Cyber Security Institute

Friday, April 24, 2015

Newsalert - 2015 Apr 23

Threat intelligence programs maturing despite staffing, tech obstacles
During a Tuesday session at RSA Conference 2015, entitled “Threat Intelligence is Like Three-Day Potty Training,” Forrester Principal Analyst Rick Holland used the analogy to highlight how threat intelligence is increasingly becoming a requirement for enterprises, but building a program and advancing it to the point where it supports an organization’s strategic objectives often takes much longer than anticipated.
Citing data from Forrester’s 2014 global security survey, Holland said that for the past two years more than three-quarters of North American enterprises said establishing or improving threat intelligence was a priority in the next 12 months.
Link: [ ] ( )

IDC Analysts Identify IT Security Trends at RSA
in the world of cyber-fraud (or “consumer cyber security”), intelligence has not significantly advanced in recent years. While in the world of enterprise security, advanced threat intelligence identifies IOCs, TTPs, and causes pain to the threat actor, in the world of fraud, intelligence has remained superficial – here’s a compromised credit card number, or here’s a ZeuS hash. No depth or insight. In the world of fraud, we receive disconnected data points for the most part.
Link: [ ] ( )

IRC Botnets alive, effective & evolving
In this era of sophisticated Botnets with multiple C&C communication channels, custom protocols, and encrypted communication; we continue to see a steady number of new IRC based Botnet payloads being pushed out in the wild on a regular basis. As we saw in our analysis, IRC based Botnet families continue to evolve in terms of sophisticated features incorporated in the bots.
Link: [ ] ( )

5 Overlooked IT Risk Management Issues That Can Bite You In The Budget
The cold, stark reality of IT budgeting is that there are plenty of IT risk management issues that can easily be overlooked … and end up biting you in the budget. Here are five to put on the agenda for your next IT staff meeting so that you don’t find yourself footing an unexpected (and nasty) bill later in the fiscal year.
Link: [ ] ( )

New F-Secure Report Warns of Growth in Extortion Malware
New research from cyber security firm F-Secure points to an increase in the amount of malware designed to extort money from unsuspecting mobile phone and PC users. New F-Secure Report Warns of Growth in Extortion Malware According to the new Threat Report, malware such as premium SMS message sending trojans and ransomware continue to spread, making them a notable presence in today’s digital threat landscape.
Link: [ ] ( )

Conficker remains top of the threats as existing malware for Windows dominates
Android is still the main target for mobile malware, with 61 new families discovered compared to only three for iOS. The fastest growth has been in malware that sends premium SMS messages. Ransomware is still growing too, the Koler and Slocker trojans being the largest ransomware families on Android.
Looked at geographically, most threats reported by F-Secure users in the second half of 2014 originated from Europe and Asia, but in the last six months the company saw more activity reported in South America.
Link: [ ] ( )

Mobile malware infections may be overhyped
Mobile users in the US are 1.3 times more likely to be struck by lightning than malware, new research has found.
Atlanta-based security firm, Damballa, has released data at the RSA conference in San Francisco that suggests the problem of mobile malware has been overemphasised.
Link: [ ] ( )

Kaspersky Lab Finds “Darwin Nuke” Vulnerability in OS X and iOS
The “Darwin Nuke” vulnerability is exploited while processing an IP packet of specific size and with invalid IP options. Remote attackers can initiate a DoS (denial of service) attack on a device with OS X 10.10 or iOS 8, sending an incorrect network packet to the target. After processing the invalid network packet, the system will crash. Kaspersky Lab’s researchers discovered that the system will crash only if the IP packet meets the following conditions:
Link: [ ] ( )