[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
IBM: CoreBot now ready for front line use as banking Trojan
\nCoreBot is now armed with 55 URL triggers that cause it to attack the online banking sites.
\nOnce in action, CoreBot’s first step is to grab the victim’s credentials; the malware then uses social engineering to con the victim into disclosing personally identifiable information and then commences to take over the session, the IBM report said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0d1363f91f&e=20056c7556<\/p>\n
63% in favor of encryption backdoors to respond to national security threats
\nVormetric did a survey on how Americans view “backdoor” access by government entities to the encrypted data of private businesses.
\nNinety-one percent recognized that there were risks to encryption backdoors, but also felt that it is justified in some circumstances.
\nEnterprises recognize this; as shown by the results of another recent survey by IANS, 84% of businesses are considering encrypting all sensitive data.
\nBut adding backdoors to encryption compromises the technology, and this has not gone unnoticed by the American public.
\nIn certain circumstances Americans are in favor of backdoor access.
\nThis may be due to the strong “pro backdoor” language coming from the White House and senior federal law enforcement officials.
\nRespondents were in favor of backdoor access:
\n– In response to a national security threat (63%)
\n– As part of a federal investigation (39%)
\n– As part of a state or local investigation (29%).
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=21bdd69f44&e=20056c7556<\/p>\n
Millions of UK emails on global virus plotters’ hitlist
\nBritish cyber-security experts have uncovered a trove of hundreds of millions of email addresses being used as a hitlist by criminals stealing financial data from banks, government bodies and other corporates.
\nSpecialists at GCHQ have been alerting companies named in the files, as an international investigation seeks to track down those using it.
\nThe vast database of 385\u2009million addresses was uncovered by the IT services giant Fujitsu, after following a trail from major clients who had fallen victim to hackers.
\nThe attack was global but particularly targeted the UK.
\nIn collaboration with anti-virus companies, Fujitsu\u2019s specialists traced Dridex to a series of servers in Russia that were being used to direct it.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f2a52c1244&e=20056c7556<\/p>\n
Self-destructing computer chip can protect a top secret data
\n\u200bXerox Parc\u2019s new chip isn\u2019t quite on store shelves yet.
\nIt doesn\u2019t really even do much.
\nBut as a proof of DARPA-funded concept, it has one gigantic advantage that could help security-minded computer users and paranoid \u200bMr.
\nRobot \u200bfans: it can self destruct.
\nMade out of materials similar to smartphone display glass, modified to already have minute stress fractures.
\nA circuit was laid throughout the surface, and a laser activated transistor placed at the bottom.
\nOnce the laser was shined, it created a cascading effect, including pieces that continued to shatter into smaller pieces until all that was left was irrecoverable fragments.
\nIt could be used as a storage method for security fobs, encrypted passwords, and more.
\nIn the event of a data breach, storage fabricated on the chip could be destroyed within seconds, making the data physically irretrievable.
\nConversely, it could make for a great hackathon for people to figure out how to break into a system and shatter the chips (supposing a triggering element is installed internally) in order to either further strengthen the security, or just to be a butthead.
\nIn a demonstration on Thursday, the glass was stressed to breaking point by heat.
\nWhen a circuit was switched on, a small resistor heated up and the glass shattered into thousands of pieces.
\nEven after it broke up, stress remained in the fragments and they continued breaking into even smaller pieces for tens of seconds afterwards.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=93c144ba3e&e=20056c7556<\/p>\n
The coming private cyber ‘war’
\nThe nature of cyber warfare \u2013 and whether the U.S. government would even be among the combatants \u2013 was one of the foremost discussion topics at the NextGov Prime conference Sept. 10.
\n\u201cMost companies have realized that the federal government is not coming to their rescue in the cyber sense,\u201d said journalist Shane Harris. \u201cThey are essentially on their own against organized criminals in Russia, against state-sponsored hackers in China, against groups like Anonymous, and sort of the various threats out there that might be trying to steal their data or take out their systems.\u201d
\n\u201cCompanies are not just going to keep taking this,\u201d the journalist warned. \u201cIf the government is saying to them, \u2018We can\u2019t really protect you, and we\u2019re not necessarily going to go on the offense for you,\u2019 I think it\u2019s only a matter of time before you see a company take matters into its own hands and essentially go on the offense and take the fight back to the hackers.\u201d
\nWill that fight take the form of U.S. companies hacking foreign firms, or even hacking foreign governments?
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9fcd5cd22b&e=20056c7556<\/p>\n
Google shifts Flash advertisements to HTML5 to prevent malware
\nGoogle updates advertisement’s format in Chrome Browser beginning September 1.
\nThis update is about stopping advertisements to automatically play through Flash.
\nAdvertisements that are in Flash will be converted to HTML5 and others which are in HTML5 format will continue to work.
\nSpeaking with advertisers, Bulletin Leader stated that Google notified them about the shifting of format from Flash to HTML5 since the start of the year.
\nThe purpose of Google with the shift of video and animation model is to promote the advocacy of bug prevention with its users along with other online companies.
\nThe said transition was initiated on September 1, 2015.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b2bd4527da&e=20056c7556<\/p>\n
Ten reasons threat intelligence is here to stay
\nOver the past couple of years, the volume and frequency of new malware and its variants has exploded.
\nBut it takes considerable time, effort and expertise to sift through data and transform it into pertinent information.
\nSo out with old and in with the new.
\nTo alter traditional approaches, threat intelligence emerged as a way to gather data about vulnerabilities and alter approaches based off that intel.
\nIn this article, I\u2019ve laid out 10 arguments being made against threat intelligence.
\n– Argument: Intelligence feeds will do very little to substantially improve cybersecurity.
\n– Argument: Threat intelligence plots dots on a blank sheet of paper, and may at best connect some of the dots, but it cannot paint the larger picture.
\n– Argument: Most organizations are unable to add the expertise required.
\n– Argument: No single vendor ever has a complete view of a campaign. A failure to note activity could give a client a flawed view of the picture and cause a low priority to be assigned to the threat, ultimately leaving the client no better off than before.
\n– Argument: Threat intelligence vendors operate in contrast to antivirus companies. When one antivirus company analyzes a new malware sample, those signatures are shared with peer organizations which reduce the burden for individual companies and ultimately protect the entire user community from known threats.
\n– Argument: Organizations do not need the details of the attack; they just want to know they are protected.
\n– Argument: Threat intelligence vendors guard their research to the detriment of the wider community
\n– Argument: Prices ensure that only those companies able to pay the hefty subscriptions get access, leaving many SMBs and critical parts of the supply chain in the dark.
\n– Argument: Networks, the solutions and resources defending them, and the data that resides on them vary greatly, and so do attacks.
\n– Argument: At its best, threat intelligence might provide occasional protection from attacks. At its worst it\u2019s an expensive source of information that bears no relevance to securing a network and could mislead decision-makers.<\/p>\n
The only way for companies to defend themselves is by adopting a more pragmatic and intelligent threat response: stopping a compromise at the host, proactively segmenting networks, and spending the time to develop in-depth situational awareness.
\nOtherwise, the next decade will end up much like the current.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=126c6d3070&e=20056c7556<\/p>\n
The 10 things you need to know about cyberconflict
\nThe first step to understanding cyberconflict is to define the domain.
\nHere are 10 things to know about the cybersecurity debate, as taken from our recently released book from Oxford University Press, Cyber War versus Cyber Realities.
\n1. Terminology is important
\n2. We need data and theories about cyberconflict
\n3. Cybertactics are not used often
\n4. Cyber-actions to date have not been very severe
\n5. Most cyber-incidents are regional
\n6. Cyber-operations haven\u2019t gotten much reaction
\n7. Many cyber-incidents would be classified as espionage
\n8. Cyberterrorism is an inflated threat
\n9. Cyber-hygiene is important
\n10. A taboo is developing against cybertactics
\nOur research program in some ways clashes deeply with futurist proposals of those who would like to suggest war and conflict will be different with the rise of new weapons.
\nWe have seen little variation in the methods of warfare and diplomacy used through the history of human civilization.
\nThese processes have remained remarkably stable.
\nWe do not see that the use of cyber-technologies as a tactic will reshape the future.
\nOf course, cyberconflict will happen, and with greater frequency.
\nBut what we see is that the actions\u2019 severity will be minimal, and that clear norms are developing that will institutionalize the idea that there are only limited acceptable options for states in cyberspace if they wish go on the offense.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0bbc0f36e9&e=20056c7556<\/p>\n
Lebanon library at center of internet privacy debate in shutting off its Tor server
\nA public library in Lebanon finds itself at the center of a complicated debate over internet privacy and safety, after questions from the Department of Homeland Security led the library to think twice about participating in the global anonymous web-surfing network known as Tor.
\nThe server, located at the Kilton Public Library in West Lebanon, was the first in the country to be operated by a public library under the Boston-based Library Freedom Project, which advocates for open software and privacy projects for public libraries.
\nFleming shut off the server after it had run for about a month, when Lebanon police raised the issue with city officials.
\nThe Lebanon Public Libraries Board of Trustees, which unanimously supported the project in June, is scheduled to discuss the issue at its meeting on Tuesday at 7 p.m. in the main library.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=39f91b0aed&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=84a5adaed5)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: IBM: CoreBot now ready for front line use as banking Trojan CoreBot is now armed with 55 URL triggers that cause it to attack the online banking sites….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1147","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1147"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1147\/revisions"}],"predecessor-version":[{"id":3634,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1147\/revisions\/3634"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}