[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Phishing Attacks Drive Spike In DNS Threat
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
The domain name service (DNS) continues to be a favorite tool of cyber criminals: the DNS threat index jumped nearly 60% in the second quarter of this year.
The Infoblox DNS Threat Index is measured by Infoblox and Internet Identity (IID), which today published their newest data on malicious activity abusing the Internet’s DNS, showing a threat index of 133, up from 122 in the first quarter of 2015, and an average of 100 in 2013 and 2014.
It’s unclear whether the DNS abuse will continue to climb, but the Hacking Team breach could lead to more malicious domain traffic, IID’s Rasmussen says. “We’ve seen boatloads of infrastructure set up to take advantage of the [dumped] Hacking Team” malware, he says. “We’re probably going to see it go up.”
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3669d71400&e=20056c7556
BAE Systems Applied Intelligence, who says new frameworks are needed to address cyber space’s unique characteristics and environments.
… accroding to BAE Systems Applied Intelligence, who says new frameworks are needed to address cyber space’s unique characteristics and environments.
The security firm says cyber threat intelligence has emerged as a vital approach to designing an effective security regime.
Dr Malcolm Shore, technical director, BAE Systems Applied Intelligence, says IT can no longer be protected by implementing a standard set of security controls.
The value of cyber threat intelligence lies in its ability to change an organisation’s posture from being reactive, responding to attacks when it’s breached, to being proactive, where cyber security defences are tuned to expect and deflect attacks.
“To successfully defend against contemporary attacks requires a focus on new areas of cyber security including threat intelligence.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=086c1c7fd7&e=20056c7556
Brokers Beware: Will the SEC Extend New Cyber Guidance to Brokers and Investment Advisers?
Against the backdrop of a steady stream of cyber-attacks and data breaches, Securities and Exchange Commissioner Luis A. Aguilar recently spoke about his hope to expand upcoming SEC cyber security guidance, known as Regulation Systems Compliance and Integrity (“Reg SCI”), beyond the stock markets and other major market entities. In a speech he gave last month in New York, he offered the opinion that the Reg SCI cyber security rules should be extended to cover smaller market entities such as broker-dealers and investment advisers.
Reg SCI will require certain key market participants, such as stock exchanges, to implement a robust set of cybersecurity protocols to ensure that their systems are secure from cyberattacks, and are also sufficiently resilient to recover should an attack succeed. In addition, Reg SCI will require that these entities monitor their systems for possible cyberattacks, respond promptly to any significant intrusions, and report such intrusions to the SEC within 24 hours, among other things.
When it takes effect this November, it will, among other things, use a risk-based approach that requires covered entities to focus on the security of their most critical information systems, requiring that the organizations operating those critical systems to develop and adopt procedures that are tailored to their unique cyber risks. Additionally, and significantly, Reg SCI will require the organization’s senior management and directors to actively engage in cybersecurity issues and prevention.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4b66a0d721&e=20056c7556
Recorded Future identified the possible exposures of login credentials for 47 United States government agencies across 89
Recorded Future identified the possible exposures of login credentials for 47 United States government agencies across 89 unique domains. As of early 2015, twelve of these agencies allowed some of their users access to computer networks without any form of two-factor authentication. Doing so heightens the risk of cyber espionage, crime, or attack for these agencies.
The data presented here was identified through open source intelligence (OSINT) collection and analysis of seventeen paste sites including Pastebin.com during a one year period ending in November 2014. Recorded Future shared this information with the majority of affected agencies in late 2014 and early 2015.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9b0f363fd9&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=dc22e9fd93)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)