[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
Infoblox : 75 Percent Increase in Security Exploit Kit Creation in Q3 2015, Says the Infoblox DNS Threat Index
A new report from Infoblox Inc. shows that creation of DNS infrastructure by cybercriminals to unleash exploit kits increased 75 percent in third quarter of 2015 from the same period in 2014, as reported in the newest edition of the Infoblox DNS Threat Index, powered by IID, the source for clear cyberthreat intelligence.
The Infoblox DNS Threat Index measures the creation of malicious DNS infrastructure, including exploit kits.
Four exploit kits–Angler, Magnitude, Neutrino, and Nuclear–accounted for 96 percent of total activity in the category for the third quarter.
The Infoblox DNS Threat Index, which is the first security report to analyze the creation of malicious domains, has a baseline of 100–the average of quarterly results for the years 2013 and 2014.
In Q3 2015, the index stood at 122, up 19 percent from Q3 2014 and down 8 percent from a record high of 133 in Q2 2015.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=516465e87e&e=20056c7556
Introducing âRITAâ for Real Intelligence Threat Analysis
SANS’ free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.
Currently, there are a number of different frameworks for pen testing, like Metasploit, SET, and Recon-ng.
The idea behind RITA is to create a framework that it is extensible; it allows people to continuously add additional modules to it.
The beautiful thing about RITA is that the data can be exported to the desktop, but can also be visualized via Kibana.
For example, if you run the concurrent module, this module will show all accounts which are logged in concurrently to multiple systems.
This is great for detecting lateral movement.
By running this module, it will run the module and load the data into Kibana for visualization. (To see the results, youâll need to select the results tab at the top.)
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c7f1c8023b&e=20056c7556
Research Suggests User Routines Key to Preventing Email Phishing
Businesses in the public and private sectors teach people to recognize phishing, but those efforts often fail or donât work for very long because the training ignores usersâ habits and instead focuses exclusively on how users process information, says Vishwanath, whose latest research on email habits and phishing outcomes is published in the Journal of Computer-Mediated Communication.
âThe training and education designed to stop phishing is all about asking whatâs in the bottle,â he says. âItâs contextual.
âIn actual practice, many activities are habitual, or a combination habit and information processing.â
The issue is not a lack of awareness.
Email systems, especially when accessed on mobile devices, are built to create and foster habits.
They encourage users to repeatedly check for messages, establishing routines that Vishwanath says turns their devices into a casino game, with users opening emails like reckless gamblers habitually pulling the arms of slot machines without thinking of the long-term consequences.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a4e9f136ac&e=20056c7556
New Pentagon Website Can Tell If You Were Hacked by China
Anyone who has undergone a federal background check to handle classified information, or is a child or spouse of such an individual, now can visit a Pentagon-hosted website to check if personal data is in the hands of suspected Chinese spies.
The U.S. government quietly Nov. 17 launched “OPM Verify,â a public, self-confirmation tool for the 21.5 million victims of the Office of Personnel hack who have not yet received notification letters or need additional help.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=facf18c3ee&e=20056c7556
NATO fights malware, bugged devices at Estonian cyber center
TARTU, Estonia (AP) – NATO nations and allies are battling malware in tablets and infected devices this week in the alliance’s largest cyber drill to date aimed at improving members’ data privacy in crisis situations.
Some 400 participants from 33 countries were focused on solving scenarios including attacks on high-ranking officers’ computer equipment during an exercise at a cyber range in Tartu, Estonia’s second-largest city.
The five-day Cyber Coalition 2015 exercise, which ends Friday, included teams from non-NATO members Austria, Finland and Sweden, with Georgia, Japan and Jordan as observers.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=496b34a133&e=20056c7556
Survey Reveals 69% of Users Would Bypass Security Controls to Win Business
NEW YORK, NY — (Marketwired) — 11/19/15 — BalaBit, a leading provider of contextual security technologies, today unveiled the results of its pan-European survey into the current state of IT security.
The survey looked at how organizations balance IT security and business flexibility; whether they choose to be more secure by implementing additional controls that might hinder productivity or prefer to have flexible business operations.
It also looked at how a promising business opportunity changes the game.
BalaBit asked 381 IT executives, CIO’s, CISO’s, auditors and other IT professionals including but not limited to the UK, France and Germany, about their thoughts on IT security and business flexibility.
When asked about their preference if they need to choose between IT security and business flexibility, 71% of respondents said that security should be equally or more important than business flexibility.
The same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life.
In this situation security just goes out of the window with 69% of respondents saying they would take the risk, while only 31% said they would not.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=928bd9af15&e=20056c7556
Some infosec pros need to kick themselves, panel told
âSecurity professionals in general donât do a great job of creating metrics thatâs easy for human beings to consume, said Ben Sapiro, senior director, security privacy and compliance at Vancouver-based Vision Critical Communications Inc., a cloud-based platform for building customer communities.
Too often they talk in technical terms business managers donât understand, he said. âYou donât have to achieve perfect, you just have to achieve good enoughâ when explaining the security impact of a decision.
Ideally what CISOs should aim for its âpragmatic decision-making by the business with the tool and the guidance provided by the security people.â
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e3a76b43ae&e=20056c7556
Many embedded devices ship without adequate security tests, analysis shows
An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them, pointing to poor security testing by manufactuers.
The study was performed by researchers from the Eurecom research center in France and Ruhr-University Bochum in Germany, who built an automated platform capable of unpacking firmware images, running them in an emulated environment and starting the embedded Web servers that host their management interfaces.
In total, using both static and dynamic analysis the researchers found important vulnerabilities like command execution, SQL injection and cross-site scripting in the Web-based management interfaces of 185 unique firmware packages, affecting devices from a quarter of the 54 manufacturers.
Costin presented the team’s findings at the DefCamp security conference in Bucharest on Thursday.
It was actually the second test performed on firmware images on a larger scale.
Last year, some of the same researchers developed methods to automatically find backdoors and encryption issues in a large number of firmware packages.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=84d9944f96&e=20056c7556
Top tips on creating an enterprise risk strategy for wearables
IT admins have already started to detect wearables in company networks and are often unsure of the type of device or the potential threats they bring.
There are a handful of enterprises that are integrating wearables in their network as part of their productivity increase program.
For example, Tesco has begun using a wearable inventory systemin their warehouses to track product orders.
Over the next few years, things will start to change as the number of organisations that recognise the benefits of wearables increases.
For any organisation with a BYOD policy, a wearables policy is a logical next step.
Since wearables come with many risks and benefits similar to those of other mobile devices currently used by enterprises, adding policies should be a simple upgrade rather than needing to draft an entirely new plan, as we saw with smart phones and tablets.
By consistently staying ahead of new information security threats and solutions, organisations can significantly reduce the risk of a costly data breach – wearable technology being one example.
Mobile Application Management (MAM) is another great solution that should be adapted to monitor what applications are and can be installed on wearables.
Data resides on a wearable device and there is always the risk of that device being lost or stolen and then manipulated to recover the information.
Beyond all else, wearables present a unique opportunity to change the mindset found within organisations that harbors fear of new technologies.
As we adopt a proactive approach to embrace new employee technologies, we can experience an increase in employee productivity and a reduction in insiders and malicious threats to the corporate information security structure.
A new mindset around security, where being proactive and strategic is the new norm, can lead to great strides toward a more functional organisation.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=59fb8c55da&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6de3fc0088)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)