK surveillance chief to combat cybercrime** 
The Asia-focused bank said Iain Lobban would become a member and senior advisor to the committee responsible for matters including anti-money laundering, sanctions compliance and prevention of corruption. 
**Link:** [  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ] (  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ) 

**NATO cybersecurity drill to focus on hackers** 
TALLINN, Estonia — About 400 computer experts will participate in a major cybersecurity drill in Estonia this week as part of NATO’s efforts to upgrade its capability to counter potentially debilitating hacker attacks, organizers said Tuesday. 
**Link:** [  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ] (  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ) 

**Honeywell : Technology First To Proactively Manage Cyber Security Risk For Industrial Sites; Honeywell’s Cyber Security Risk Manager Gives Industrial Users Real-Time Visibility** 
The Honeywell Industrial Cyber Security Risk Manager, is designed to simplify the task of identifying areas of cyber security risk, providing real-time visibility, understanding and decision support required for action. It monitors and measures cyber security risk in multi-vendor industrial environments. 
**Link:** [  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ] (  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ) 

**Nation’s First Incident Management Center for Utilities Launched** 
A new training center to support incident management for the utility industry was announced today at the Western Energy Institute (WEI) Spring Operations Conference in Las Vegas. 
**Link:** [  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ] (  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ) 

**Google, Microsoft serve up security treats for productivity suites** 
Microsoft announced a trio of Office 365 security features, including a new API to feed data into SIEM systems and finer grain encryption for email, while Google has announced new a way for Drive admins to manage two-factor authentication keys for Google Apps at work. 
**Link:** [  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  ] (  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  ) 

Tuesday, April 21, 2015

Newsalert - 2015 Apr 21

**Pushdo spamming botnet gains strength again** 
Computers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down. 
The latest version has been pushing Fareit, which is malware that steals login credentials, and Cutwail, a spam engine module. It has also been used to distribute online banking menaces such as Dyre and Zeus. 
Using an elaborate algorithm, the secondary system generates 30 domains names a day that an infected computer can try to contact, according to an advisory on Fidelis’s blog. Fidelis reverse-engineered the algorithm that generates those domain names, allowing it to register some of the domains. 
**Link:** [  http://www.itworld.com/article/2912535/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news  ] (  http://www.itworld.com/article/2912535/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news  ) 

**Study Uncovers Fears of Potential Domino Effect from Cyberattacks** 
RedSeal (redseal.co) unveiled its comprehensive survey of high-ranking executives that vividly illustrates widespread concern regarding the potential effects of cyberattacks in corporate America. Most of the C-level professionals surveyed readily acknowledge that a coordinated assault launched by sophisticated cybercriminals would wreak ongoing havoc on business operations, cause considerable harm to a brand, and potentially affect related companies, even entire industries. In addition, many also point out that in the networked economy, containing the problems caused by a sustained network attack will be very difficult. In fact, a major network disruption at a single company or network can easily disrupt or even wreak havoc on a local, state, national and even global level.
The vast majority of the executives surveyed, 74%, acknowledge that cyberattacks on networks of U.S. organizations can cause “serious damage or disruption,” and most of the rest, 21%, admit to fears of “significant damage or disruption.” More specifically, almost 80% admit that such attacks can inflict “serious impacts to business profitability and growth,” and bring about “serious brand damage.” A large number, 45%, also related personnel concerns, saying such events will lead to a “big hit on employee productivity.” More than 43% also predict business downtime, while more than 41% fear “internal/organizational disruption or chaos.” 
In fact, the idea of a domino effect—one successful attack on one network leading directly to attacks on different networks in diverse but connected sectors of the economy—clearly resonated strongly with the executives surveyed. More than half the respondents, 52%, singled out “defense systems” as being potentially affected by a cyber-criminal incident or data breach, while 45% cited “border security.” And taking a big picture approach, a significant 59% said such attacks will take their toll on “economic security.” 
Link:  [ http://www.darkreading.com/attacks-breaches/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks/d/d-id/1320053 ] (http://www.darkreading.com/attacks-breaches/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks/d/d-id/1320053 )

**Investment Advisers: Six Areas of Focus for SEC Cybersecurity Exams** 
The U.S. Securities and Exchange Commission (SEC), in an effort to consistently reinforce its expectations in the area of cyber risk management, last year issued a cybersecurity-dedicated Risk Alert, as well as other communications to address the growing number and complexity of cybersecurity risks facing investment advisers (IAs). The alert, issued by the Office of Compliance Inspections and Examinations (OCIE)¹, highlights the SEC’s cybersecurity initiative, including a sweep of more than 50 registered IAs and broker-dealers focusing on cybersecurity.² 
he alert also provides a sample document request that lists six primary areas that the OCIE plans to evaluate during cybersecurity exams and the processes and controls examiners expect IAs to have in place to address threats, including those related to networks and information, remote customer access and vendors and other third parties.   
**Link:** [  http://deloitte.wsj.com/riskandcompliance/2015/04/21/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3/  ] (  http://deloitte.wsj.com/riskandcompliance/2015/04/21/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3/  ) 

**U.S. plans a cybersecurity center in Silicon Valley** 
The center will function as a satellite office of the National Cybersecurity and Communications Integration Center (NCCIC), a day-and-night operation that acts as an information and threat clearing house for government and private entities. 
**Link:** [  http://www.computerworld.com/article/2912468/cybercrime-hacking/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ] (  http://www.computerworld.com/article/2912468/cybercrime-hacking/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ) 

**New fileless malware found in the wild** 
Since the discovery of the Poweliks fileless Trojan in August 2014, researchers have been expecting other similar malware to pop up. 
The wait over: Phasebot malware, which also has fileless infection as part of its routine, is being sold online. 
Phasebot seems to be a direct successor of Solarbot. 
Its detection evasion tactics include rootkit capabilities, encryption of communications with its C&C server by using random passwords, virtual machine detection. 
**Link:** [  http://www.net-security.org/malware_news.php?id=3021  ] (  http://www.net-security.org/malware_news.php?id=3021  ) 

**“Buhtrap” Malware Targeting Russian Banks And Businesses** 
ESET has discovered a malware campaign targeting Russian banks and the accounting departments of Russian businesses, nicknamed Operation Buhtrap. Apparently, the malware has been active for more than a year, and 88 percent of the attacks have been in Russia and 10 percent in the Ukraine. 
Analysts at ESET uncovered CVE-2012-0158 late in 2014, which is a buffer overflow vulnerability in the ListView/TreeView Active X controls found in the MSCOMCTL.OCX library. The malicious code can be activated using a specially modified DOC or RTF file for MS Office 2003, 2007, or 2010, according to Security Affairs. 
**Link:** [  http://www.bsminfo.com/doc/buhtrap-malware-targeting-russian-banks-businesses-0001  ] (  http://www.bsminfo.com/doc/buhtrap-malware-targeting-russian-banks-businesses-0001  ) 

**Lieberman Software’s Security Double-Tap(TM) Defeats Golden Ticket Cyber Attacks** 
LOS ANGELES, CA—(Marketwired - April 21, 2015) - Lieberman Software Corporation today announced Security Double-Tap, a solution to block the destructive Golden Ticket cyber attack. This new feature is included in Enterprise Random Password Manager™ (ERPM)—the company’s privilege management platform—and is being exhibited for the first time at RSA Conference 2015 in San Francisco, CA.
Today’s enterprises are under assault from sophisticated cyber attacks like pass-the-hash (PTH) and pass-the-ticket (PTT). These advanced persistent threats—at the core of some of the most notorious recent data breaches—operate at nearly a 100% success rate.  While PTH is a more widely known threat, the related PTT attack is just as dangerous. PTT attacks target Kerberos, the default authentication protocol in Windows domains. 
ERPM now provides an automated double password reset specifically designed to combat the Golden Ticket attack. The two password resets—a Security Double-Tap—force rapid replication of the changed credentials throughout the domain, to block the use of compromised accounts. In conjunction with this process, ERPM can also force an automatic chained reboot of target system to clear memory of hashes and passwords, and prevent memory scraping. 
**Link:** [  http://www.reuters.com/article/2015/04/21/idUSnMKWDwJzFa+1ea+MKW20150421  ] (  http://www.reuters.com/article/2015/04/21/idUSnMKWDwJzFa+1ea+MKW20150421  ) 

**RSA supremo rips ‘failed’ security industry a new backdoor, warns of ‘super-mega hack’** 
RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year’s RSA computer security conference that they have failed. 
He said security bods should drop “legacy approaches” that have led to a false sense of security. Such approaches are akin to building “higher walls” and “deeper moats,” which will not help address the shortcomings in security. 
**Link:** [  http://www.theregister.co.uk/2015/04/21/rsa_boss_rips_failed_security_industry/  ] (  http://www.theregister.co.uk/2015/04/21/rsa_boss_rips_failed_security_industry/  ) 

Monday, April 20, 2015

Newsalert - 2015 Apr 20

INSIGHT: When it comes to threat detection and incident response, context matters
This new generation of security analytics tools will undoubtedly make analysts more efficient and accurate in their analysis, but it will also mean that the analyst is reaching conclusions faster, contributing to the operational outcomes of security rather than “after action reporting” on incidents they have detected.
Ultimately the organisations that are moving beyond SIEM systems and are striving to understanding the extent and impact of attacks through Security Analytics, rather than just the mere presence of those threats are leading the way.
Link: [ http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/ ] ( http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/ )

(ISC)² STUDY: WORKFORCE SHORTFALL DUE TO HIRING DIFFICULTIES DESPITE RISING SALARIES, INCREASED BUDGETS AND HIGH JOB SATISFACTION RATE
The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world. - See more at: http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html#sthash.ZiGva4cy.dpuf 45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals.
Link: [ http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html ] ( http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html )

Use of multiple contractors could leave oil, gas operators open to hackers Read more: http://triblive.com/news/editorspicks/8084464-74/gas-oil-energy#ixzz3XodTt7wG Follow us: @triblive on Twitter | triblive on Facebook
“The more third parties you work with, in general, they could then become a target to pivot into your network,” said Bob Marx, a cybersecurity and industrial automation consultant with Cimation, an energy consulting company from Houston, Texas, with offices in Pittsburgh.
60 percent of energy companies in an international survey this year by Oil & Gas IQ, an industry news site, said they do not have a cyber attack response plan.
Link: [ http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba ] ( http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba )

ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage
ISACA introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers.
Link: [ http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610 ] ( http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610 )

UN conference weighs efforts to combat cybercrime
Efforts to tame the fast-growing cybercrime threat took center stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape.
For the past two years, UNODC, under its programme for cybercrime, has been delivering technical assistance to law enforcement authorities, prosecutors, and the judiciary, in three regions of the world, in Eastern Africa, South-East Asia, and Central America.
Link: [ http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime ] ( http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime )

Predictive Replaces Reactive Security at RSA 2015
More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles.
The armored-car approach certainly remains an integral part of any security strategy, but the added dimension of anticipitory security using advanced data analytics to predict and deflect data breaches from the outside and inside is where it’s at now. This is what topmost on the minds of vendors, thought leaders and entrepreneurs. At least it should be, and if it isn’t, vendors not thinking about this are going to be left behind by the market.
Link: [ http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html ] ( http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html )

Banks the target for hackers not customers, Europol chief Rob Wainwright says
Banks, rather than their customers, are increasingly the main target of online thieves, the head of the European Union’s law enforcement agency says.
Link: [ http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722 ] ( http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722 )

Sunday, April 19, 2015

Newsalert - 2015 Apr 19

**INSIGHT: When it comes to threat detection and incident response, context matters** 
This new generation of security analytics tools will undoubtedly make analysts more efficient and accurate in their analysis, but it will also mean that the analyst is reaching conclusions faster, contributing to the operational outcomes of security rather than “after action reporting” on incidents they have detected. 
Ultimately the organisations that are moving beyond SIEM systems and are striving to understanding the extent and impact of attacks through Security Analytics, rather than just the mere presence of those threats are leading the way. 
**Link:** [  http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/  ] (  http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/  ) 

**(ISC)² STUDY: WORKFORCE SHORTFALL DUE TO HIRING DIFFICULTIES DESPITE RISING SALARIES, INCREASED BUDGETS AND HIGH JOB SATISFACTION RATE** 
The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world.  - See more at: http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html#sthash.ZiGva4cy.dpuf
45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals. 
**Link:** [  http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html  ] (  http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html  ) 

**Use of multiple contractors could leave oil, gas operators open to hackers   Read more: http://triblive.com/news/editorspicks/8084464-74/gas-oil-energy#ixzz3XodTt7wG  Follow us: @triblive on Twitter | triblive on Facebook** 
“The more third parties you work with, in general, they could then become a target to pivot into your network,” said Bob Marx, a cybersecurity and industrial automation consultant with Cimation, an energy consulting company from Houston, Texas, with offices in Pittsburgh. 
60 percent of energy companies in an international survey this year by Oil & Gas IQ, an industry news site, said they do not have a cyber attack response plan. 
**Link:** [  http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba  ] (  http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba  ) 

**ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage** 
ISACA introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. 
**Link:** [  http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610  ] (  http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610  ) 

**UN conference weighs efforts to combat cybercrime** 
Efforts to tame the fast-growing cybercrime threat took center stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape. 
For the past two years, UNODC, under its programme for cybercrime, has been delivering technical assistance to law enforcement authorities, prosecutors, and the judiciary, in three regions of the world, in Eastern Africa, South-East Asia, and Central America. 
**Link:** [  http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime  ] (  http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime  ) 

**Predictive Replaces Reactive Security at RSA 2015** 
More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles. 
The armored-car approach certainly remains an integral part of any security strategy, but the added dimension of anticipitory security using advanced data analytics to predict and deflect data breaches from the outside and inside is where it’s at now. This is what topmost on the minds of vendors, thought leaders and entrepreneurs. At least it should be, and if it isn’t, vendors not thinking about this are going to be left behind by the market. 
**Link:** [  http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html  ] (  http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html  ) 

**Banks the target for hackers not customers, Europol chief Rob Wainwright says** 
Banks, rather than their customers, are increasingly the main target of online thieves, the head of the European Union’s law enforcement agency says. 
**Link:** [  http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722  ] (  http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722  ) 

Tuesday, April 14, 2015

Newsalert - 2015 Apr 14

DNS Zone Transfer AXFR Requests May Leak Domain Information
A remote unauthenticated user may request a DNS zone transfer

from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.

Link: https://www.us-cert.gov/ncas/alerts/TA15-103A
 
Better Together: Network Operations & Infosec
For an enterprise, the key takeaway is its critical need to be able to detect activities on the network that can lead to a data breach. That capability is diminished by the fact that security operations and network operations typically work in silos. That means security vulnerabilities have to be handled twice

: first by the SOC, which has evidence of malicious activity but often no mechanism for actively stopping it, and then again by the NOC, which needs to wait for specific instructions from the SOC. Any time delay here creates advantages for an attacker.

Threats are getting increasingly harder to discover, and attackers are more brazen than ever. Getting network operations and information security teams together

in the same room for the first time will be a critical step for organizations that want to build a continuous information security improvement culture capable of defending against those threats.

Link: http://www.darkreading.com/attacks-breaches/better-together-network-operations-and-infosec-/a/d-id/1319898?ngAction=register
 
The critical 48 hours: how to mitigate the damage from a cyber-attack
The days of in-house security teams being capable of preparing and responding to incidents has long gone. Professionally qualified, experienced teams of staff are necessary

to respond to and prevent an incident from impacting the business. These people are few and far between and need continuous on-the-job and up-to-date experience and training. By using professional service providers brings greater value including cyber threat intelligence, up-to-the minute advice and guidance and impartial and high quality assessments. In-house is simply no longer an option.

Link: http://www.itproportal.com/2015/04/12/critical-48-hours-how-to-mitigate-damage-cyber-attack/
 
Dell Threat Report Finds POS, SSL, SCADA attacks on the Rise
The company released its 2015 Dell Security Annual Threat Report this week, which found that both businesses and individuals increasingly are falling victim to malicious attacks from several key areas, including POS malware variants and attacks from SSL/TLS encrypted protocols. Dell also found a 100 percent increase in attacks against industrial control systems

during this year’s analysis.

Dell also reported a surge in malware being encrypted through SSL and TSL traffic

, which usually are associated with secure HTTPS websites. With the number of websites using secure encryption rising by more than 100 percent last year, Dell discovered hackers have begun encrypting their malware to avoid detection from corporate firewalls.

Link: http://thevarguy.com/var-guy/041315/dell-threat-report-finds-pos-ssl-scada-attacks-rise
 
Files encrypted by CoinVault ransomware? New free tool may decrypt them

Victims of the CoinVault ransomware might be able to decrypt their files with a free tool released by Kaspersky Lab together with the Dutch police.

The tool can be found at https://noransom.kaspersky.com. The application uses decryption keys

found by the Dutch police as part of an investigation.

Link: http://www.cio.com/article/2909294/files-encrypted-by-coinvault-ransomware-new-free-tool-may-decrypt-them.html
 
Cyber security firm uncovers decade-long malware attack on ASEAN governments and businesses

Today FireEye, the California-based security software firm, issued a lengthy report alleging that a single entity has been carrying out malware attacks towards businesses and governments in India, the USA, and Southeast Asia.

FireEye claims that the entity, which it calls APT 30

, has been self-registering DNS domains with malware command and control since 2004. Its malware attacks appear to be targeted towards organizations with information generally relevant to state security and diplomatic agencies – in particular, the Communist Party of China. FireEye adds that APT 30 appears to have been working in a systematic, collaborative manner, using tools designed for longevity, which indicates the attacks constitute part of a long-term campaign.

Link: https://www.techinasia.com/cyber-security-firm-uncovers-decade-long-malware-attack-on-asean-governments-and-businesses/
 
New report: Cyber Security and Critical Infrastructure in the Americas
According to the General Secretariat of the Organization of American States (OAS) and the Trend Micro report, 44 percent of respondents were aware of different types of destructive attacks, while 40 percent said they had experienced attempts to shutdown cybernetic systems

. The report also presents specific cases related to cyber security in each OAS country and analysis of cyber attacks and their methodologies, while detailing the current cyber security measures and policies in place.

Link: http://continuitycentral.com/news07594.html

Subscribe to this list: http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a

Friday, April 10, 2015

Newsalert - 2015 Apr 10

iOS 8.3 fixes dozens of security vulnerabilities
Apple has issued more than three-dozen security fixes in its latest mobile operating system update, released Wednesday.
Link: http://www.zdnet.com/article/ios-8-3-fixes-dozens-of-security-issues/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f

Malware-as-a-Service enabling novice threat actors to attack
According to the Websense Security Labs 2015 Threat Report, MaaS (Malware-as-a-Service) is enabling even entry level threat actors to successfully create and launch data theft.
One of the oldest vectors of attack, email, is still a potent attack launcher in spite of the evolution of the web.
Link: http://www.cbronline.com/news/cybersecurity/data/malware-as-a-service-enabling-novice-threat-actors-to-attack-4549833

Proactive Security Strategies Dramatically Improve Security Effectiveness
A new study from Accenture and the Ponemon Institute confirms that companies that employ proactive security strategies realized a greater return on security investments than companies who depend on more traditional approaches to securing their networks,
“Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent,” the report found.
“Live threat intelligence is the key to surviving the new digital siege. But in order to be useful, threat intelligence needs to be as complete and relevant as possible. New offerings like the Norse Appliance 10g are becoming must-have tools for defending modern organizations on the Internet.”
Link: http://blog.norsecorp.com/2015/04/08/proactive-security-strategies-dramatically-improve-security-effectiveness/#prettyPhoto

Cybercrime fighting group takes down Beebone botnet
LONDON (AP) - A new group of international cybercrime fighters claimed one of its first kills Thursday, pulling the plug on malicious servers that hijacked at least 12,000 machines, most of them in the United States.
Beebone was modest by botnet standards, but Samani - the chief technology officer of Intel Security’s Europe, Middle East and Africa division - said it was state-of-the-art. Beebone relied on a pair of malicious programs that re-downloaded each other, an insurance policy should one of them be removed. Regular tweaks to the software’s code made it difficult for experts to blacklist the programs.
Link: http://www.vcstar.com/news/world/new-cybercrime-group-takes-down-beebone-botnet_70421421

Botnet activity inside organisations predicts likelihood of future data breach
Organisations showing evidence of botnets inside their networks are not only more likely to suffer a data breach, the level of botnet activity correlates directly to increased risk, security analytics firm BitSight has suggested after analysing incidents at more than 6,000 companies.
Breaking this down by sector showed that education was the poorest performer, perhaps not a surprise. This sector had the smallest number of grade A networks (the best) and the highest number of grade F networks (the worst).
Utilities was the next worst performer, ahead of data breach hotspot healthcare, retail, in that order. Finance was the best performing sector, differences BitSight has commented on before.
Link: http://www.techworld.com/news/security/botnet-activity-inside-organisations-predicts-likelihood-of-future-data-breach-3607112/

Wall Street Needs Better Safeguards Against Hackers, Says Regulator
Financial regulators are raising concerns about weaknesses in the networks of outside vendors that serve Wall Street’s biggest banks, security lapses that might allow hackers to gain access to sensitive financial data.
In a survey of 40 banks, New York state’s top bank cop, Benjamin Lawsky, found that fewer than half regularly inspected the security systems of their outisde vendors. About two-thirds of the firms surveyed had no policy in place requiring partners to give notice when their networks have been compromised, the New York Times reports.
Link: http://www.ibtimes.com/wall-street-needs-better-safeguards-against-hackers-says-regulator-1875823

Infosecurity Europe 2015: Escalating Cyber-Threats Driving Business Response Strategies – Report
The results of Infosecurity Europe’s 2015 survey are now in – and the research indicates that the key driver of businesses’ security and response strategies is the escalating number of high-profile, headline-grabbing threats and breaches.
According to 67% of respondents, well-publicized incidents such as Target, Sony and JP Morgan, along with vulnerabilities like Heartbleed and Shellshock, are having a positive impact on businesses’ understanding of potential threats.
A corresponding number (62%) reported that reputational damage was the worst possible outcome their organizations could face in the wake of an incident. It would appear that industry horror stories from 2014 and early 2015 are resonating.
In addition, 44% of professionals surveyed believe that the key driver of security strategy and investment in their organization is the complex and evolving threat landscape.
Link: http://www.infosecurity-magazine.com/news/infosecurity-europe-escalating/

Thursday, April 09, 2015

Newsalert - 2015 Apr 8

Cyber War Games: Top 3 Lessons Learned About Incident Response
Deloitte leads client organizations in war game exercises like these to “stress test” their incident response plans, and identify the strengths and weaknesses of their communications, protocols, and cyber disaster preparedness.
• Designate a Crisis Officer
• Be Skeptical About The Information You’re Receiving
• Resist Finger Pointing In Any Direction
Don’t forget about your employees. While the media, the regulators, and the customers are usually top of mind, many companies tend to forget about how they need to communicate about a security incident to their own employees. In the simulation, the chief operating officer was the one who brought it up first.
Link: http://www.darkreading.com/risk/cyber-war-games-top-3-lessons-learned-about-incident-response/d/d-id/1319813

WHAT ARE NATION STATE INFORMATION SECURITY ATTACKS REALLY TELLING US?
It is rarely considered that for most nation-state sponsored attackers, targeting foreign companies is a day job: it is more economically feasible to steal $500,000 of research rather than spending $2,000,000 and two years to conduct the research themselves.
Malware is one for the easiest ways in for attackers. The game is stacked in their favour for several reasons..
There needs to be a fundamental transformation from seeing attacks as unusual events brought about by people out to do us direct harm, where our emotions and reflex actions overtake reasoned and rational thinking, to one where these attacks are viewed as a part and parcel of doing business.
Link: http://continuitycentral.com/feature1302.html

iSIGHT Partners Acquires Critical Intelligence
iSIGHT Partners, Inc., the leading provider of cyber threat intelligence for global enterprises, today announced the acquisition of Idaho-based Critical Intelligence, the leader in cyber situational awareness and threat intelligence for Industrial Control Systems (ICS) owners and operators. Under the terms of the agreement, iSIGHT Partners has acquired 100% of Critical Intelligence, a 6-year-old company and pioneer in identifying vulnerabilities and threats to critical infrastructure systems, including supervisory control and data acquisition (SCADA) and other process control systems (PCS).
The move comes on the heels of iSIGHT Partners’ announcement of a $30m investment by Bessemer Ventures Partners and the company’s expansion of operations in the EMEA region. iSIGHT experienced significant growth in 2014 and finished the year with record revenues and strong client acquisition across numerous vertical and geographic segments, including energy, oil and gas and manufacturing. Growth continues to accelerate and iSIGHT Partners experienced over 100% year-over-year bookings growth in the first quarter of 2015.
Link: http://www.power-eng.com/marketwired/2015/04/7/isight-partners-acquires-critical-intelligence.html

Malicious, large-scale Google ad campaign slams users with malware
A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users’ computers.
Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.
Link: http://www.pcworld.com/article/2907492/largescale-google-malvertising-campaign-hits-users-with-exploits.html

Two NTP Key Authentication Vulnerabilities Patched
The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday issued an advisory warning of the two vulnerabilities, which were patched in ntp-4.2 8p2.
Link: https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067

Microsoft closes acquisition of R software and services provider
Microsoft acquires Revolution Analytics, a commercial provider of services for the open source R programming language for statistical computing and predictive analytics.
“Revolution has made R enterprise-ready with speed and scalability for the largest data warehouses and Hadoop systems,” he adds.
Link: http://www.cio.com/article/2906456/data-analytics/microsoft-closes-acquisition-of-r-software-and-services-provider.html?phint=newt%3Dcio_insider&phint=idg_eid%3De87b17913ba9d312d52f2efa84a73904#tk.CIONLE_nlt_insider_2015-04-08

HP warns cybersecurity customers to focus on people and processes
To protect themselves against cyberattacks, organizations should focus more on training their employees and improving their internal processes instead of buying new technology, according to one tech vendor.
Yet, businesses and government agencies often focus on the next “silver bullet” product, unaware that most cybersecurity problems stem from flawed procedures and human error, said Art Gilliland, senior vice president and general manager for Hewlett-Packard’s software enterprise security products.
Link: http://www.computerworld.com/article/2907058/hp-warns-cybersecurity-customers-to-focus-on-people-and-processes.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_dailyam_2015-04-08&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4

Malware writers take a page from the spam industry to evade detection
While the volume of cyberthreats declined slightly last year, their sophistication increased, according to a new report from Websense Security Labs. One indicator that attackers are reusing pre-existing tools and infrastructure was in the form of botnet usage.
According to Websense, the average price of an exploit kit is now between $800 and $1,500 a month, and the number of these kits tripled last year, keeping prices low.
The total number of C&Cs has doubled last year, from 1.1 billion to 2.2 billion, he added.
Link: http://www.csoonline.com/article/2907124/cyber-attacks-espionage/malware-writers-take-a-page-from-the-spam-industry-to-evade-detection.html

AlienSpy A More Sophisticated Version Of The Same Old RATs
… AlienSpy is distributed via phishing emails with subject headers that are designed to fool recipients into opening them. Many of the emails purport to contain information related to financial transactions of some sort. Systems that are infected could end up having additional botnet and data-stealing malware loaded on them.
Fidelis researchers have observed AlienSpy being sold in the cyber underground via a subscription model, with prices starting at $9.90 for 15-day use to $219.90 for an annual subscription. The subscription provides users with access to the malware’s complete range of capabilities, including some newer techniques like sandbox detection, antivirus tool disablement, and Transport Layer Security (TLS) encryption-protected command-and-control capabilities.
AlienSpy is currently detected by only a limited set of antivirus products and incorporates features like multi-platform support. Fidelis described the capabilities of the malware tool as far beyond what used to typically be available with previous generation remote access malware tools.
Link: http://www.darkreading.com/attacks-breaches/alienspy-a-more-sophisticated-version-of-the-same-old-rats/d/d-id/1319842

FSS [Korea] dedicates itself to fighting ‘five financial evils’
The Financial Supervisory Service (FSS) is branding voice phishing, insurance fraud, illegal loan sharks, illegal bond collections and overly aggressive sales of products by financial institutions as “five financial evils” that it will endeavor to fight.
The financial watchdog announced a special task force led by Senior Deputy Governor Seo Tae-jong on Wednesday to combat those financial crimes, which are getting more clever and complex and therefore pose more of a risk than in the past.
Link: http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=3002878

Tuesday, April 07, 2015

Newsalert - 2015 Apr 7

Cisco Launches New Advanced Malware Protection Capabilities and Incident Response Services, Giving Customers Powerful Tools for Faster Time to Detection and Resolution
SAN JOSE, CA, Apr 07, 2015 (Marketwired via COMTEX)—Cisco CSCO, -0.32% today unveiled a host of new capabilities and services that give security professionals extensive intelligence and analysis on potential compromises and solutions to protect against, respond to and recover from attacks.
Link: http://www.marketwatch.com/story/cisco-launches-new-advanced-malware-protection-capabilities-and-incident-response-services-giving-customers-powerful-tools-for-faster-time-to-detection-and-resolution-2015-04-07?reflink=MW_news_stmp

Heartbleed still a risk for most large UK firms, study shows
More than two-thirds of Forbes Global 2000 companies in the UK remain vulnerable to attacks that exploit incomplete remediation of the Heartbleed vulnerability in OpenSSL, a study shows.
Link: http://www.computerweekly.com/news/4500243837/Heartbleed-still-a-risk-for-most-large-UK-firms-study-shows?asrc=EM_EDA_41521413&utm_medium=EM&utm_source=EDA&utm_campaign=20150407_Heartbleed%20still%20a%20risk%20for%20most%20large%20UK%20firms,%20study%20shows_

NIST calls for final comments on draft covering sensitive information protection
NIST composed the draft with the National Archives and Records Administration (NARA) in accordance with Executive Order 13556, which established the CUI program and designated NARA as the main entity to implement it, a NISA press release states. The deadline to comment is May 12, after which NIST will review the thoughts and put together its final document with an anticipated June release.
Link: http://www.scmagazine.com/nist-and-nara-collaborate-to-release-final-draft/article/407586/

A new experiment tracks credit card data as it travels through the criminal web
Earlier this year, security firm BitGlass decided to test the underground marketplace with a little experiment. The company created an Excel file with 1,568 fake profiles, complete with names, phone numbers, addresses, social security numbers, and credit card numbers. Along with the phony data, the file had a hidden watermark that would report back to BitGlass every time the file was opened, operating like a homing beacon. Then the company dropped the file onto a public Dropbox account and posted it to a few cybercrime forums and waited for the beacon to phone home.
Link: http://www.theverge.com/2015/4/7/8356953/dark-web-data-breach-credit-card-tracking

A guide to monetizing risks for security spending decisions
You have a finite amount of cash to spend on people and technologies to keep your business’ risk to an acceptable level, so you have to make your decisions wisely. As Curt Dalton points out in this step-by-step guide, monetizing key risks helps you convey impact in a more meaningful way
• Measure the impact
• Monetize your key risks
• Risk decision making
By monetizing key risks, you will be able to convey impact in a more meaningful way. By providing consistent and methodical risk guidance, executives will be able to more effectively collaborate with you to improve alignment between business objectives and security.
Link: http://www.csoonline.com/article/2903740/metrics-budgets/a-guide-to-monetizing-risks-for-security-spending-decisions.html

Firefox issues brand new update to fix HTTPS security hole in new update
Mozilla recently published its scheduled release of Firefox 37.0.
Firefox 37.0 introduced support for HTTP/2, the not-quite-finalised-yet update to the venerable HTTP protocol.
Link: http://news360.com/digestarticle/5zHJpMCjAUC_9dY_guR-rg

Black Duck Software Announces Industry’s Most Comprehensive Security Solution to Identify and Remediate Vulnerabilities
BURLINGTON, Mass.—(BUSINESS WIRE)—Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the industry’s most comprehensive open source security solution that helps security and development teams find and remediate open source vulnerabilities, the Black Duck Hub. The Black Duck Hub helps customers identify open source used within their code, identify known security vulnerabilities, and triage, schedule, and track remediation.
On average, more than 30 percent of software deployed in most enterprises is open source software (OSS); however, few organizations have visibility into what open source is used and where. With more than 4,000 new open source vulnerabilities reported each year, understanding what open source is used within an organization is critical. Thousands of unknown open source vulnerabilities go unnoticed within a typical enterprise. The Black Duck Hub identifies open source usage, maps known open source vulnerabilities, and tracks remediation efforts. The Black Duck Hub leverages Black Duck’s KnowledgeBase of license and vulnerability data, the most comprehensive source of language coverage in the industry.
Link: http://www.businesswire.com/news/home/20150407005252/en/Black-Duck-Software-Announces-Industry%E2%80%99s-Comprehensive-Security#.VSSAWRPF-OU

New RSA Breach Readiness Survey Finds Majority Not Prepared
SBIC serves as Best Practices Benchmark while 57% of industry at large never update or review Incident Response plans
Content Intelligence in the survey measured awareness gained from tools, technology and processes in place to identify and monitor critical assets. While all SBIC members have a capability to gather data and provide centralized alerting, 55% of the general survey population lacks this capability rendering them blind to many threats. Identifying false positives still proves a difficult task.  Only 50% of the general respondents have a formal plan in place for identifying false positives while over 90% of SBIC members have automated cyber-security technologies and a process to update information to reduce the chances of future incidents.
Link: http://www.reuters.com/article/2015/04/07/rsa-globalreachresult-idUSnPnTxWN4+56+PRN20150407

XL Launches Security Insight Platform to Identify Global Business Risks
XL Group’s kidnap & ransom underwriting team has announced the launch of its new Global Security Insight (GSI) platform.
Created and frequently updated by Salamanca Group, the merchant banking and operational risk management business, the global platform provides XL Group’s clients with detailed information about security risks in over 200 territories. Access is included as part of XL Group’s pre-incident response service and provides clients and their staff with vital information for those traveling or conducting business throughout the world.
Link: http://www.insurancejournal.com/news/international/2015/04/07/363481.htm

Newsalert - 2015 Apr 06

Wyoming broadens definition of personal information in amended data breach notification law
The amendment expands the definition of personal information to now include an individual’s first name or first initial and last name in combination with any of the following: (1) Social Security number, (2) driver’s license number, (3) account number, credit card number or debit card number in combination with any security code, access code or password that would allow access to a financial account of the person, (4) tribal identification card, (5) federal or state government issued identification card, (6) shared (login) secrets or security tokens known to be used for data based authentication purposes, (7) a username or email address when combined with a password or security question and answer that would permit access to an online account, (8) a birth or marriage certificate, (9) medical information, meaning a person’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, (10) health insurance information, meaning a person’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the person or information related to a person’s application and claim’s history, (11) unique biometric data, or (12) an individual taxpayer identification number.
Link: http://www.lexology.com/library/detail.aspx?g=5a82bdde-187f-458d-907f-7bb8e010b149

How to Build a Successful IT Security Awareness Program
The first step towards creating a successful security awareness program is to recognize that this is not a project with a defined timeline and an expected completion date, but is instead a development of organizational culture.
Similarly, the measurements of success are not just found in reduced counts of accidents or exposures but in the base line attitudes and practices of employees as they perform their business functions.
Link: http://www.tripwire.com/state-of-security/security-awareness/how-to-build-a-successful-it-security-awareness-program/?utm_source=Threat+Brief&utm_campaign=b08684f8ae-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-b08684f8ae-388769721

Should security providers be held liable for data breaches?
Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to “secure”. The recent number of hacking incidents everywhere have made this a widespread issue and security professionals worldwide have voiced their opinions.
A managed security service provider (MSSP), where an information security company such as Paladion is managing the security posture of the enterprise, is involved in maintaining the security products of the organization or uses their own to protect the organization. An MSSP can be held liable if there is a breach if it was an oversight or error by their security analysts that caused the breach. Liability would depend on the service contract that was drawn between the company and the service provider. An outcome based contract will have SLAs and liabilities that commensurate to the value, but a normal manpower based contract will not have this.Paladion provides outcome based information security services and has such contracts with several companies where penalties are defined in case of breaches.” added Rajat
Link: http://www.dnaindia.com/scitech/report-should-security-providers-be-held-liable-for-data-breaches-2075017

8 Steps to Stronger Information Risk Management
Your compliance and security teams may be approaching you, as the CFO, to be their advocate in obtaining the funds needed to set up or strengthen your information security or compliance programs.  CFOs have historically been risk-averse by nature, focusing on protection of the business and the bottom line. But in the world we are now facing, CFOs will be expected to bring innovative ideas to the table to help their companies remain competitive.
As CFO, you know the risk appetite of the C-suite and the limitations of the budgets. Make sure the investments being recommended are in line with your organization’s strategy and operational needs. It’s important to either establish or strengthen an internal risk management governance council to guide decision-making.
Link: http://ww2.cfo.com/data-security/2015/04/8-steps-stronger-information-risk-management/

Principles of Malware Sinkholing
With malware dependency on domain name systems (DNS) and the use of domain generation algorithms (DGAs) on the rise, we’ve also seen an increase in the use of sinkholing as a defense and intelligence-gathering technique.
Although sinkholing is simple to execute, complex risks can be involved. First, some obvious legal issues may crop up with external sinkholing; for example, victim machines are now contacting a server you control. If, for instance, you use external sinkholing to control victim machines that do not belong to your organization—even if it’s for benefit—it’s a criminal act in most jurisdictions. This holds true even if there is a “self-destruct” feature in the malware that will uninstall itself when given the command to do so.
Ultimately, sinkholing is an important tool to have in your arsenal when dealing with emerging threats.
Link: http://www.darkreading.com/partner-perspectives/general-dynamics-fidelis/principles-of-malware-sinkholing/a/d-id/1319769

Brazil top for Android smartphones infected by malware
Brazil was last year among the countries most affected by malicious apps and spies for Android, according to a report released by Google, reports Teletime. In the ranking of infections by Potentially Hazardous Applications (PHA), looking at sites outside of Google Play and including unlocked devices (with root), Japan had the lowest rate of all in 2014, with 0.0702 percent. The global average was 0.7891 percent, and Brazil ranked above with 0.9996 percent. Brazil was only ahead of India, the UAE and Russia, which had highest percentage at 3.8548 percent. When it comes to spyware, the global average was 0.2035 percent and Brazil was again above this figure, placing penultimate with 0.4218 percent. Again, the lowest annual average was Japan, with 0.0141 percent.
Link: http://www.telecompaper.com/news/brazil-top-for-android-smartphones-infected-by-malware—1075037

Thursday, April 02, 2015

Newsalert - 2015 April 02

Wake up! What are you doing to battle breach fatigue?
On the surface, there is a silver lining to the fatigue phenomenon: Since the public has been hammered with nonstop news about breaches, it isn’t necessarily perceived to be as severe. This can translate to a quicker recovery for a business whose reputation takes a breach-related hit.
Ultimately, however, this silver lining acts as a false sense of security. A cyber threat that isn’t considered severe is unlikely to be treated as a priority issue.
Apply the three Es:
• Enforce
• Educate
• Evaluate
Link: http://www.scmagazine.com/wake-up-what-are-you-doing-to-battle-breach-fatigue/article/404946/

Admin rights to blame for 97 percent of critical Microsoft flaws - Report
The figures are from the 2014 Microsoft Vulnerabilities Report by UK-based security firm Avecto, in which the company pulled data from every patch issued by Microsoft in 2014—240 in total.
In 2013, the same report found that 92 percent of 147 total vulnerabilities with a critical rating could have been prevented via the same admin rights removal—indicating a 63 percent year-over-year increase in the total number of critical vulnerabilities.
Link: http://www.zdnet.com/article/admin-rights-to-blame-for-97-percent-of-critical-microsoft-flaws-report/?utm_source=Threat+Brief&utm_campaign=5a80b96ab6-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-5a80b96ab6-388769721

Orgs need to share info, crave more board oversight, study says
The “Third Annual Information Security Survey,” conducted by Blue Lava Consulting and sponsored by vArmour, found that while 36 percent of respondents share information with industry groups, while 50 percent of respondents don’t share any information.
The study also found that legacy security systems that guard the perimeter have lost their luster with the majority (75 percent) of information security professionals surveyed who are stepping away from traditional security approaches, and now will likely allocate their budget dollars on new vendors for “agile security solutions” to protect their data centers.
Link: http://www.scmagazine.com/survey-finds-that-11-of-security-pros-report-to-board-of-directors/article/406878/?utm_source=Threat+Brief&utm_campaign=5a80b96ab6-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-5a80b96ab6-388769721

Meet the Top 50 Most Popular Voices in U.S. Hospital Security
SCOTTSDALE, AZ—(Marketwired - Apr 1, 2015) - Guardian 8 Corporation, a wholly-owned subsidiary of Guardian 8 Holdings (OTCQB: GRDH) and the developer and manufacturer of an enhanced non-lethal device called the Pro V2, today announced the results of a research project identifying the 50 most popular voices in U.S. hospital security. The voices belong to a broad range of security pros—from board certified protection professionals and security directors to security consultants, online community leaders, and officers past and present. Collectively, they drive, join or facilitate discussions about how to mitigate risk and de-escalate violence in hospitals.
Link: http://www.reuters.com/article/2015/04/01/idUSnMKWlmflxa+1c0+MKW20150401

Application of Threat Indicators: A Temporal View
To put some definitions in place, I refer to the application of indicators (IP addresses, URLs, domains, MD5 hashes) to future activity as the prospective application of threat indicators. Correspondingly, the application of indicators to historical data such as log management and SIEMs is known as the retrospective application of threat indicators. Both of these techniques have value but occasionally in strikingly different ways, and this distinction is worthy of examination.
As you venture into the world of threat intelligence and indicator sharing, you’ll want to consider optimizations. This is true across the spectrum, whether you happen to be a producer, distributor, or consumer of threat intelligence, or even the provider of the technology that enables the operationalization of data. Enterprises should be evaluating their providers with these objectives in mind—for example, demanding the ability to apply rich indicators to historical events.
Link: http://www.darkreading.com/partner-perspectives/general-dynamics-fidelis/application-of-threat-indicators-a-temporal-view/a/d-id/1319724

CIO - Why you should be spending more on security
Many CIOs endanger their companies simply by not spending enough on security.
That may seem odd to posit, given that a recent Pricewaterhouse Coopers survey found that businesses now spend a higher percentage of their IT budgets on security than ever before. According to the survey, large organizations spend an average of 11 percent of their IT budgets on security while small businesses spend nearly 15 percent.
The good news is that there is new security technology on the horizon, and some of it looks like it will be a worthwhile investment. “Cutting-edge technologies show genuine promise and are already being used by enlightened companies,” Chuvakin says. “Analytics may give a huge boost to defenders, as well as machine learning and threat intelligence. It’s too early to say ‘buy this and you’ll win, but there is definitely light at the end of the tunnel.”
Link: http://www.cio.com/article/2904364/security0/why-you-should-be-spending-more-on-security.html

Three ways a CSO can stop being the bad guy
Are you the Dr. No of your company, always with security-related reasons for stopping or slowing down projects?
But some security executives are redefining their roles to become people who say “yes,” and restructuring their departments around becoming enablers of business.
Meyer urged very CSO and CISO to begin building working relationships with other business leaders in their company, and to stay positive.
Link: http://www.csoonline.com/article/2904027/security-leadership/three-ways-a-cso-can-stop-being-the-bad-guy.html?phint=newt%3Dcso_update&phint=idg_eid%3D3ed717ef9867f793024f9cb8f4bb3860#tk.CSONLE_nlt_update_2015-04-02&siteid=&phint=tpcs%3D&phint=idg_eid%3D3ed717ef9867f793024f9cb8f4bb3860

Do Threat Exchanges Work?
The big question is, do these threat exchanges work? Sharing information about threats is one thing, but does this sharing result in reducing your security risk by preventing your organization falling victim to viruses and other malware infections or more concerted attacks by hackers?
Question of Trust
Does Size Matter?
It’s impossible to know in advance which exchange offers the right combination of these traits to be helpful for your organization. All that can be said is that you’ll recognize it if and when the threat information you receive starts to help you ward off viruses, malware and hacker attacks.
Link: http://www.esecurityplanet.com/network-security/do-threat-exchanges-work.html

Reduce Breach Liability [Infographic]
Customer identity data is a highly valuable asset not only to you as a business, but also to criminals intent on exploiting the data for personal gain. Thieves can make an estimated $50 million from just one data breach, and brands have lost as much as $125 million in breach associated costs*.
While most of us are aware of the dangers, it can be difficult to know what to do to prevent a data breach. However, there are questions that you can ask to understand your areas of vulnerability and ward off an insider security breach later..
Link: http://www.business2community.com/infographics/infographic-reduce-breach-liability-01195068

Google bans Chinese websites, cites security breach
BEIJING, April 2 (UPI)—Google’s tense relationship with Chinese authorities took another turn when the search engine announced its web browser and other applications will not recognize security certificates from the China Internet Network Information Center, or CNNIC.
Google announced the move in a blog post on March 23, saying the CNNIC had farmed out its certification authority to Egypt-based MCS Holdings, an organization Google described as “not fit to hold (authority).”
Link: http://www.upi.com/Top_News/World-News/2015/04/02/Google-bans-Chinese-websites-cites-security-breach/6011427986032/

Google’s Android security scans over 200 million devices a day
Google’s data suggests that the percentage of Android phones that didn’t have any PHAs stood at around 99.5 percent at its lowest in October 2014, although this figure excludes anyone that rooted the phone and, er, freed up the security system built into the mobile OS. Notably, this figure is from before both Android 4.4 and its successor. The company counts that it’s got one billion devices protected by its Android security services: its Verify Apps service now scans over 200 million devices a day in the background, aimed at improving device security. Google is quick to add that none of your pics, location data or personal information is accessed. Phew.
Link: http://www.engadget.com/2015/04/02/google-security-android-2014/

iOS Security Reports Say No iPhone Is Safe
According to the GFI report, Apple took the top vulnerability spots, with its Mac OSX at No. 1 with 147 vulnerabilities, followed by Apple iOS with 127 vulnerabilities. The Linux kernel was a close third, followed very distantly by Ubuntu and Windows. Android, meanwhile, had only six reported vulnerabilities for 2014 (although GFI took care to note that this number did not include certain Linux vulnerabilities that also apply to Android).
Link: http://www.informationweek.com/ios-security-reports-say-no-iphone-is-safe/a/d-id/1319750

Wednesday, April 01, 2015

Newsalert - 2015 April 01

Why Data Breaches Don’t Hurt Stock Prices
[The] mismatch between the stock price and the medium and long-term impact on companies’ profitability should be addressed through better data. Shareholders still don’t have good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value. In most cases, at the time a security breach is disclosed, it is almost impossible for shareholders to assess its full implications. Shareholders should look beyond short-term effects and examine the impact on other factors, such as overall security plans, profitability, cash flow, cost of capital, legal fees associated with the breach, and potential changes in management.
Now that major security breaches have become an inevitability in doing business, companies should put strong data security systems in place, just as they protect against other types of business and operational risks. However, companies whose assets are primarily non-digital have less incentive to invest in prevention if they know their stock price will survive — and that takes a toll on the overall economy and consumer privacy.
Link: https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices

Updated – Security Alert: Vawtrak aka Neverquest Trojan Targeting Canadian Banks
Our malware analysts have detected an ongoing malware campaign, where Vawtrak (or Neverquest), a classic Trojan-banker targets credentials from banks in Canada to steal financial information.
This high versatility offers Vawtrak the ability to collect credentials and sensitive information from FTP servers, email clients and finally from all spheres of the online.
Number and location of victims: the size of the BOTnet depends on the campaign, but we have already identified approximately 15.000 BOTs in the Canadian targeted attack, and 90% of these are located in Canada based on geoIP.
Link: https://heimdalsecurity.com/blog/vawtrak-financial-malware/

Targeted controls key to effective information security, says Protiviti
The firm’s managing director and global lead of the IT governance and risk management practice, Jonathan Wyatt, said too often businesses focus only on keeping intruders out.
The first thing businesses need to accept is that it is impossible to protect everything to the highest level all the time, he said, but also that they do have valuable data and that keeping it safe is achievable. Businesses must take control of their IT landscape
Link: http://www.computerweekly.com/news/4500243458/Targeted-controls-key-to-effective-information-security-says-Protiviti?asrc=EM_ERU_41330668&utm_medium=EM&utm_source=ERU&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&src=5375580

Social engineering techniques are becoming harder to stop, experts say
As social engineering techniques get more sophisticated and attacks appear more like authentic messages, experts say that training methods need to evolve as well. Baker said that the trick to educating employees has always been to make people suspicious of these requests, but that is getting more difficult because it often isn’t enough to simply have users keep an eye out for improper use of language or odd typos.
As more data moves online, social engineering techniques are becoming increasingly advanced and traditional training methods may not be enough to keep enterprises safe.
Link: http://searchsecurity.techtarget.com/news/4500243233/Social-engineering-techniques-are-becoming-harder-to-stop-experts-say?utm_medium=EM&asrc=EM_ERU_41331086&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&utm_source=ERU&src=5375580

Corporate Security Checklist – a CEO’s Guide to Cyber Security
You may not know the figures yet, but data breaches are currently among the most common and most costly security problems for organizations of all sizes. The 2014 Cyber Security Intelligence Index by IBM shows that companies are attacked around 16,856 times a year, and data breaches are one of the preeminent causes for these attacks.
Ensuring your company’s cyber security is a complex job and you need a trustworthy CTO or CIO to keep things up to date and working well. As a manager or CEO, you couldn’t possibly have the time to dedicate to understanding or coordinating all of this by yourself.
What we’re trying to help you is understand why cyber security is a necessity and a fundamental factor that influences your company’s stability and success.
Link: https://heimdalsecurity.com/blog/corporate-security-checklist-a-ceos-guide-to-cyber-security/

Sinkholing Volatile Cedar DGA Infrastructure
There is currently some buzz about the Volatile Cedar APT activity in the Middle East, a group that deploys not only custom built RATs, but USB propagation components, as reported by Check Point [pdf]. If you are interested in learning more about this APT, we recommend checking their paper first.
One interesting feature of the backdoors used by this group is their ability to first connect to a set of static updater command and control (C2) servers, which then redirect to other C2. When they cannot connect to their hardcoded static C2, they fall back to a DGA algorithm, and cycle through other domains to connect with.
Link: https://securelist.com/blog/research/69421/sinkholing-volatile-cedar-dga-infrastructure/

PCI DSS 3.1 set for April 2015 release, will cover SSL vulnerabilities
The governing body behind the Payment Card Industry Data Security Standard has confirmed that the next version of the mandate will be released in just a few weeks, which could spark a scramble by merchants trying to implement the surprise update.
According to the SSC, the changes in PCI 3.1 will affect all requirements that reference SSL as an example of what it calls “strong cryptography,” which in its glossary of terms is defined as “cryptography based on industry-tested and accepted algorithms, along with strong key lengths (minimum 112-bits of effective key strength) and proper key-management practices.”
Link: http://searchsecurity.techtarget.com/news/4500243398/PCI-DSS-31-set-for-April-2015-release-will-cover-SSL-vulnerabilities?utm_medium=EM&asrc=EM_NLN_41362368&utm_campaign=20150401_Fire%20drill:%20Surprise%20PCI%20DSS%20update%20may%20be%20days%20away_mtamarov&utm_source=NLN&track=NL-1820&ad=899837

Cisco buys virtual appliance software vendor
Cisco (CSCO -1%) is buying Embrane, a provider of virtual (software-based) firewall and load balancer appliances, and (perhaps more importantly for Cisco) a software platform for deploying and managing virtual appliances (whether Embrane’s or a third party’s). Terms are undisclosed.
Embrane’s team is joining Cisco’s Insieme SDN/switching unit; the networking giant argues Embrane’s offerings will strengthen the feature set of its Nexus data center switch line and ACI SDN/networking virtualization platform (seeing healthy growth, in pitched battle with VMware’s NSX).
Link: http://seekingalpha.com/news/2405416-cisco-buys-virtual-appliance-software-vendor?auth_param=137vrm:1aho75g:69ceee3ad86c2affa033f48c8b0df37e&uprof=45

Anonymous proxies used to carry out shotgun DDoS attacks
… new research from website security company Incapsula has uncovered a darker side to the use of anonymizers as a source of DDoS attacks.
According to the findings DDoS attacks from anonymous proxies accounted for 20 percent of all application layer attacks. On average, perpetrators were directing traffic from 1,800 different IPs. This is what Incapsula calls a “Shotgun” attack.
Link: http://betanews.com/2015/03/31/anonymous-proxies-used-to-carry-out-shotgun-ddos-attacks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN

Google kills 200 ad-injecting Chrome extensions, says many are malware
More than a third of Chrome extensions that inject ads were recently classified as malware in a study that Google researchers carried out with colleagues from the University of California at Berkeley. The Researchers uncovered 192 deceptive Chrome extensions that affected 14 million users. Google officials have since killed those extensions and incorporated new techniques to catch any new or updated extensions that carry out similar abuses.
Link: http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-chrome-extensions-says-many-are-malware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

F5 opens new Security Operations Center in Seattle to help companies defeat ...
GeekWire
F5 Networks marked the opening of a new Security Operations Center at its Seattle headquarters this afternoon — complete with one of its engineers in a black hoodie playing the role of a hacker launching a mock online attack, to show how the company’s ...
Link: http://www.geekwire.com/2015/f5-opens-new-security-operations-center-in-seattle-to-help-companies-defeat-online-attacks/