[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Phishing Attacks Drive Spike In DNS Threat<\/p>\n
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.<\/p>\n
The domain name service (DNS) continues to be a favorite tool of cyber criminals: the DNS threat index jumped nearly 60% in the second quarter of this year.<\/p>\n
The Infoblox DNS Threat Index is measured by Infoblox and Internet Identity (IID), which today published their newest data on malicious activity abusing the Internet’s DNS, showing a threat index of 133, up from 122 in the first quarter of 2015, and an average of 100 in 2013 and 2014.<\/p>\n
It’s unclear whether the DNS abuse will continue to climb, but the Hacking Team breach could lead to more malicious domain traffic, IID’s Rasmussen says. “We’ve seen boatloads of infrastructure set up to take advantage of the [dumped] Hacking Team” malware, he says. “We’re probably going to see it go up.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3669d71400&e=20056c7556<\/p>\n
BAE Systems Applied Intelligence, who says new frameworks are needed to address cyber space\u2019s unique characteristics and environments.<\/p>\n
… accroding to BAE Systems Applied Intelligence, who says new frameworks are needed to address cyber space\u2019s unique characteristics and environments.<\/p>\n
The security firm says cyber threat intelligence has emerged as a vital approach to designing an effective security regime.<\/p>\n
Dr Malcolm Shore, technical director, BAE Systems Applied Intelligence, says IT can no longer be protected by implementing a standard set of security controls.<\/p>\n
The value of cyber threat intelligence lies in its ability to change an organisation\u2019s posture from being reactive, responding to attacks when it\u2019s breached, to being proactive, where cyber security defences are tuned to expect and deflect attacks.<\/p>\n
\u201cTo successfully defend against contemporary attacks requires a focus on new areas of cyber security including threat intelligence.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=086c1c7fd7&e=20056c7556<\/p>\n
Brokers Beware: Will the SEC Extend New Cyber Guidance to Brokers and Investment Advisers?<\/p>\n
Against the backdrop of a steady stream of cyber-attacks and data breaches, Securities and Exchange Commissioner Luis A. Aguilar recently spoke about his hope to expand upcoming SEC cyber security guidance, known as Regulation Systems Compliance and Integrity (\u201cReg SCI\u201d), beyond the stock markets and other major market entities. In a speech he gave last month in New York, he offered the opinion that the Reg SCI cyber security rules should be extended to cover smaller market entities such as broker-dealers and investment advisers.<\/p>\n
Reg SCI will require certain key market participants, such as stock exchanges, to implement a robust set of cybersecurity protocols to ensure that their systems are secure from cyberattacks, and are also sufficiently resilient to recover should an attack succeed. In addition, Reg SCI will require that these entities monitor their systems for possible cyberattacks, respond promptly to any significant intrusions, and report such intrusions to the SEC within 24 hours, among other things.<\/p>\n
When it takes effect this November, it will, among other things, use a risk-based approach that requires covered entities to focus on the security of their most critical information systems, requiring that the organizations operating those critical systems to develop and adopt procedures that are tailored to their unique cyber risks. Additionally, and significantly, Reg SCI will require the organization\u2019s senior management and directors to actively engage in cybersecurity issues and prevention.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4b66a0d721&e=20056c7556<\/p>\n
Recorded Future identified the possible exposures of login credentials for 47 United States government agencies across 89<\/p>\n
Recorded Future identified the possible exposures of login credentials for 47 United States government agencies across 89 unique domains. As of early 2015, twelve of these agencies allowed some of their users access to computer networks without any form of two-factor authentication. Doing so heightens the risk of cyber espionage, crime, or attack for these agencies.<\/p>\n
The data presented here was identified through open source intelligence (OSINT) collection and analysis of seventeen paste sites including Pastebin.com during a one year period ending in November 2014. Recorded Future shared this information with the majority of affected agencies in late 2014 and early 2015.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9b0f363fd9&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=dc22e9fd93)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Phishing Attacks Drive Spike In DNS Threat Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year. The domain name service (DNS)…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1120","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1120"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1120\/revisions"}],"predecessor-version":[{"id":3607,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1120\/revisions\/3607"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}