[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
iSIGHT Partners Enhances Intelligence Integration With New ThreatScape Software Development Kit and Browser Plugin
DALLAS, TX–(Marketwired – Mar 30, 2015) – iSIGHT Partners, Inc., the leading provider of cyber threat intelligence for global enterprises, today announced further enhancements to its threat intelligence integration capabilities. With the immediate release of ThreatScape® Software Development Kit (SDK), clients and partners now have a greatly simplified way to integrate rich threat intelligence with key security systems. Additionally, with the release of ThreatScape® Browser Plugin, researchers have a clever new tool that enables them to connect indicators of compromise (IOCs) on any web page or web-based tool with the world’s leading cyber threat intelligence. ThreatScape Browser Plugin provides one-click pivoting for instant integration with cloud providers and other web-based vendor technologies.
A Google Chrome extension designed to scan web pages and give users one click pivoting from web sites and web tools to iSIGHT Partners intelligence
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2162dc2486&e=20056c7556
Cyber Threat Intelligence: More Threat Than Intelligence?
This article proposes that commercial cyber intelligence products have multiple flaws which make it unreliable for use by the U.S. government, and that it falls upon the government to address those flaws in the following ways:
* Examine cyber threat intelligence for indicators of deception.
* Differentiate between bad actors in an attack.
* Invest in developing human assets who are in a position to corroborate or deny what the technical indicators present as possibilities.
* Exclude other possibilities until one remains.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=26fc6db9ad&e=20056c7556
DDoS losses potentially £100k an hour, survey shows
Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of £100,000 or more an hour at peak times, a survey by communications and analysis firm Neustar has revealed.
Some 12% estimated potential losses due to outages at peak times would be greater than £600,000 an hour, and 11% admitted they did not know what their losses would be.
The poll of 250 IT professionals in Europe, the Middle East and Africa also showed that half of respondents believe DDoS attacks are a bigger risk than a year ago.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c8d05071ff&e=20056c7556(UserUniverse:%201441999)_myka-reports@techtarget.com&src=5375017
5 keys to hiring security talent
Recruiting IT security professionals can be tough, unless you have a great elevator pitch, says an insurance company CIO
They want to know whether the CISO is a leader who can navigate the changing landscape and frame the company’s commitment to security overall.
Focus and play to your strengths. What’s your elevator pitch to candidates? Do you have a compelling story, both for security and for your company?
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8932c94a84&e=20056c7556
Building on Success: Next Generation of Cyber Crime Prevention Unveiled!
Considered to be the best assessment tool for governance, risk and compliance (GRC) in the global business community, this next generation of the IT Audit Machine (ITAM) ups the ante by managing big data and frameworks with virtually endless possibilities. These new enterprise capabilities coupled with the already powerful analytic and logic features are a technological force to be reckoned with.
Michael Peters, CEO of Lazarus Alliance said “The IT Audit Machine is just one of the many innovations from Lazarus Alliance that really sets us apart from other cyberspace Security, governance, risk and compliance firms.”
Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence, in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and compliance leadership solutions and is fully dedicated to global success in these disciplines.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f9f8ab813e&e=20056c7556
Ponemon security survey finds threat intelligence is woefully underused
Two thirds of the nearly 700 technology professionals that the research group asked about their companies’ threat intelligence policies acknowledged the importance of keeping up with the movement of attackers, but many are struggling to do so in practice. As a result, an alarming 47 percent admitted that it is not an essential part of the security strategy where they work.
The root cause, according to the study, lies in inability to understand or use data. Only 11 percent of participants gave the threat intelligence that they collect the highest score for usefulness, a figure that drops to nine percent on accuracy and eight percent when it comes to timeliness. Ponemon placed much of the responsibility for these shortfalls with the vendors that organizations count on to protect their networks.
A full 85 percent of respondents expressed discontent with the quality of information they get from external intelligence sources, confidence that falls even further in the context of free feeds such as that Facebook Inc. is currently working to create. But organizations can’t place all the blame externally.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ead48fedc6&e=20056c7556
NuData Security Threat Intelligence Reveals Latest in Online Fraud Trends Including Spike in Scripted Attacks
VANCOUVER, British Columbia, March 31, 2015 /PRNewswire/ — Threat intelligence from NuData Security, released today, provides insight into the latest trends surrounding online fraud.
As fraud detection methods grow stronger, hackers are evolving to find newer, better, more sophisticated ways to commit online fraud. Much like a virus mutates in response to a vaccine, hackers are finding new ways of infiltration.
Fraudsters are using increasingly sophisticated techniques to steal data and circumvent detection [list follows]
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6a969406d1&e=20056c7556
‘Trojan.Laziok’ reconnaissance malware targets Middle East energy sector
Researchers at Symantec have observed that a relatively new data exfiltration software has been put to service in a winter campaign against energy companies in the Middle East. Though the central malware has been dubbed ‘Trojan.Laziok’ by Symantec, In fact the Laziok Trojan has been identified and addressed before, with uninstall information widely available at various sites – and would appear to have been picked up as a campaign tool by as-yet unknown actors seeking sensitive information from the energy sector.
The attack begins with spam emails from the moneytrans[.]eu domain. The mails contain an exploit for the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158),which is executed if the recipient opens the infected Microsoft Excel file attached to the mail.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=96f4643bf3&e=20056c7556
FFIEC Issues Malware, Attack Alerts
The FFIEC on March 30 issued two five-page alerts – one concerning cyber-attacks compromising credentials, and the other detailing destructive malware threats and related safeguards that the organization recommends.
The FFIEC recommends that the advisories be routed to every organization’s CEO, CIO and CISO.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d953322bac&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=8161ca2bad)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)