{"id":1020,"date":"2015-04-14T00:00:00","date_gmt":"2015-04-14T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2015\/04\/14\/newsalert-2015-apr-14\/"},"modified":"2021-12-30T11:38:36","modified_gmt":"2021-12-30T11:38:36","slug":"newsalert-2015-apr-14","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2015\/04\/14\/newsalert-2015-apr-14\/","title":{"rendered":"Newsalert – 2015 Apr 14"},"content":{"rendered":"
DNS Zone Transfer AXFR Requests May Leak Domain Information<\/font><\/b> <\/div>\n
A remote <\/font>unauthenticated user may request a DNS zone transfer<\/font><\/b> from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.
\n<\/font><\/div>\n
Link<\/font><\/b>: <\/font>https:\/\/www.us-cert.gov\/ncas\/alerts\/TA15-103A<\/font><\/a> <\/div>\n
 <\/div>\n
Better Together: Network Operations & Infosec<\/font><\/b> <\/div>\n
For an enterprise, the key takeaway is its critical need to be able to detect activities on the network that can lead to a data breach. That capability is diminished by the fact that security operations and network operations typically work in silos. That means s<\/font>ecurity vulnerabilities have to be handled twice<\/font><\/b>: first by the SOC, which has evidence of malicious activity but often no mechanism for actively stopping it, and then again by the NOC, which needs to wait for specific instructions from the SOC. Any time delay here creates advantages for an attacker.
\n<\/font><\/div>\n
Threats are getting increasingly harder to discover, and attackers are more brazen than ever. <\/font>Getting network operations and information security teams together<\/font><\/b> in the same room for the first time will be a critical step for organizations that want to build a continuous information security improvement culture capable of defending against those threats.
\n<\/font><\/div>\n
Link<\/font><\/b>: <\/font>http:\/\/www.darkreading.com\/attacks-breaches\/better-together-network-operations-and-infosec-\/a\/d-id\/1319898?ngAction=register<\/font><\/a> <\/div>\n
 <\/div>\n
The critical 48 hours: how to mitigate the damage from a cyber-attack<\/font><\/b> <\/div>\n
The days of in-house security teams being capable of preparing and responding to incidents has long gone. <\/font>Professionally qualified, experienced teams of staff are necessary<\/font><\/b> to respond to and prevent an incident from impacting the business. These people are few and far between and need continuous on-the-job and up-to-date experience and training. By using professional service providers brings greater value including cyber threat intelligence, up-to-the minute advice and guidance and impartial and high quality assessments. In-house is simply no longer an option.
\n<\/font><\/div>\n
Link<\/font><\/b>: <\/font>http:\/\/www.itproportal.com\/2015\/04\/12\/critical-48-hours-how-to-mitigate-damage-cyber-attack\/<\/font><\/a> <\/div>\n
 <\/div>\n
Dell Threat Report Finds POS, SSL, SCADA attacks on the Rise<\/font><\/b> <\/div>\n
The company released its <\/font>2015 Dell Security Annual Threat Report<\/font><\/b> this week, which found that both businesses and individuals increasingly are falling victim to malicious attacks from several key areas, including POS malware variants and attacks from SSL\/TLS encrypted protocols. Dell also found a <\/font>100 percent increase in attacks against industrial control systems<\/font><\/b> during this year\u2019s analysis.
\n<\/font><\/div>\n
Dell also reported a surge in malware being encrypted through<\/font> SSL and TSL traffic<\/font><\/b>, which usually are associated with secure HTTPS websites. With the number of websites using secure encryption rising by more than 100 percent last year, Dell discovered hackers have begun encrypting their malware to avoid detection from corporate firewalls.
\n<\/font><\/div>\n
Link<\/font><\/b>: <\/font>http:\/\/thevarguy.com\/var-guy\/041315\/dell-threat-report-finds-pos-ssl-scada-attacks-rise<\/font><\/a> <\/div>\n
 <\/div>\n
Files encrypted by CoinVault ransomware? New free tool may decrypt them<\/font><\/b> <\/div>\n
Victims of the CoinVault ransomware might be able to decrypt their files with a free tool released by Kaspersky Lab together with the Dutch police.
\n<\/font><\/div>\n
The tool can be found at https:\/\/noransom.kaspersky.com. The application uses <\/font>decryption keys<\/font><\/b> found by the Dutch police as part of an investigation.
\n<\/font><\/div>\n
Link<\/font><\/b>: <\/font>http:\/\/www.cio.com\/article\/2909294\/files-encrypted-by-coinvault-ransomware-new-free-tool-may-decrypt-them.html<\/font><\/a> <\/div>\n
 <\/div>\n
Cyber security firm uncovers decade-long malware attack on ASEAN governments and businesses<\/font><\/b> <\/div>\n
Today FireEye, the California-based security software firm, issued a lengthy report alleging that a single entity has been carrying out malware attacks towards businesses and governments in India, the USA, and Southeast Asia.
\n<\/font><\/div>\n
FireEye claims that the entity, which it calls<\/font> APT 30<\/font><\/b>, has been self-registering DNS domains with malware command and control since 2004. Its malware attacks appear to be targeted towards organizations with information generally relevant to state security and diplomatic agencies \u2013 in particular, the Communist Party of China. FireEye adds that APT 30 appears to have been working in a systematic, collaborative manner, using tools designed for longevity, which indicates the attacks constitute part of a long-term campaign.
\n<\/font><\/div>\n
Link<\/font><\/b>: <\/font>https:\/\/www.techinasia.com\/cyber-security-firm-uncovers-decade-long-malware-attack-on-asean-governments-and-businesses\/<\/font><\/a> <\/div>\n
 <\/div>\n
New report: Cyber Security and Critical Infrastructure in the Americas<\/font><\/b> <\/div>\n
According to the <\/font>General Secretariat of the Organization of American States (OAS) and the Trend Micro <\/font>report, 44 percent of respondents were aware of different types of destructive attacks, while <\/font>40 percent said they had experienced attempts to shutdown cybernetic systems<\/font><\/b>. The report also presents specific cases related to cyber security in each OAS country and analysis of cyber attacks and their methodologies, while detailing the current cyber security measures and policies in place.
\n<\/font><\/div>\n
Link<\/font><\/b>: <\/font>http:\/\/continuitycentral.com\/news07594.html<\/font><\/a><\/div>\n

Subscribe to this list: http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a<\/p>\n","protected":false},"excerpt":{"rendered":"

DNS Zone Transfer AXFR Requests May Leak Domain Information A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information. Link: https:\/\/www.us-cert.gov\/ncas\/alerts\/TA15-103A   Better…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1020","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1020"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1020\/revisions"}],"predecessor-version":[{"id":3507,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1020\/revisions\/3507"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}