Skip to content

CyberSecurity Institute

Security News Curated from across the world

Menu
Menu

From:Reply-To:To:Date:Message-ID:List-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; i=mail=3Dpaulgdavis.com@mail146.atl61.mcsv.net;

Posted on August 30, 2016December 30, 2021 by admini

[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:

Vendor claims these three steps will prevent data breaches

Cheesy headlines aside, Netwrix, a firm that focuses on change and configuration auditing, has published a curious list of steps that are said to be the key in preventing a data breach.

Netwrix makes some valid points, but security isn’t as simple checklist and if there was a magical list of three things, I’m sure this list would have been sold many times over long before now.

– Ensure that changes are documented.

– Control access to sensitive data.

– Audit and evaluate your environment continuously.

While each of the three (two really) items have valid uses for IT and InfoSec operations, they’re not silver bullets together or separately.

Truthfully, there is no magical list.

Security isn’t easy, and the more a business grows, the harder security gets. Checklists are not going to solve anything. Even if they could, you’d still need more than two items.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=26ceb6ced8&e=20056c7556

Security now top executive priority across all key IT areas: IDC

Australian business executives have become so concerned about data security that the topic has surpassed all other priorities in all four of IDC’s key technology pillars, the research firm has found.

IDC conducts regular surveys of C-suite executives to ascertain their investment priorities and concerns in various areas. Yet while security has traditionally ranked high on the list, the latest IDC Continuum Survey marked the first time that security had topped the list in every key technology area.

Australia has climbed the ranks of the most-targeted countries, with recent figures variously proclaiming it the world’s biggest target for phishing, the second most-attacked Web target, a growing target for botnet-driven financial attacks, and a growing source of DDoS attacks as well as a target.

Recognising this growing threat profile, IDC has highlighted three key steps for organisations working to take control of their IT security. These include assessing current security solutions – with a particular eye to consolidation, IDC said while noting that most companies have contracts with an average of 40 security vendors.

Finally, IDC advises, security vendor or services suppliers should be chosen based on their track record in the same vertical, as well as for their risk-management expertise.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4509859afb&e=20056c7556

The 5 Most Common Attack Patterns of 2014

Tripwire is pleased to announce the release of its newest infographic, “Where Are Your Cyberattacks Coming From?” Created in response to the release of Verizon’s 2015 Data Breach Investigations Report (DBIR 2015) back in April, the infographic explains the five most common attack patterns behind today’s data breaches. In this article, I will review each of these methods, identify which industries are most vulnerable to each pattern of attack, and identify real-world examples for each attack type.

– ATTACK PATTERN #1: WEB APPLICATIONS (9.4% OF INCIDENTS)

– ATTACK PATTERN #2: PRIVILEGE MISUSE (10.6% OF INCIDENTS)

– ATTACK PATTERN #3: CYBER ESPIONAGE (18% OF INCIDENTS)

– ATTACK PATTERN #4: CRIMEWARE (18.8% OF INCIDENTS)

– ATTACK PATTERN #5: POINT-OF-SALE (28.5% OF INCIDENTS)

As our infographic demonstrates, organizations today face the pressure of defending against a variety of attack vectors. These threats emphasize the importance of adhering to basic security standards at minimum and pursuing more sophisticated solutions if the resources are available.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=48aa63e557&e=20056c7556

Why It’s Time To Turn Your Business Continuity Management Program On Its Head

Business continuity management historically has focused on protection: protect your people, protect your assets, protect your information, protect your revenue. Essentially, dig in and prepare for a siege.

But in today’s world, protecting what you have isn’t going to get you where you need to be. In every area of business, companies are being forced to proactively meet customer and business demands in new and innovative ways. In marketing, that has involved a shift from huge mass-market campaigns to micro-personalized outreach. In software development, it often requires leaving behind sequential waterfall design methodologies and embracing incremental agile approaches. What about for business continuity management?

Here’s what does need to change to bring about a new business continuity management model:

– Adopt a business-wide perspective.

– Challenge your business continuity management methodology

– Reconsider your business impact analysis (BIA) process.

– Reinvent intelligent plans.

– Promote collaboration and communication.

– Drive resiliency roadmap innovation.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7bcf36335f&e=20056c7556

[Japenese] Govt moves to protect My Number / New cybersecurity measures aim to address data loss fears

The government will establish a cybersecurity unit in an administrative committee that will monitor the My Number system and also set up a Security Operation Center (SOC) (see below) to closely monitor local government networks, The Yomiuri Shimbun has learned.

The government currently handles cybersecurity surveillance and audits only for central government ministries and agencies, but it will now expand coverage to include the JPS and other public corporations as well as independent administrative agencies, sources said.

Under the My Number system set to be rolled out from October, a 12-digit number assigned to each individual will be used for a range of administrative functions including residence registration and pension-related matters.

The SOC will also be set up within this fiscal year to shore up cybersecurity for the Local Government Wide Area Network, which links local governments across the nation with the central government through dedicated lines. The SOC will share information on cyber-attacks with the Government Security Operation Center (GSOC), a government surveillance body operated by the National Center of Incident Readiness and Strategy for Cybersecurity (NISC).

The NISC will therefore expand the security coverage of the GSOC to cover some public corporations including the JPS and independent administrative agencies handling important data within this fiscal year. The NISC has already started auditing the networks of central government and independent administrative agencies this fiscal year, and plans to inspect the JPS and other relevant bodies in turns.

Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5de8b7b5a6&e=20056c7556

Cyber Insecurity: 4 in 10 Midsize Businesses Have Experienced A Data Breach

HARTFORD, Conn.–(BUSINESS WIRE)–Most midsize business leaders view a data breach among their top risks and a majority consider IT security ‘very important’ when selecting a supplier, according to The Hartford’s survey of midsize business owners and C-level executives. They have good reason to be concerned: 43 percent had experienced a data breach in the prior three years, and 13 percent have had a supplier’s data breach impact their business information.

The Hartford survey found most midsize business leaders (82 percent) consider a data breach at least a minor risk to their business. Nearly one-third (32 percent) view it as a major risk.

Recognizing the data risks involving suppliers, more than half of the midsize business leaders (53 percent) surveyed consider IT security and data protection practices very important when selecting a supplier. By comparison, 36 percent consider a supplier’s contingency planning and 28 percent view a supplier’s location relative to their business as very important.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bef34d3954&e=20056c7556

Java updater dumps Ask toolbar adware, replaces it with Yahoo search

Earlier this week Yahoo Chief Executive Marissa Mayer announced a partnership with Oracle in an attempt to get more people using its search service, and cornerstone to that are the millions of Java users struggling to patch what is considered by many to be a notoriously insecure product.

Beginning next month users who install or update the Java software — which is found on almost nine out of 10 PCs in the US — will be prompted to make Yahoo their browser’s default search engine and home page.

And the option to make those changes will be pre-checked, so if the user is in a hurry or isn’t aware of what the change entails, they will find their browser settings changed. These changes aren’t as intrusive as the Ask toolbar, and the more tech literate out there will have no problems reversing the change. But the fact remains that Yahoo is choosing to push its services to users who haven’t explicitly requested them.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cf20080d21&e=20056c7556

Facebook headhunts new chief security officer Alex Stamos from Yahoo

Social media giant Facebook has appointed a new chief security officer, Alex Stamos, headhunted from rival Yahoo – and starting this Monday.

Stamos joins Facebook after its previous CSO, Joe Sullivan, left in April to join taxi company Uber.

At Yahoo under CEO Marissa Mayer, Stamos will have been responsible for many of the improvements in security at the company, particularly the use of encryption for Yahoo Mail, or Ymail, after the Edward Snowden disclosures revealed just how much snooping the US National Security Agency and GCHQ – and, no doubt, other intelligence services – do on insufficiently secured communications.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2bb8bec0d2&e=20056c7556

Stealthy Fobber Malware Takes Anti-Analysis To New Heights

Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.

A stealthy new info-stealing browser injection malware aims to make security researchers’ job very difficult. Fobber evades detection and defies anaylsis by sliding from one program to another, using randomly generated filenames, encrypting command-and-control communications with a custom algorithm, and encrypting individual pieces of code within the payload, so that each function must be separately, painstakingly decrypted before it can be run.

It also encrypts all communication with the command-and-control server, using a custom algorithm. According to Segura’s blog “Content sent by the server is signed by its RSA1 key (to prevent botnet hijacking) while the Fobber code has the public key embedded within, notifying the signature before processing the content.”

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f70c94c0d5&e=20056c7556

Malware getting smarter, stealthier once it breaches networks, Vectra analysis finds

Malicious actors are increasingly using the anonymous Tor network and external remote access tools to instigate targeted attacks that are growing in sophistication and complexity, a Vectra Networks analysis of internal traffic has shown.

The firm’s June Post-Intrusion Report analysed internal monitoring of host-to-host traffic as well as traffic to and from the Internet, allowing the observation of malicious attacks at every phase.

Fully 100 percent of the 40 analysed firms’ networks – including 248,198 hosts – showed one or more of the five indicators of a targeted attack, which Vectra outlined as characterising the various types of attack traffic to traverse internal networks.

These included command-and-control (C&C) communications, which accounted for 32 percent of the 46,610 total threats detected; botnet monetisation (18 percent), internal reconnaissance (13 percent), lateral movement (34 percent), and data exfiltration (3 percent).

This reflected malware that is increasingly active on victim networks once it has breached perimeter defences. Growing use of Tor and HTTPS-secured remote access services had displaced C&C traffic.

C&C activity was most common in technology firms (43 percent), whereas just 1 percent of financial and services organisations experienced C&C type activity.

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=123753a0f2&e=20056c7556

Paper: Using .NET GUIDs to help hunt for malware

Today, we publish a paper by Cylance researcher Brian Wallace, who looks at two globally unique identifiers (GUIDs) found in malware created using .NET, which can help link multiple files to the same Visual Studio project. He released a Python tool to safely extract these identifiers; the tool has since been incorporated into VirusTotal.

Although the GUIDs can easily be extracted from executables, not all methods of doing so are safe; hence Brian has written a tool that does so securely and works cross-platform. The tool, GetNETGUIDs, has been published on Cylance’s GitHub page.

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3000e67758&e=20056c7556

Signature-Based Detection With YARA

In a previous post, I talked about how you can use STIX, TAXII and CybOX to share threat intelligence.

CybOX provides a common structure for representing cyber observables across and among the operational areas of enterprise cybersecurity. CybOX can contain hashes, strings or registry keys. Information provided via the system can be used to check for the presence of malware inside your environment. YARA is one of the alternatives to using CyBOX, but the two are not mutually exclusive.

YARA is a tool designed to help malware researchers identify and classify malware samples. It’s been called the pattern-matching Swiss Army knife for security researchers (and everyone else). It is multiplatform and can be used from both its command-line interface or through your own Python scripts.

Because YARA uses signatures similar to antivirus solutions, it would make sense to reuse these signatures as a rule database. With the use of the script clamav_to_yara.py, you can convert the ClamAV signature database to your own ruleset.

Although signature-based detection with YARA has its limits, it is an easy-to-use and fairly simple way of detecting malware in your environment. It would not be wise to rely on it as the only threat protection measure, but given the straightforward use, missing out on this tool would not be a good idea, either.

Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6e1f368bd3&e=20056c7556

Understanding the Threat Landscape: Indicators of Compromise (IOCs)

I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach, as well as prevention of a future breach. For purposes of this overview, iDefense breaks IOCs into three distinct categories: email, network and host-based.

– Email Indicators

– Network Indicators

– Host-Based Indicators

Organizations need to be wary of the increasing number of IOCs and implement a system to measure and evaluate the quality of indicators accordingly. Having contextual information to accompany indicators is critical for a machine or a human to make better decisions around resource allocation and determine a proper course of action.

Creating a dynamic database comprised of all the elements, or data fundamentals, that make up the cyber threat landscape, and having them visually displayed in an interconnected contextual manner is a great way to enable people and machines to make better security and business decisions.

Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61dc81bcbc&e=20056c7556

============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)

If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)

** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1442974ee6)

** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)

Leave a Reply

You must be logged in to post a comment.

Recent Posts

  • AI/ML News – 2024-04-14
  • Incident Response and Security Operations -2024-04-14
  • CSO News – 2024-04-15
  • IT Security News – 2023-09-25
  • IT Security News – 2023-09-20

Archives

  • April 2024
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • April 2023
  • March 2023
  • February 2022
  • January 2022
  • December 2021
  • September 2020
  • October 2019
  • August 2019
  • July 2019
  • December 2018
  • April 2018
  • December 2016
  • September 2016
  • August 2016
  • July 2016
  • April 2015
  • March 2015
  • August 2014
  • March 2014
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • October 2012
  • September 2012
  • August 2012
  • February 2012
  • October 2011
  • August 2011
  • June 2011
  • May 2011
  • April 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • June 2009
  • May 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • February 2005
  • January 2005
  • December 2004
  • November 2004
  • October 2004
  • September 2004
  • August 2004
  • July 2004
  • June 2004
  • May 2004
  • April 2004
  • March 2004
  • February 2004
  • January 2004
  • December 2003
  • November 2003
  • October 2003
  • September 2003

Categories

  • AI-ML
  • Augment / Virtual Reality
  • Blogging
  • Cloud
  • DR/Crisis Response/Crisis Management
  • Editorial
  • Financial
  • Make You Smile
  • Malware
  • Mobility
  • Motor Industry
  • News
  • OTT Video
  • Pending Review
  • Personal
  • Product
  • Regulations
  • Secure
  • Security Industry News
  • Security Operations
  • Statistics
  • Threat Intel
  • Trends
  • Uncategorized
  • Warnings
  • WebSite News
  • Zero Trust

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
© 2025 CyberSecurity Institute | Powered by Superbs Personal Blog theme