[From the desk of Paul Davis – his opinions and no-one else’s]
I will just say two word… RSA conference… so it should be a busy week.
So onto the news:
15 Things Wrong with Today’s Threat Intelligence Reporting
It is painfully obvious how the lack of analytic skill is harming the discipline. Many folks come from technical degree backgrounds and analyze packets and binaries well enough but can’t seem to tell the difference between inductive, deductive, or abductive reasoning. Furthermore, their managers and mentors never recognize a problem, they just send them to more technical courses.
Good analytic practices improve analysis thereby decreasing the risk of poor intelligence. You could have the best packet analysis skills in the world, but if you cannot communicate your conclusions effectively to those who need to act on your information those skills are effectively useless in threat intelligence.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dea815a261&e=20056c7556
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015. Adobe independently patched the vulnerability (CVE-2015-3043) in APSB15-06. Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dbc4118794&e=20056c7556
JavaScript CPU cache snooper tells crooks EVERYTHING you do online
The exploit is apparently effective against machines running a late-model Intel CPU, such as a Core i7, and a HTML5-happy browser – so perhaps about 80 percent of desktop machines.
Yossef Oren, Vasileios Kemerlis, Simha Sethumadhavan, and Angelos Keromytis came up with this side-channel attack, which can be performed by JavaScript served from a malicious web ad network. It works by studying the time it takes to access data stored in the last-level cache – the L3 cache shared by all cores in a PC – and matches it to user activity.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c7628c94e5&e=20056c7556
Rise of hybrid cloud puts accountability in spotlight
Amid growing interest in hybrid clouds, enterprises need to pay attention to service accountability, which can be tricky to define in an environment intertwined with assets belonging to the customer and cloud provider.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6eb3208112&e=20056c7556
BT OFFERS “ETHICAL HACKING” TO CAR MANUFACTURERS IN IOT PUSH
BT said it was forming the group of hackers in response to growing concerns about security risks. There are fears that access to a car’s features could be gained, or information taken without an owner’s consent.
The company will offer the service to manufacturers, insurance companies and other automotive players before a car hits the road. It will also offer ongoing support to protect cars from ongoing threats.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f39af40022&e=20056c7556
Fiesta Exploit Kit Spreading Crypto-Ransomware – Who Is Affected?
Exploits kits have long been used to deliver threats to users, but they seem to have gone retro: it was recently being used to deliver fake antivirus malware.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=03f99f4881&e=20056c7556
Upatre malware gets full SSL comms encryption
The extremely popular Upatre Trojan downloader has undergone considerable changes that will make it and its communication more difficult to spot and block. The changes were implemented in the new variants detected and analyzed late last week by Cisco’s Talos Group researchers, and include…
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a0ce03b360&e=20056c7556
Know Your Enemy: Why It’s Important To Think Like A Cyber Attacker
To effectively combat this, security professionals must determine who might want to attack them, the types of attacks those adversaries have used in the past, and which avenue might be most attractive. The concept of “thinking like an attacker” is not new, it’s a simplified way of describing threat modeling that dates back as far as 500BC and the legendary Chinese military strategist Sun Tzu. Understanding an enemy properly can give defenders a significant upper hand. However, just as Sun Tzu warns in the Art of War, in order to be truly effective, defenders must not only know their enemy, but they must also know themselves.
– Who, What, Why?
– Effective Multi-Layered Security
– A Data-Centric Approach Is The Key
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=df8d553f95&e=20056c7556
The Rise of the Chief Security Officer: What It Means for Corporations and Customers
I often say that the CSO is the “corporate rock-star of the future” because exceptional ones possess a combination of skills that rarely appear in one person. The qualities that boards are looking for in today’s CSOs reflect the complexities of safeguarding company and consumer data in this new threat environment.
– Technical Curiosity is as Important as Aptitude
– The CSO is Chief Politician, Communicator, and Crisis Manager
– CSOs are Rare – But There’s No Mold for the Model CSO
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dc5c344b5b&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1fe921c8be)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)