[From the desk of Paul Davis – his opinions and no-one else’s]
\nI will just say two word… RSA conference… so it should be a busy week.
\nSo onto the news:<\/p>\n
15 Things Wrong with Today\u2019s Threat Intelligence Reporting<\/p>\n
It is painfully obvious how the lack of analytic skill is harming the discipline. Many folks come from technical degree backgrounds and analyze packets and binaries well enough but can\u2019t seem to tell the difference between inductive, deductive, or abductive reasoning. Furthermore, their managers and mentors never recognize a problem, they just send them to more technical courses.<\/p>\n
Good analytic practices improve analysis thereby decreasing the risk of poor intelligence. You could have the best packet analysis skills in the world, but if you cannot communicate your conclusions effectively to those who need to act on your information those skills are effectively useless in threat intelligence.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dea815a261&e=20056c7556<\/p>\n
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia\u2019s APT28 in Highly-Targeted Attack<\/p>\n
FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015. Adobe independently patched the vulnerability (CVE-2015-3043) in APSB15-06. Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dbc4118794&e=20056c7556<\/p>\n
JavaScript CPU cache snooper tells crooks EVERYTHING you do online<\/p>\n
The exploit is apparently effective against machines running a late-model Intel CPU, such as a Core i7, and a HTML5-happy browser \u2013 so perhaps about 80 percent of desktop machines.<\/p>\n
Yossef Oren, Vasileios Kemerlis, Simha Sethumadhavan, and Angelos Keromytis came up with this side-channel attack, which can be performed by JavaScript served from a malicious web ad network. It works by studying the time it takes to access data stored in the last-level cache \u2013 the L3 cache shared by all cores in a PC \u2013 and matches it to user activity.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c7628c94e5&e=20056c7556<\/p>\n
Rise of hybrid cloud puts accountability in spotlight<\/p>\n
Amid growing interest in hybrid clouds, enterprises need to pay attention to service accountability, which can be tricky to define in an environment intertwined with assets belonging to the customer and cloud provider.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6eb3208112&e=20056c7556<\/p>\n
BT OFFERS “ETHICAL HACKING” TO CAR MANUFACTURERS IN IOT PUSH<\/p>\n
BT said it was forming the group of hackers in response to growing concerns about security risks. There are fears that access to a car’s features could be gained, or information taken without an owner’s consent.<\/p>\n
The company will offer the service to manufacturers, insurance companies and other automotive players before a car hits the road. It will also offer ongoing support to protect cars from ongoing threats.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f39af40022&e=20056c7556<\/p>\n
Fiesta Exploit Kit Spreading Crypto-Ransomware \u2013 Who Is Affected?<\/p>\n
Exploits kits have long been used to deliver threats to users, but they seem to have gone retro: it was recently being used to deliver fake antivirus malware.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=03f99f4881&e=20056c7556<\/p>\n
Upatre malware gets full SSL comms encryption<\/p>\n
The extremely popular Upatre Trojan downloader has undergone considerable changes that will make it and its communication more difficult to spot and block. The changes were implemented in the new variants detected and analyzed late last week by Cisco’s Talos Group researchers, and include…<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a0ce03b360&e=20056c7556<\/p>\n
Know Your Enemy: Why It\u2019s Important To Think Like A Cyber Attacker<\/p>\n
To effectively combat this, security professionals must determine who might want to attack them, the types of attacks those adversaries have used in the past, and which avenue might be most attractive. The concept of \u201cthinking like an attacker\u201d is not new, it\u2019s a simplified way of describing threat modeling that dates back as far as 500BC and the legendary Chinese military strategist Sun Tzu. Understanding an enemy properly can give defenders a significant upper hand. However, just as Sun Tzu warns in the Art of War, in order to be truly effective, defenders must not only know their enemy, but they must also know themselves.<\/p>\n
– Who, What, Why?<\/p>\n
– Effective Multi-Layered Security<\/p>\n
– A Data-Centric Approach Is The Key<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=df8d553f95&e=20056c7556<\/p>\n
The Rise of the Chief Security Officer: What It Means for Corporations and Customers<\/p>\n
I often say that the CSO is the \u201ccorporate rock-star of the future\u201d because exceptional ones possess a combination of skills that rarely appear in one person. The qualities that boards are looking for in today\u2019s CSOs reflect the complexities of safeguarding company and consumer data in this new threat environment.<\/p>\n
– Technical Curiosity is as Important as Aptitude<\/p>\n
– The CSO is Chief Politician, Communicator, and Crisis Manager<\/p>\n
– CSOs are Rare \u2013 But There\u2019s No Mold for the Model CSO<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dc5c344b5b&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1fe921c8be)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] I will just say two word… RSA conference… so it should be a busy week. So onto the news: 15 Things Wrong with Today\u2019s Threat Intelligence Reporting It is painfully obvious how the lack of analytic skill is…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1057","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1057"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1057\/revisions"}],"predecessor-version":[{"id":3544,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1057\/revisions\/3544"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}