[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Web Scanning Engine
launched a web scanning engine with capabilities to find similar registered domain names, blacklist checker and link analysis tools for domains and threat intelligence data. The new system will be integrated into our Threat Intelligence Beta program. If you would like to be a part of the threat intelligence beta program please joint the mailing list and request access by emailing soc(-at-)slcsecurity(D-o-t.)com for access
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6d9eff937a&e=20056c7556
Cybercrime skills critical for all police as global criminals move online, INTERPOL warns
Law-enforcement authorities must increasingly partner with private-sector security researchers to combat increasingly flexible, malevolent and global security interests on their home turf, an INTERPOL cybersecurity specialist has warned.
Despite their longstanding nous around investigation of criminal activities, INTERPOL project manager for cyber innovation and outreach Steve Honiss told CSO Australia that the rapidly changing face of cybercriminal activity had pushed authorities to tap academic expertise for initiatives such as a recently developed program for training law-enforcement investigators in the mechanisms of the ‘dark Web’ favoured by many criminals.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d57cf10a7f&e=20056c7556
Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers Say
Data theft appears to be the primary motivation behind a sophisticated malware campaign directed at U.S. industrial control systems (ICS) networks since at least 2011.
The module that CyberX discovered seems to allow for data to be siphoned out from ICS systems and networks with no Internet connectivity to Internet connected HMI systems via the firewall using RPC communication over the Server Message Block (SMB) protocol.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=51569c3e4d&e=20056c7556
Dutch upper house approves data breach reporting requirement
Under the changes, a data breach must be reported to the CBP if it impacts security and has a reasonable chance of impacting personal data protection. In addition to reporting the event to the CBP, businesses and organisations must tell the affected people if their data is at risk. If the organisation has taken security measures such as encryption of the data, so it is unlikely the data will be exploited by hackers, the requirement for informing the affected persons is relaxed.
If the data breach is not reported, the CBP can apply a fine, now at a higher level of up to EUR 810,000, versus a maximum EUR 4,500 previously. Before the new legislation takes effect, the CBP will issue guidelines on implementation.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d89be5e27a&e=20056c7556
Hacking With Pictures; New Stegosploit Tool Hides Malware Inside Internet Images For Instant Drive-by Pwning
Over the last several years, Shah has worked on his technique and discovered executable code can in fact be embedded within an image and executed in a web browser, evading detection of even the most scrupulous malware scanners.
Packaged into a tool called Stegosploit, Shah takes known exploits Chrome, Safari, Explorer and other browsers supporting HTML 5 Canvas, and codes them into the but layers of an images’ pixels. These kind of files which Shah dubbed Imajs (image + JavaScript) load as JavaScript in a browser that render as images but also execute – two different kinds of content all embedded in one file.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=60463eeef3&e=20056c7556
Roadmap Offers Important Insights on How to Prepare for FTC Data Breach Investigations
On May 20, 2015, Federal Trade Commission Assistant Director Mark Eichorn of the Bureau of Consumer Protection’s Division of Privacy and Identity Protection (DPIP)[1] offered an inside look into the FTC’s investigative process for significant data breaches.
These statements suggest several important opportunities that companies can take advantage of today to lay the ground work to effectively respond to a regulatory investigation following a data breach. Specifically, companies should be proactive on a number of fronts: (1) consider whether pre-breach and post-breach cybersecurity assessments and analyses should be managed under the attorney-client privilege and work product protections; (2) ensure that all public, security-related representations reflect actual, internal practices; and (3) prepare to reach out to and cooperate with law enforcement early in a data breach investigation.
First, the FTC Staff outlined a roadmap for breach investigations, and identified information that the FTC will likely request, either informally, or formally through legal process …
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5df053f7f7&e=20056c7556
Crypto-Malware Sleeps on Infected Machine, Wakes Up at Predefined Time
A piece of ransomware with file encryption capabilities called Locker enters into a sleep state after compromising a computer and activates at a certain time, defined by the attacker.
According to an analysis from Bleeping Computer, files on computers infected with Locker started to be encrypted on May 25 at midnight (local time). Unlike threats of the same kind, Locker did not change the extension of the affected items and they would appear untouched until the user launched them.
The malware deletes the copies created by Windows Shadow Copy service, but only on the system drive. This would suggest that the attackers aimed Locker at the most important data since it is common practice among users to store important files on the system volume.
After encrypting all the data (mostly documents and images), Locker displays the ransom message, demanding 0.1 bitcoins ($24 / €22) in exchange for the decryption key stored on a server hidden in Tor anonymity network.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=86afb3cc97&e=20056c7556
Complex security solutions are exposing companies to risk
The survey, which was carried out at RSA Conference 2015 and measured the attitudes of nearly 170 IT security professionals, revealed 69 percent of respondents do not feel they are using their IT security products to their full potential. As a result, 71 percent of IT professionals believe this is putting their company, and possibly customers, at risk.
When survey respondents were asked why they don’t use their IT security products to their full potential, 62 percent revealed they either found the products too complicated to deploy, too time consuming to deploy, or didn’t think they had the expertise to properly deploy them.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4edc9a335d&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=187e881194)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)