[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
DNS Zone Transfer AXFR Requests May Leak Domain Information
A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=69c3711647&e=20056c7556
Better Together: Network Operations & Infosec
For an enterprise, the key takeaway is its critical need to be able to detect activities on the network that can lead to a data breach. That capability is diminished by the fact that security operations and network operations typically work in silos. That means security vulnerabilities have to be handled twice: first by the SOC, which has evidence of malicious activity but often no mechanism for actively stopping it, and then again by the NOC, which needs to wait for specific instructions from the SOC. Any time delay here creates advantages for an attacker.
Threats are getting increasingly harder to discover, and attackers are more brazen than ever. Getting network operations and information security teams together in the same room for the first time will be a critical step for organizations that want to build a continuous information security improvement culture capable of defending against those threats.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6055e98635&e=20056c7556
The critical 48 hours: how to mitigate the damage from a cyber-attack
The days of in-house security teams being capable of preparing and responding to incidents has long gone. Professionally qualified, experienced teams of staff are necessary to respond to and prevent an incident from impacting the business. These people are few and far between and need continuous on-the-job and up-to-date experience and training. By using professional service providers brings greater value including cyber threat intelligence, up-to-the minute advice and guidance and impartial and high quality assessments. In-house is simply no longer an option.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=66f0e0799c&e=20056c7556
Dell Threat Report Finds POS, SSL, SCADA attacks on the Rise
The company released its 2015 Dell Security Annual Threat Report this week, which found that both businesses and individuals increasingly are falling victim to malicious attacks from several key areas, including POS malware variants and attacks from SSL/TLS encrypted protocols. Dell also found a 100 percent increase in attacks against industrial control systems during this year’s analysis.
Dell also reported a surge in malware being encrypted through SSL and TSL traffic, which usually are associated with secure HTTPS websites. With the number of websites using secure encryption rising by more than 100 percent last year, Dell discovered hackers have begun encrypting their malware to avoid detection from corporate firewalls.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=77ff4160c6&e=20056c7556
Files encrypted by CoinVault ransomware? New free tool may decrypt them
Victims of the CoinVault ransomware might be able to decrypt their files with a free tool released by Kaspersky Lab together with the Dutch police.
The tool can be found at http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a84b4554bb&e=20056c7556. The application uses decryption keys found by the Dutch police as part of an investigation.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d9ef6312d2&e=20056c7556
Cyber security firm uncovers decade-long malware attack on ASEAN governments and businesses
Today FireEye, the California-based security software firm, issued a lengthy report alleging that a single entity has been carrying out malware attacks towards businesses and governments in India, the USA, and Southeast Asia.
FireEye claims that the entity, which it calls APT 30, has been self-registering DNS domains with malware command and control since 2004. Its malware attacks appear to be targeted towards organizations with information generally relevant to state security and diplomatic agencies – in particular, the Communist Party of China. FireEye adds that APT 30 appears to have been working in a systematic, collaborative manner, using tools designed for longevity, which indicates the attacks constitute part of a long-term campaign.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b26318a85a&e=20056c7556
New report: Cyber Security and Critical Infrastructure in the Americas
According to the General Secretariat of the Organization of American States (OAS) and the Trend Micro report, 44 percent of respondents were aware of different types of destructive attacks, while 40 percent said they had experienced attempts to shutdown cybernetic systems. The report also presents specific cases related to cyber security in each OAS country and analysis of cyber attacks and their methodologies, while detailing the current cyber security measures and policies in place.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=746a301ba0&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6dd99a5c4a)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)