[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
BitSight report: half of entities susceptible to SSL vulnerabilities
\nThe BitSight Insights Industry Benchmark report found that energy\/utility and healthcare companies are among the most vulnerable industries surveyed in the report.
\nBitSight discovered over half of all entities across all industries were susceptible to SSL vulnerabilities, such as Heartbleed, POODLE and FREAK.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e3c9de5cfa&e=20056c7556<\/p>\n
Smartphone passcodes protected by the Fifth Amendment \u2013 US court
\nThe Feds can’t make suspects give up their company-issued smartphone passcodes because doing so violates the Fifth Amendment of the US Constitution.
\nSo ruled Judge Mark Kearney of the federal court in East Pennsylvania in the case of Securities and Exchange Commission v Huang, an insider-trading case brought against two ex-Capital One bank workers.
\nWhile that’s good news for the defendants, Bonan Huang and Nan Huang, it’s very bad news for prosecutors.
\nIt’s a very fine legal distinction.
\nA passcode is a thought process, which does get Fifth Amendment protection, whereas a biometric identifier is out in the open.
\nThe SEC is bound to appeal the case and go to a higher court on this one.
\nIt’s likely that the Supreme Court will eventually have to hear the case, but in the meantime, passcodes are protected. \u00ae
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8d2c30199d&e=20056c7556<\/p>\n
ThreatConnect and Defense Group Inc. Uncover Extensive Chinese Cyber Espionage Campaign Targeting South China Sea Interests
\nA growing community of private and highly-vetted cybercrime forums is redefining the very meaning of \u201ctargeted attacks.\u201d These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.
\nOne particularly active member, shown in the screen shot above and the one below using the nickname \u201cDemander,\u201d posts on Jan. 10, 2015 that he is looking for credentials from Cisco and that the request is urgent (it\u2019s unclear from the posting whether he\u2019s looking for access to Cisco Corp. or simply to a specific Cisco router).
\nDemander also was searching for services related to Bank of America ATMs and unspecified data or services from Wells Fargo.
\nglobeauthThe interesting twist with forums like Enigma is that they focus on connecting miscreants seeking specific information or access with those who can be hired to execute a hack or supply the sought-after information from a corpus of already-compromised data.
\nBased on her interaction with other buyers and sellers on these forums, Jolles said a great many of the requests for services seem to be people hiring others to conduct spear-phishing attacks \u2014 those that target certain key individuals within companies and organizations.
\nThreatConnect Inc., creator of the most widely adopted Threat Intelligence Platform (TIP), and open source cyber intelligence company Defense Group Inc. (DGI) today unveiled a report attributing a sophisticated cyber espionage campaign, orchestrated by an Advanced Persistent Threat (APT) group known as \u201cNaikon,\u201d with interests in the South China Sea to a Chinese People\u2019s Liberation Army (PLA) unit.
\nRevealing the scope of how extensive cyber campaigns are readily applied to ongoing regional disputes and conflicts, ThreatConnect and DGI\u2019s joint report, \u201cProject CAMERASHY: Closing the Aperture on China\u2019s Unit 78020\u201d documents Chinese efforts to gain the upper hand in a geopolitical stand-off by capturing information on regional rivals\u2019 negotiating postures, economies and military capabilities.
\nFor nearly five years PLA Unit 78020 used an array of global midpoint infrastructure to proxy the command and control of customized malware variants embedded within malicious attachments or document exploits.
\nTargets include government entities in Cambodia, Indonesia, Laos, Malaysia, Nepal, Philippines, Singapore, Thailand and Vietnam as well as international bodies such as United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).
\nStrategic implications for the United States include cyber threats against not only military alliances and security partnerships in the region, but risks to interests in a major artery of international commerce through which trillions of dollars in global trade traverse annually.
\nThis report stands out from previous APT reports given the collaborative nature of the research, aggregation and analysis of multiple data sources, application of statistical analysis, as well as data visualization to clearly connect the points between the adversary, their capabilities, the infrastructure they used and the victims being targeted.
\nTo create this report, ThreatConnect used a unique methodology built into their Threat Intelligence Platform called The Diamond Model of Intrusion Analysis.
\nUsing that repeatable process, any ThreatConnect user can derive a multidimensional picture of the underlying relationships between threat actors, their tools, techniques and processes.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=81ba184af5&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=e55a35b35d)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: BitSight report: half of entities susceptible to SSL vulnerabilities The BitSight Insights Industry Benchmark report found that energy\/utility and healthcare companies are among the most vulnerable industries surveyed…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1154","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1154"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1154\/revisions"}],"predecessor-version":[{"id":3641,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1154\/revisions\/3641"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}