[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nObviously, the big news is suspected hack of the OPM
\nSo onto the news:<\/p>\n
Access to the kit and building the malware is free, but the client is the one responsible of distribution, and 30% of the profit would go to the author of Tox.<\/p>\n
Access to the kit and building the malware is free, but the client is the one responsible of distribution, and 30% of the profit would go to the author of Tox.<\/p>\n
On Wednesday, the creator of the ransomware-as-a-service platform decided to get out of the game, although it is claimed that in one week the platform recorded 1,000 users and more than 1,000 infections.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7d0c15d8e0&e=20056c7556<\/p>\n
A new resume-themed malicious email campaign spotted by security researchers aims at delivering version 3.0 of CryptoWall ransomware, recording success against some antivirus solutions.<\/p>\n
For this campaign, the threat actor sends the message making it look like it is a reply to a previous email sent by the victim. Attached to it is a ZIP archive containing an HTML document<\/p>\n
The file redirects to a compromised WordPress website containing an iFrame with a redirect to a Google Drive cloud storage account serving the a malware downloader, which poses as a PDF but is in fact an executable file (SCR) associated with screensavers.<\/p>\n
The infection chain is pretty intricate for a campaign of this kind and relies on multiple layers of obfuscation that are likely to fool multiple antivirus solutions.<\/p>\n
Nick Biasini from Cisco\u2019s TALOS security intelligence and research group analyzed the infection chain and said that a large number of the recipients were tricked and attempted to download the malware downloader from the compromised WordPress website.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6f063a5707&e=20056c7556<\/p>\n
OPM HACKERS SKIRTED CUTTING-EDGE INTRUSION DETECTION SYSTEM, OFFICIAL SAYS<\/p>\n
…tool, called EINSTEIN 3, would not have been able to catch a threat that has no known footprints, according to multiple industry experts.<\/p>\n
The malicious software used to compromise an Office of Personnel Management system in December reportedly had never been seen before and carried no indicators of compromise, or “signatures.”<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=054573e2f7&e=20056c7556<\/p>\n
Hackers Steal Trading Algorithms<\/p>\n
The security vendor Kroll reports that it has recently investigated three incidents involving hackers stealing such algorithms. “In two of the cases we were able to find the bad guy and stop him before he could share it on the Web,” Ernest Hilbert, Kroll’s head of cyber investigations for Europe, the Middle East and Africa, tells the Financial Times.<\/p>\n
This isn’t the first time that warnings have been sounded over the theft of funds’ secret trading algorithms. On Feb. 24, Chinese national Kang Gao pleaded guilty to stealing documents from his former employer, the Manhattan-based international hedge fund firm Two Sigma. According to court documents, Gao’s employment contract prohibited him from attempting to access the quantitative trading strategies, trading models and related scientific and marketing materials that he admitted e-mailing to himself. He’s due to be sentenced in April.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=45222180fb&e=20056c7556<\/p>\n
Situational Awareness: Elusive Key Ingredient of Worthwhile Cyber Threat Intelligence<\/p>\n
Yet across the business world today, few organizations or their cybersecurity teams practice simple, diligent cyber situational awareness from top to bottom, despite dynamic and continuous cyber crime that threatens the livelihood of their enterprises.<\/p>\n
Analyzing the data from my own efforts implementing these kinds of approaches over just the last two years, here are 4 observations:<\/p>\n
1. \u201cSomebody Else\u2019s Problem Field\u201d, or SEP<\/p>\n
2. Tunnel-Vision, Stove-Pipe, Navel-Gazing, Horse-Blinders Addiction Syndrome<\/p>\n
3. A Case of Mistaken Identity<\/p>\n
4. Situational awareness is not a \u201cneed to have,\u201d it\u2019s a \u201cnice to have\u201d<\/p>\n
Without a solid base in knowing who you are as a target and what\u2019s going on around you at all times, everything else you do is essentially a half-measure. As with the military where life, limb and victory are always on the line, situational awareness isn\u2019t a \u201cneed to have, \u201c it\u2019s an \u201cabsolute must have.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0a0b2e2a5e&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=66b28064ed)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 Obviously, the big news is suspected hack of the OPM So onto the news: Access to the kit and building the malware is free, but the client is the one responsible of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1089","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1089"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1089\/revisions"}],"predecessor-version":[{"id":3576,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1089\/revisions\/3576"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}