[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Website Hacking has increased 180 percent according to Google
Google has detected a 180 percent increase in the number of websites being hacked. That is a serious rise and one which Google is aiming to decrease or eradicate through informing webmasters of the measures they can take to protect their sites from pilfering through the #NoHacked movement.
The four priorities Google has concentrated on for webmasters in the company’s most recent blog post are password security, software updates, hosting provider and Google services. All four would appear fairly obvious, although things can and do fall through the cracks.
Google says webmasters who avail themselves of the services the company offers will contact a site if it has been hacked. They also advice webmasters to initialize Google Alerts and to install Google Search Console. This is the company’s method of contacting webmasters about problems on a website and also applies to hacked content.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b29b96fc89&e=20056c7556
Cyber-physical attacks: Hacking a chemical plant
Def Con 23 included a talk about ‘hacking chemical plants for competition and extortion.’ Researchers released their Damn Vulnerable Chemical Process framework; using it, you can hack a chemical plant (simulation model) like an attacker and learn to spot cyber-physical attacks like a defender.
At Def Con 23, Marina Krotofil, senior security consultant at the European Network for Cyber Security, and Jason Larsen, principal security consultant at IOActive, presented Rocking the pocket book: Hacking chemical plants for competition and extortion; you can grab a copy of their presentation (pdf) and slides (pdf) as the duo delved into a complete attack, from start to finish, on a simulated plant for Vinyl Acetate production. Pulling off an operational technology hack that affects a physical thing in the real work is an extremely complex process with many stages that range from learning to leaving false forensic footprints to get away with the attack.
They explained that there are three classes of cyber-physical attacks: Equipment damage, production damage and compliance violation.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1f38549a7e&e=20056c7556
Telnet : New Ekran System 4.0 Provides All Windows and Linux SSH Telnet Sessions Security Monitoring and Analysis with Completely Web-based System Access
Ekran System is a powerful monitoring solution providing supervisors with the detailed videolog of any user session regardless privilege level. All video records are enriched with searchable metadata. The solution monitors desktops and terminal servers and supports a wide range of network configurations, which makes Ekran System a universal tool to audit privileged account activity, work with core applications, sensitive data, and critical infrastructure nodes.
Now Cloud Labs pitches advanced Linux SSH Telnet session audit within Ekran System 4.0. This allows to monitor and quickly analyze activity of administrators and privileged users of Linux servers – a long-awaited and highly required case of corporate customers.
New audit functionality not only provides detailed videolog of any Telnet session, but also allows to view live sessions and set up triggers on specific commands and parameters to get notifications when some critical action is performed. Reporting capabilities have been also extended with grid reports for Linux SSH Telnet session activity.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=24ae8d2937&e=20056c7556
Adobe patches critical Flash security flaws
The company said in an advisory Tuesday that the updates will address security flaws that “could potentially allow an attacker to take control of the affected system.”
The plugin maker has patched dozens of flaws, five of which are considered priority fixes. Adobe acknowledged security researchers from Fortinet, Google’s Project Zero, Alibaba, and others.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=79de8e8ef9&e=20056c7556
New IP address blacklist based on Web chatter
Traditionally, blacklists of malicious IP addresses are assembled using honeypots and intrusion detection systems but a new approach, analyzing chatter on the dark and open Web, can find malicious addresses that would have been otherwise missed.
According to Recorded Future, an analysis of 700,000 Web sources resulted in 67,563 IP addresses associated with at least one type of malware — and 1,521 particularly dangerous IP addresses that were associated with at least two types of malware.
Of these addresses, 91 percent of the smaller list and 98 percent of the larger list were new to security researchers, and did not show up on existing blacklists, according to the report released today.
The company hasn’t decided yet how it will share the new lists with the public.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6defae7190&e=20056c7556
Top ten response mistakes in the battle against cyber attacks
1. Plans are not tailored to the organization
2. Plans are only used in real-world incidents
3. Teams are unable to communicate with the right people in the right way
4. Teams lack skills, are wrong-sized, or mismanaged
5. Help desk activities can destroy critical evidence
6. Incident response tools are inadequate, unmanaged, untested or underutilized
7. Data pertinent to an incident is not readily available
8. There is no ‘intelligence’ in the threat intelligence provided to incident responders
9. The incident response team lacks authority and visibility in the organization
10. Users are unaware of their role in the security posture of the organization.
Read the document (PDF).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b4837ab227&e=20056c7556
Firefox 40 arrives with Windows 10 support, expanded malware protection, and new Android navigation gestures
Mozilla credits new developments in Google’s Safe Browsing service, which let the company identify malware downloads as well as warn users about potentially unwanted software. Firefox 39 already extended the monitoring of malicious file downloads to the Mac and Linux versions of Mozilla’s browser (file types that usually contain executable code might be flagged as harmful, at which point the download manager blocks access to the file until the user unblocks it manually). Firefox 40 goes further by issuing a warning if you visit a page known to contain deceptive software that can make undesirable changes to your computer:
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61758b8999&e=20056c7556
Obama Asks for 72 Percent Increase in IRS Cyber Funding to Combat ID Thieves
August 11, 2015 A flood of cybersecurity funding could rush into the Internal Revenue Service in fiscal 2016—under an updated budget document from the White House that includes a 72 percent raise in information-security dollars.
Following raids on taxpayer coffers by identity thieves, the Obama administration would like to push $242 million into agency data analysis, IT controls, and victim support, among other things, according to new detailed spending figures.
The tax agency doled out $5.8 billion to fraudsters in 2014, according to the Government Accountability Office.
Over the past year, HHS has seen a spike in cyberthreats, according to White House officials. Funding in 2016 would grow to $262 million, a 23 percent increase over 2015. That money would partly fund a “Computer Security Incident Response Center” composed of advanced technologies to obtain a full picture of vulnerabilities department-wide.
VA would see cyber funds increase by 15.5 percent since last year, to total $180.3 million. That spending would, in part, better enable VA to detect security holes before they are exploited and continue operations when vulnerabilities are discovered.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f3cb1916de&e=20056c7556
MSRT August 2015: Vawtrak
As part of our ongoing effort to provide better malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month:
– Win32/Vawtrak
– Win32/Critroni
– Win32/Kasidet
Critroni is a ransomware malware family that c an lock your files and ask you to pay money to regain access to them. Variants in the Kasidet family can steal your sensitive information and send it to a remote attacker. This blog has more information about the Vawtrak malware family.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8c8a3ca200&e=20056c7556
Brit-educated bloke takes Dept of Homeland Security’s infosec reins
The US Department of Homeland Security (DHS) has appointed Andy Ozment, currently the Assistant Secretary of the Office of Cybersecurity and Communications – the DHS’s main processing center for threat information sharing – as leader of its cybersecurity centre.
Ozment will remain in his current assistant role, while assuming control of the National Cybersecurity and Communications Integration Center (NCCIC), now elevated within the DHS. The NCCIC has been without a recognised head for several months.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=855a7a797c&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=59bf78d7a3)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)