http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2013-05-04 01:26:48 - Verizon Business Security Blog : And some week s the bear gets you Fifty million or so users of LivingSocial have been resetting their passwords following a data breach But they have company users from NTT DoCoMo and Reputationcom also had their credentials compromised The US Department of Labor had one sub-domain compromised and serving malware last Wednesday A bank account http://www.secuobs.com/revue/news/443506.shtmlhttp://www.secuobs.com/revue/news/443506.shtml Secuobs.com : 2013-05-01 20:22:06 - Verizon Business Security Blog - The term active defense or active response has gotten some attention in the information security industry lately, and this has led to a lot of controversy This occasionally happens when terms migrate from one large community to another, and something gets lost in translation The US Department of Defense uses the term to mean the http://www.secuobs.com/revue/news/442989.shtmlhttp://www.secuobs.com/revue/news/442989.shtml Secuobs.com : 2013-04-27 20:08:58 - Verizon Business Security Blog - It s finally here The RISK Team, Verizon and our 18 partners are proud to announce the release of the 2013 Data Breach Investigations Report If you love data analysis and security as much as the RISK Team does be sure to add the DBIR to your reading list If you don t love those things as http://www.secuobs.com/revue/news/442260.shtmlhttp://www.secuobs.com/revue/news/442260.shtml Secuobs.com : 2013-04-23 07:27:45 - Verizon Business Security Blog - 2012 Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage But rather than a synchronized chorus making its debut on New Year s Eve, we witnessed separate, ongoing movements that seemed to come together in full crescendo throughout the year And from http://www.secuobs.com/revue/news/441181.shtmlhttp://www.secuobs.com/revue/news/441181.shtml Secuobs.com : 2013-04-20 02:17:56 - Verizon Business Security Blog - It s that time again to organize an office pool for how many days it will be until one of the 42 vulnerabilities in Tuesday s Java CPU shows up in exploit kits and malware While everyone is in an Oracle sort of mood, there s a new CPU for the rest of their products too If those http://www.secuobs.com/revue/news/440743.shtmlhttp://www.secuobs.com/revue/news/440743.shtml Secuobs.com : 2013-04-15 17:32:51 - Verizon Business Security Blog - Microsoft and Adobe hit the security space with 1-2 punch on Tuesday by releasing patches multiple vulnerabilities in their product lines Adobe patched flaws in Flash Player, Shockwave Player and ColdFusion while Microsoft released 9 bulletins, including a cumulative Internet Explorer update the RISK Team recommended our clients push out within 30 days Noteworthy malcode http://www.secuobs.com/revue/news/439550.shtmlhttp://www.secuobs.com/revue/news/439550.shtml Secuobs.com : 2013-04-08 02:59:21 - Verizon Business Security Blog - Three months ago, we noted t here is something fishy going on with a malicious Apache module Dan Goodin at Ars Technica got closer to the bottom of it It s called Darkleech and it turns out attacks go back at least as far as August and effects as many as 20,000 sites Mary Landesman at Cisco indicates the common issue is SSH Also on Ars Technica, http://www.secuobs.com/revue/news/438074.shtmlhttp://www.secuobs.com/revue/news/438074.shtml Secuobs.com : 2013-04-01 15:48:34 - Verizon Business Security Blog - April Fools You should be careful about what the Interwebs tell you today any other day, they re entirely trustworthy, of course In all seriousness, we wish it were out today because we re ready to share our findings and analysis with you Turns out exchanging and analyzing data from 18 different global agencies takes a bit http://www.secuobs.com/revue/news/436954.shtmlhttp://www.secuobs.com/revue/news/436954.shtml Secuobs.com : 2013-04-01 00:38:48 - Verizon Business Security Blog - CloudFlare and the New York Times found themselves in a quarrel with security researchers and skeptical journalists over a record-breaking 300 GBPS DDoS attack against Spamhaus While CloudFlare claimed the attack nearly broke the Internet, other observers aren t sold A must-read article from Information Week balances the argument with seven facts surrounding the attack In http://www.secuobs.com/revue/news/436879.shtmlhttp://www.secuobs.com/revue/news/436879.shtml Secuobs.com : 2013-03-22 22:45:48 - Verizon Business Security Blog - On Wednesday afternoon, local time, the Republic of Korea suffered a cyber attack, perhaps more than one Analysis is still ongoing, but at this writing a phishing attack spread malware that contained a logic bomb with a trigger set for 2 00 pmThe hard disks of infected systems were corrupted The volume of bad intelligence collected after this event was remarkable Attribution is a hard problem http://www.secuobs.com/revue/news/435387.shtmlhttp://www.secuobs.com/revue/news/435387.shtml Secuobs.com : 2013-03-18 16:24:06 - Verizon Business Security Blog - James Bond, Nikita, Jason Bourne, Ethan Hunt and Jack Ryan Jr are fuming because Microsoft patched their favorite plug in a thumb drive and steal everything vulnerability with MS13-027 In addition to ruining Hollywood spy tradecraft, Microsoft released six other bulletins to patch 20 vulnerabilities across its product footprint Adobe also got in on the patch action and issued http://www.secuobs.com/revue/news/434265.shtmlhttp://www.secuobs.com/revue/news/434265.shtml Secuobs.com : 2013-03-11 01:28:36 - Verizon Business Security Blog - This has been an active week for risk intelligence operations, and overall, risk is substantially unchanged Reducing risk, Oracle released a Java patch on Monday for vulnerabilities being exploited in the wild ITW But the Izz ad-Din al-Qassam Cyber Fighters returned with DoS attacks on US financial sector companies Also affecting risk in the financial http://www.secuobs.com/revue/news/432633.shtmlhttp://www.secuobs.com/revue/news/432633.shtml Secuobs.com : 2013-03-06 23:19:28 - Verizon Business Security Blog - It s DBIR writing season for the Verizon RISK Team which means that we re all getting together to go over this years data, analyze the changes, and examine the data in light of significant events from 2012 Since we were looking back on 2012, I thought it might be interesting to see what we ve been talking http://www.secuobs.com/revue/news/431882.shtmlhttp://www.secuobs.com/revue/news/431882.shtml Secuobs.com : 2013-03-04 18:04:37 - Verizon Business Security Blog - It s like déjà vu all over again Three weeks ago, Bit9 reported a data breach almost certainly intended as a stepping-stone to attack their customers, and Oracle released their second of three Java updates in 2013 It was also the third Java patch in six months to respond to in the wild ITW attacks This http://www.secuobs.com/revue/news/431266.shtmlhttp://www.secuobs.com/revue/news/431266.shtml Secuobs.com : 2013-02-27 17:47:43 - Verizon Business Security Blog - It s that time of year again when those of us on the RISK Team are spending inordinate amounts of our professional and personal time analyzing data and drafting sections toward the Data Breach Investigations Report DBIR We re still a ways away from having this monkey off our back, but today we d like to let you http://www.secuobs.com/revue/news/430422.shtmlhttp://www.secuobs.com/revue/news/430422.shtml Secuobs.com : 2013-02-23 05:18:36 - Verizon Business Security Blog - Mandiant s report on China s Unit 61398 and APT1 represents the most significant intelligence collected this week by the RISK Team It s a must-read for everyone with the word security in their job title Hat tip to Mandiant on its thorough analysis and for releasing a bevy of tactical intelligence with its report Unfortunately, cybercriminals are http://www.secuobs.com/revue/news/429535.shtmlhttp://www.secuobs.com/revue/news/429535.shtml Secuobs.com : 2013-02-20 21:36:58 - Verizon Business Security Blog - It s been a busy week for those of us in the Incident Response and intel community On Monday, a closed source dropped a bulletin that included one of the largest TLP Green indicators of compromise IOC dumps on state-affiliated actors we ve ever seen We happily fired up IOCExtractor and looked forward to correlating the info with http://www.secuobs.com/revue/news/428915.shtmlhttp://www.secuobs.com/revue/news/428915.shtml Secuobs.com : 2013-02-19 18:05:23 - Verizon Business Security Blog - In addition to managing the back end of the RISK Team s operations and delivering Labs Services to our On Demand and Rapid Response Retainer customers, the RISK Labs team evaluates and tests forensic solutions for our investigators in the field While some consultants don t mind traveling with the best gear they can locate, others want http://www.secuobs.com/revue/news/428580.shtmlhttp://www.secuobs.com/revue/news/428580.shtml Secuobs.com : 2013-02-16 18:03:10 - Verizon Business Security Blog - How time flies There hadn t been an in the wild attack exploiting an unknown vulnerability in Adobe Acrobat Reader since December 2011 Until this week Wednesday, FireEye reported, and a day later added details on a targeted attack, and Adobe s PSIRT suggested some mitigations bulletin and patch TBA This is a complex beastie, expect http://www.secuobs.com/revue/news/428184.shtmlhttp://www.secuobs.com/revue/news/428184.shtml Secuobs.com : 2013-02-14 21:16:26 - Verizon Business Security Blog - In our previous post about Malformity, we presented a scenario in which using Malformity could be useful Today, we ll step through one of those examples in order to demonstrate how Malformity may be used to quickly identify maliciousness and related indicators So, you ve found an unknown binary during an investigation, what next Once you fire http://www.secuobs.com/revue/news/427856.shtmlhttp://www.secuobs.com/revue/news/427856.shtml Secuobs.com : 2013-02-11 18:01:06 - Verizon Business Security Blog - The really bad news Adobe released Security Bulletin ASPSB13-04 with patches to Flash Player for two attacks already spotted in the wild, one targeted DOCs and one web-hosted In less than 24-hours, every new intel collection on this paints a picture of escalating risk The ordinary bad news risk intelligence Debian Wiki and the Python http://www.secuobs.com/revue/news/426965.shtmlhttp://www.secuobs.com/revue/news/426965.shtml Secuobs.com : 2013-02-02 05:30:48 - Verizon Business Security Blog - The RISK Team assesses there were no significant changes in the risk environment this week for Verizon Enterprise clients Tuesday US time we published our assessment of Rapid7 s UPnP vulnerabilities We know our Security Management Program clients are not exposing UPnP to the Internet and we assess other enterprises with robust security architectures have little http://www.secuobs.com/revue/news/425419.shtmlhttp://www.secuobs.com/revue/news/425419.shtml Secuobs.com : 2013-01-29 18:44:11 - Verizon Business Security Blog - Many of us on the Verizon RISK team produce open source software, and all of us use it This blog itself runs on a stack of software components mostly licensed under the GNU Public License, and we ve published and or contributed to a number of projects under varying licenses Whether because of free as in beer http://www.secuobs.com/revue/news/424499.shtmlhttp://www.secuobs.com/revue/news/424499.shtml Secuobs.com : 2013-01-26 00:28:56 - Verizon Business Security Blog - by Steve Simpson The term actionable intelligence nicely sums up this week s open source collections Kaspersky released part 2 of its analysis of the Red October campaign and teamed with AlienVault to publicly release indicators of compromise IOCs related to the attacks Meanwhile French malware researcher Kafeine published a detailed analysis of the recently discovered Red Dot exploit kit and Eric Romang http://www.secuobs.com/revue/news/424010.shtmlhttp://www.secuobs.com/revue/news/424010.shtml Secuobs.com : 2013-01-21 17:37:00 - Verizon Business Security Blog - Those of you familiar with the Vocabulary for Event Recording and Incident Sharing VERIS framework might have reviewed or experimented with the beta schema XML we released last year Since then, we continued to test and refine the schema thanks to those in the VERIS Community who provided input , and we re happy to say that http://www.secuobs.com/revue/news/422961.shtmlhttp://www.secuobs.com/revue/news/422961.shtml Secuobs.com : 2013-01-18 23:45:32 - Verizon Business Security Blog - We on the RISK team were somewhat surprised by the amount of buzz created by our recent post Case Study Pro-active Log Review Might Be A Good Idea As is typical when a great deal of attention is given to something in a short time, there have been erroneous reports, blog posts, and chatter about http://www.secuobs.com/revue/news/422713.shtmlhttp://www.secuobs.com/revue/news/422713.shtml Secuobs.com : 2013-01-18 22:10:19 - Verizon Business Security Blog - The first couple weeks of the new year have been almost enough to lead one to seek therapy for triskaidekaphobia Microsoft and Oracle each issued out-of-cycle patches for unrelated vulnerabilities in Internet Explorer 8 and earlier and Java 7 update 10 and earlier Kaspersky reported on Rocra, a targeted malware espionage operation Within days, http://www.secuobs.com/revue/news/422691.shtmlhttp://www.secuobs.com/revue/news/422691.shtml Secuobs.com : 2013-01-14 21:23:52 - Verizon Business Security Blog - With the New Year having arrived, it s difficult not to reflect back on last year s caseload While the large-scale data breaches make the headlines and are widely discussed among security professionals, often the small and unknown cases are the ones that are remembered as being the most interesting from the investigators point of view Every http://www.secuobs.com/revue/news/421699.shtmlhttp://www.secuobs.com/revue/news/421699.shtml Secuobs.com : 2013-01-12 00:46:45 - Verizon Business Security Blog - The RISK Team hates to be the bearer of bad news, but we have collected three separate reports confirming a previously undiscovered vulnerability in Java being exploited by the multiple exploit kits The vulnerability affects Java 7 update 10 and earlier Oracle s next Java update isn t scheduled until February 19, but we don t know if http://www.secuobs.com/revue/news/421335.shtmlhttp://www.secuobs.com/revue/news/421335.shtml Secuobs.com : 2013-01-10 21:37:02 - Verizon Business Security Blog - What happens when you come across a suspicious file, IP address, or domain Where do you go to find out more information about that potential indicator If you know an indicator is malicious, what tools do you use to find out more about it For many people, the answers to these questions largely involve several http://www.secuobs.com/revue/news/421067.shtmlhttp://www.secuobs.com/revue/news/421067.shtml Secuobs.com : 2013-01-09 17:32:20 - Verizon Business Security Blog - by Daniel Pelc Organizations seek to mitigate risk These activities are interwoven into the daily objectives of corporate executives As much as companies try to defend their positions, the ground can erode beneath their feet A security breach, most often, triggers a series of woes to the company, including recovery of data, rebuilding internal processes http://www.secuobs.com/revue/news/420728.shtmlhttp://www.secuobs.com/revue/news/420728.shtml Secuobs.com : 2013-01-07 23:33:05 - Verizon Business Security Blog - We ended 2012 and began 2013 with news of a breach at the Council on Foreign Relations leading to a drive-by-download caused by a previously unreported vulnerability in Internet Explorer Symantec has tied this attack to the Elderwood Project linked to the People s Republic of China Three more victim web sites, Capstone Turbine, PHIL-AM Tour http://www.secuobs.com/revue/news/420313.shtmlhttp://www.secuobs.com/revue/news/420313.shtml Secuobs.com : 2013-01-04 19:54:38 - Verizon Business Security Blog - Every Microsoft Tuesday the RISK Team will review the Security Bulletins released by Microsoft and the vulnerabilities addressed by each of them The goal is to provide recommendations on patch strategies and target dates for each bulletin We strive to reduce the pressure and stress caused by updates by offering feasible and achievable timelines The http://www.secuobs.com/revue/news/419925.shtmlhttp://www.secuobs.com/revue/news/419925.shtml Secuobs.com : 2013-01-03 17:17:11 - Verizon Business Security Blog - As 2012 comes to a close, year-in-review articles and predictions for 2013 lead intelligence collections this week Noteworthy reports include Trend Micro s blog post about the trends it discovered in 2012 s targeted attacks and McAfee s threat predictions for 2013 Fortinet also deserves attention for its research on cybercrime-as-a-service and how the underground industry will fare http://www.secuobs.com/revue/news/419707.shtmlhttp://www.secuobs.com/revue/news/419707.shtml Secuobs.com : 2012-12-22 04:03:12 - Verizon Business Security Blog - The RISK Team sent an advisory about VOBFUS to Verizon s clients on Monday evening Trend Micro added to the available OSINT on this malware at almost the same time We expect to hear more infection reports We re also tracking a steady stream of ransom-ware infection reports from SME in Oz Chris Boyd at GFI Sunbelt http://www.secuobs.com/revue/news/418396.shtmlhttp://www.secuobs.com/revue/news/418396.shtml Secuobs.com : 2012-12-17 16:34:15 - Verizon Business Security Blog - This week we collected a number of high-quality open source intelligence reports McAfee released a report lending credibility to Project Blitzkrieg, and FireEye analyzed a targeted malware attack against Russian targets Brian Krebs provided interesting profiles on the operators of two well-known botnets Ars Technica published two articles on Anonymous infamous Commander X Team GhostShell leaked 16 million records stolen from a number of high-profile sites, http://www.secuobs.com/revue/news/417383.shtmlhttp://www.secuobs.com/revue/news/417383.shtml Secuobs.com : 2012-12-14 22:58:31 - Verizon Business Security Blog - If your organization makes use of Point-of-Sale POS systems to process credit or debit cards, you may have heard of a new piece of malware dubbed Dexter Seculert coined the name, reportedly from strings within the malware and its online parsing tool Essentially, Dexter is another memory scraper that searches for Track 1 2 http://www.secuobs.com/revue/news/417171.shtmlhttp://www.secuobs.com/revue/news/417171.shtml Secuobs.com : 2012-12-09 03:35:53 - Verizon Business Security Blog - Intelligence collections this week captured some big numbers, but fortunately no big risks Probably the most risk-significant report this week was about some 30,000 customers of European banks who were victims of Eurograbber, both a PC Trojan and mobile malware infecting Android, BlackBerry and Symbian devices Although the Zeus-related Trojans are neither new nor undetectable, Check Point and Versafe claim http://www.secuobs.com/revue/news/415900.shtmlhttp://www.secuobs.com/revue/news/415900.shtml Secuobs.com : 2012-12-04 16:16:03 - Verizon Business Security Blog - by Nathan Buesgens CIF is a framework for exchanging intelligence about many of the most important indicators of compromise We have written about CIF on this blog previously because CIF has a lot going for it It is open source free , under active development, it comes with a robust toolkit for parsing a variety of http://www.secuobs.com/revue/news/414981.shtmlhttp://www.secuobs.com/revue/news/414981.shtml Secuobs.com : 2012-12-03 05:56:59 - Verizon Business Security Blog - DNS hijacking was all the rage this week as evidenced in incidents from Pakistan and Romania Visitors to a number of sites in both countries were redirected to pages set-up by the hactivists to take responsibility for the hijackings An unknown number of Go Daddy hosted sites were the victims of DNS hijacking that Go Daddy attributed to phishing the http://www.secuobs.com/revue/news/414674.shtmlhttp://www.secuobs.com/revue/news/414674.shtml Secuobs.com : 2012-11-28 17:39:11 - Verizon Business Security Blog - Two weeks ago I introduced the CIFGlue tool that we developed to easily add indicators to CIF using a browser interface CIFGlue takes indicators that are found in various sources and presents them as a structured feed which CIF can ingest Updates to the code for CIFGlue are still fairly common because the project is http://www.secuobs.com/revue/news/413895.shtmlhttp://www.secuobs.com/revue/news/413895.shtml Secuobs.com : 2012-11-17 19:07:20 - Verizon Business Security Blog - Regretably, there was no significant new risk intelligence this week We collected several new instances of old problems that remain unsolved For example Webroot reminded us criminals like to use credit card problem notices, Better Buisness Bureau notifications and PayPal-related emails as bait to seduce the unwary user to visit a site harboring malware and Black Hole exploit kits We http://www.secuobs.com/revue/news/412002.shtmlhttp://www.secuobs.com/revue/news/412002.shtml Secuobs.com : 2012-11-15 18:04:11 - Verizon Business Security Blog - Recently, Kyle Maxwell blogged about how we use the Collective Intelligence Framework CIF to collect indicators of compromise IOCs that come from feeds on the Internet As he mentioned, CIF is very good at collecting structured data, unfortunately a lot of our information is in unstructured formats such as case reports and blog postings Stephen http://www.secuobs.com/revue/news/411683.shtmlhttp://www.secuobs.com/revue/news/411683.shtml Secuobs.com : 2012-11-13 17:31:56 - Verizon Business Security Blog - We recently read with interest a report from AlgoSec entitled Examining the Dangers of Complexity in Network Security Environments This report analyzed survey data to study the impact of complexity in network security environments The Verizon RISK team sees all sorts of network security environments, ranging from very small organizations to some of the largest http://www.secuobs.com/revue/news/411158.shtmlhttp://www.secuobs.com/revue/news/411158.shtml Secuobs.com : 2012-11-12 16:59:28 - Verizon Business Security Blog - The 5th of November has come and gone Is there anything for us to remember The answer is yes if you re Imageshack, Symantec, ZPanel and NBC Hacktivists with affinity to Anonymous carried out attacks against those organizations and others as part of OpJubilee s commemoration of Guy Fawkes Day Team GhostShell set its sights on Russia this week by releasing 25 http://www.secuobs.com/revue/news/410930.shtmlhttp://www.secuobs.com/revue/news/410930.shtml Secuobs.com : 2012-11-06 19:19:24 - Verizon Business Security Blog - by Stephen Brannon An indicator of compromise IOC is one of the basic units of information sharing in tactical intelligence Simple examples are IP addresses of known command-and-control servers and MD5 hashes of know malware But a common problem is that IOCs are often stored and shared in a document like a PDF or Word http://www.secuobs.com/revue/news/409914.shtmlhttp://www.secuobs.com/revue/news/409914.shtml Secuobs.com : 2012-11-05 03:56:23 - Verizon Business Security Blog - Hurricane Sandy and the data breach at the South Carolina Department of Revenue dominated the risk intelligence collections this week Trend Micro released a very good report on the Russian Underground Georgia s Computer Emergency Response Team CERT-GE issued their analysis of a cyber conflict campaign including photos of a Russia-based individual they believe orchestrated the attacks Jaime Blasco at AlienVault published a concise assessment http://www.secuobs.com/revue/news/409498.shtmlhttp://www.secuobs.com/revue/news/409498.shtml Secuobs.com : 2012-11-01 20:45:45 - Verizon Business Security Blog - So as we ve talked about before, preventive controls by themselves do not provide sufficient defense in today s threat environment Instead, defenders must continually adapt to their adversaries, and this includes sharing threat intelligence with trusted partners The open-source Collective Intelligence Framework CIF , developed by the REN-ISAC with support from the National Science Foundation, Internet2, and http://www.secuobs.com/revue/news/409071.shtmlhttp://www.secuobs.com/revue/news/409071.shtml Secuobs.com : 2012-10-31 22:52:39 - Verizon Business Security Blog - As others have stated, natural disasters often serve as timely and effective topics for both opportunistic and targeted attacks We recently discovered a new link delivering a Sykipot variant in a file called Disaster_Relief_InfoZIP, which contains Disaster_Relief_Infoscr Based upon the information available, we believe this lure is likely being used in targeted attacks and is http://www.secuobs.com/revue/news/408910.shtmlhttp://www.secuobs.com/revue/news/408910.shtml Secuobs.com : 2012-10-28 01:46:31 - Verizon Business Security Blog - What do Michaels, Aldi, and Barnes Noble have in common They ve all suffered data breaches as a result of compromised point-of-sale terminals Barnes Noble this week announced malware designed to swipe payment information had been installed on card readers in 63 of its stores It s probably too soon to tell if Barnes Noble is the latest http://www.secuobs.com/revue/news/408208.shtmlhttp://www.secuobs.com/revue/news/408208.shtml Secuobs.com : 2012-10-25 18:04:02 - Verizon Business Security Blog - I ve been having fun working with Bob Rudis after hours on some data released by F-Secure last month and I want to start by thanking F-Secure for releasing their data and also thanks goes to Bob for working with me on this data F-Secure has created a map visualization on data they collected on ZeroAccess http://www.secuobs.com/revue/news/407767.shtmlhttp://www.secuobs.com/revue/news/407767.shtml Secuobs.com : 2012-10-24 06:33:47 - Verizon Business Security Blog - In the past, we have, from time to time, released supplemental reports based on the data from our annual Data Breach Investigations Report DBIR to shed light on some particular area of interest to our readers This year, due in large part to frequent requests from those readers, we have decided to publish a series http://www.secuobs.com/revue/news/407428.shtmlhttp://www.secuobs.com/revue/news/407428.shtml Secuobs.com : 2012-10-22 17:07:28 - Verizon Business Security Blog - Brian Krebs, who has exposed several Russian cyber criminals and Internet cesspools may have finally put himself in serious jeopardy with his recent article in which he dares to assert some smart people working in the education and private sectors are more effective at combating cyber crime than assembled choruses of baby-kissers And right before an election What was he thinking WordPress suffered the compromise of 60,000 of http://www.secuobs.com/revue/news/407020.shtmlhttp://www.secuobs.com/revue/news/407020.shtml Secuobs.com : 2012-10-18 20:25:08 - Verizon Business Security Blog - I couldn t just let this go Even thought I just finished up a three-part blog series looking at opportunistic attackers part 1, part 2 and part 3 , there was one more perspective that I thought was missing The notion of time is interesting in this data and I tried to get at that in my http://www.secuobs.com/revue/news/406509.shtmlhttp://www.secuobs.com/revue/news/406509.shtml Secuobs.com : 2012-10-15 16:58:48 - Verizon Business Security Blog - I just read a very curious blog post from titled Somewhere Over The Rainbow A Story About A Global Ubiquitous Record of All Things Incident Thanks to Jelle Niemantsverdriet jelle_n for calling my attention to it There are many reasons I find this post so curious, one being that it says several times that http://www.secuobs.com/revue/news/405626.shtmlhttp://www.secuobs.com/revue/news/405626.shtml Secuobs.com : 2012-10-13 02:46:11 - Verizon Business Security Blog - Fundamentally, intelligence supports a decision maker by providing factual information Colin Powell sucinctly captured the challenge of decision making based on partial information One of this week s leading issues in risk intelligence is an example of decision making without supporting factual information the US House of Representatives issued a report critical of Chinese telecommunications companies Huawei and ZTE Among http://www.secuobs.com/revue/news/405405.shtmlhttp://www.secuobs.com/revue/news/405405.shtml Secuobs.com : 2012-10-06 17:00:13 - Verizon Business Security Blog - Every week there seems to be winners and losers in the security space This week s big winner is the US Federal Trade Commission Not only did it crack a global tech support scam, it also won a 163 million dollar lawsuit against a scareware ring This week s big losers are the world s top universities breached by Team GhostShell http://www.secuobs.com/revue/news/403991.shtmlhttp://www.secuobs.com/revue/news/403991.shtml Secuobs.com : 2012-09-30 21:19:33 - Verizon Business Security Blog - Hmmm which was the more important risk intelligence collection this week Continued denial of service attacks on US financial services companies or Adobe s announcement of a pwned code-signing system flip Tails Adobe before anyone dons a tinfoil hat, all we know for certain is samples of two pieces of malware were submitted to Adobe with legitimate Adobe digital signatures Malware http://www.secuobs.com/revue/news/402651.shtmlhttp://www.secuobs.com/revue/news/402651.shtml Secuobs.com : 2012-09-22 03:48:11 - Verizon Business Security Blog - It s déjà vu all over again There s another previously undiscovered vulnerability being actively exploited in the wild and this time it belongs to Internet Explorer Microsoft released a Security Advisory and issued an out-of-cycle bulletin on Friday 21 September to address the flaw It should come as no surprise the group behind this exploit is the same one behind the previously undiscovered Java vulnerability from http://www.secuobs.com/revue/news/401184.shtmlhttp://www.secuobs.com/revue/news/401184.shtml Secuobs.com : 2012-09-18 18:54:38 - Verizon Business Security Blog - Today we re going to dip into the archives and VERISize a well-known case the Initech incident of 1999 from the movie Office Space A few people had asked me to VERISize the Blue Toad hack, but there just isn t enough information in the public domain to do it well Office Space, on the other hand, http://www.secuobs.com/revue/news/400326.shtmlhttp://www.secuobs.com/revue/news/400326.shtml Secuobs.com : 2012-09-11 15:52:27 - Verizon Business Security Blog - This post is the third and final post on this data set On Opportunistic Attacks, Part 1 talked broadly about where opportunistic attacks begin where are we seeing attempted connections and where are they coming from The second post, On Opportunistic Attacks, Part 2 looked at the typical attack pattern are we seeing patterns in http://www.secuobs.com/revue/news/398926.shtmlhttp://www.secuobs.com/revue/news/398926.shtml Secuobs.com : 2012-09-07 23:54:24 - Verizon Business Security Blog - This was a week when our skepticism resupply deliveries used dump trucks like these AntiSec says they stole 12 million records, published 1 million Apple iOS UDID s, said they re from the FBI, and we should believe them why Because they re such nice lads and they wouldn t lead us astray Hello The Bureau s artfully worded statement was At this time there is http://www.secuobs.com/revue/news/398406.shtmlhttp://www.secuobs.com/revue/news/398406.shtml Secuobs.com : 2012-09-06 17:38:01 - Verizon Business Security Blog - An ancient parable tells of blind men who try to describe an elephant The first man feels the elephant s tusk and declares that an elephant is long, smooth, and sharp The second feels the ear and declares that it is broad, soft, and flexible The third feels the belly and declares that it is solid http://www.secuobs.com/revue/news/398004.shtmlhttp://www.secuobs.com/revue/news/398004.shtml Secuobs.com : 2012-09-05 18:06:34 - Verizon Business Security Blog - This post is the second of three on this data set On Opportunistic Attacks, Part 1 talks broadly about where opportunistic attacks begin Where are we seeing attempted connections and where are they coming from This post will look at the typical attack pattern Are we seeing patterns in the scans of hosts or a http://www.secuobs.com/revue/news/397768.shtmlhttp://www.secuobs.com/revue/news/397768.shtml Secuobs.com : 2012-09-04 17:49:22 - Verizon Business Security Blog - Give Oracle an attaboy for their speedy reaction and patch issue for three newly publicized vulnerabilities in Java, one of which is already being used in targeted attacks If only they hadn t been reported to Oracle in April If only Oracle had communicated with their customers on Monday to let us know a patch would be forthcoming If only the exploit http://www.secuobs.com/revue/news/397531.shtmlhttp://www.secuobs.com/revue/news/397531.shtml Secuobs.com : 2012-08-30 17:52:19 - Verizon Business Security Blog - When we consider publicly disclosed incidents that we can model for the blog using VERIS a process we call VERISizing , we look for completeness of the information available, uniqueness of the case, and whether or not there are any interesting discussions that we can have about the VERIS classifications This week we saw an interesting http://www.secuobs.com/revue/news/396780.shtmlhttp://www.secuobs.com/revue/news/396780.shtml Secuobs.com : 2012-08-28 17:16:44 - Verizon Business Security Blog - This post will be the first of three on this data set This first will talk broadly about where opportunistic attacks begin Where are we seeing attempted connections and where are they coming from The second post will look at the typical attack pattern Are we seeing patterns in the scans of hosts or a http://www.secuobs.com/revue/news/396259.shtmlhttp://www.secuobs.com/revue/news/396259.shtml Secuobs.com : 2012-08-25 00:54:36 - Verizon Business Security Blog - What does 32kb of data get you these days that s right 32 KILOBYTES A place atop this week s InfoSec headlines Newly formed hacking crew r00tbersec breached AMD s blog site and stole 32kb of usernames and hashed passwords r00tbersec also claimed to steal data from Philips but it seems they just regurgitated another hacker s breach of Philips from February Anonymous DDoSed several UK http://www.secuobs.com/revue/news/395679.shtmlhttp://www.secuobs.com/revue/news/395679.shtml Secuobs.com : 2012-08-20 22:14:36 - Verizon Business Security Blog - London Takes Gold in Cybersecurity in Core Security s blog, Mark Hatton sticks the landing We hyper-focus on failures and weaknesses and seldom pause to celebrate our successes and strengths There are about half a million hits in Google for London Olympics cyber attack The result from the mother of all opportunities for hackers, including a new threat to the Olympics http://www.secuobs.com/revue/news/394687.shtmlhttp://www.secuobs.com/revue/news/394687.shtml Secuobs.com : 2012-08-10 23:27:36 - Verizon Business Security Blog - Fool me once, shame on you Fool me twice Kaspersky Labs discovered the Gauss malware campaign affecting countries across the Middle East with the majority of infections centered in Lebanon State-sponsored started trending worldwide Gauss phones-home to its command and control servers using xOR encryption The key 0xACDC ACDC Where have we heard ACDC lately Oh It http://www.secuobs.com/revue/news/392936.shtmlhttp://www.secuobs.com/revue/news/392936.shtml Secuobs.com : 2012-08-09 21:50:02 - Verizon Business Security Blog - Now that the excitement of Black Hat has passed, we thought it was time for another blog post on how to categorize a security incident using VERIS You probably saw some of the coverage of the suspicious email message that was sent to people registered for Black Hat Initially the email was speculated to be http://www.secuobs.com/revue/news/392714.shtmlhttp://www.secuobs.com/revue/news/392714.shtml Secuobs.com : 2012-08-07 18:49:58 - Verizon Business Security Blog - Bryan Krebs released a post last week talking about the Uptick in Cyber Attacks on Small Businesses and cites Symantec s June Intelligence report Both do a great job covering the topic and their work is further supported by the data we ve collected over the past few years In this installment of Ask the Data , we http://www.secuobs.com/revue/news/392191.shtmlhttp://www.secuobs.com/revue/news/392191.shtml Secuobs.com : 2012-08-06 03:51:06 - Verizon Business Security Blog - If it sounds too good to be true Last week s Iranian nuke plants infected with virus that plays AC DC should have set off the olfactory alarms, but it was so conveniently cool to buy into it This week the Chief of Iran s Atomic Energy Organization rightly asked, who seriously believes such a story Both should be in the unconfirmed files http://www.secuobs.com/revue/news/391777.shtmlhttp://www.secuobs.com/revue/news/391777.shtml Secuobs.com : 2012-08-01 17:09:02 - Verizon Business Security Blog - We have three announcements to make concerning VERIS The first announcement is easy and more of an amendment than something new we re redefining the VERIS acronym We previously defined VERIS as the Verizon Enterprise Risk and Incident Sharing framework, but having Verizon in the title purportedly raised some eyebrows and perhaps hindered adoption Additionally, VERIS http://www.secuobs.com/revue/news/391096.shtmlhttp://www.secuobs.com/revue/news/391096.shtml Secuobs.com : 2012-07-28 00:37:31 - Verizon Business Security Blog - Black Hat and DEFCON are upon us dominating the InfoSec headlines Reverse-engineering irises to thwart biometric scanners, exploiting NFC to infect phones with malware and hacking hotel room keycard readers are just a fraction of the monsters in the closet coming from Las Vegas this week You can also add abuse of functionality by a http://www.secuobs.com/revue/news/390370.shtmlhttp://www.secuobs.com/revue/news/390370.shtml Secuobs.com : 2012-07-25 16:48:45 - Verizon Business Security Blog - One of our tasks here with the Verizon RISK Team is taking case reports regarding security incidents from various sources and extracting metadata so that we can publish the wonderful statistics in the Data Breach Investigations Report We use the VERIS framework to classify incidents, and we playfully refer to the process of putting metadata http://www.secuobs.com/revue/news/389678.shtmlhttp://www.secuobs.com/revue/news/389678.shtml Secuobs.com : 2012-07-23 16:47:36 - Verizon Business Security Blog - A few weeks ago, I wrote up some analysis on characters sets used in 60,000 passwords, which were collected in an SSH honeypot This data set represents the passwords that the attackers are trying to brute force SSH with With the recent breach of the Yahoo Voice Service and the subsequent public release of the http://www.secuobs.com/revue/news/389129.shtmlhttp://www.secuobs.com/revue/news/389129.shtml Secuobs.com : 2012-07-20 23:34:31 - Verizon Business Security Blog - Good news or bad news first Let s lead with the good The world s third-largest botnet was taken down this week and the infamous Dave and Buster s hacker who stole details on 240,000 credit cards will sit behind bars for 7 years And the bad news A new malware is sweeping the Middle East and its http://www.secuobs.com/revue/news/388772.shtmlhttp://www.secuobs.com/revue/news/388772.shtml Secuobs.com : 2012-07-17 17:23:26 - Verizon Business Security Blog - Readers of the 2012 DBIR may remember that the report featured quite a bit of discussion around breaches attributed to various hactivist groups not using quotes from here on out, but add them in your mind as you read While such groups did not account for a large proportion of incidents in our dataset 2pourcents , http://www.secuobs.com/revue/news/387807.shtmlhttp://www.secuobs.com/revue/news/387807.shtml Secuobs.com : 2012-07-16 19:12:52 - Verizon Business Security Blog - At least two million passwords are overdue to be reset following this week s reported breaches including Yahoo , Nvidia and Formspring with more than 400,000 each Phandroid reported a million user ID s were at risk Microsoft delivered on their nine security bulletins and then upped the ante with a Security Advisory to turn off Windows 7 http://www.secuobs.com/revue/news/387542.shtmlhttp://www.secuobs.com/revue/news/387542.shtml Secuobs.com : 2012-07-12 20:07:03 - Verizon Business Security Blog - The last post I did was on SSH passwords from a honeypot and their character composition Bob Rudis followed up with a range of good visualizations of the same ssh attempts and I wanted to expand on Bob s work a bit more and lay a foundation for the data we ve got here My result is http://www.secuobs.com/revue/news/386920.shtmlhttp://www.secuobs.com/revue/news/386920.shtml Secuobs.com : 2012-07-07 00:30:29 - Verizon Business Security Blog - The United States celebrated Independence Day on Wednesday but some of the fireworks continued Thursday as Microsoft pre-announced 9 bulletins patching 16 vulnerabilities We ll have to wait until Tuesday to see if Microsoft has included a permanent patch for the XML Core Services vulnerability in this batch of bulletins Trend Micro continued its streak of http://www.secuobs.com/revue/news/385895.shtmlhttp://www.secuobs.com/revue/news/385895.shtml Secuobs.com : 2012-07-01 04:49:59 - Verizon Business Security Blog - McAfee hit the exacta in risk intelligence this week with two reports the first half of their Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems report captures security issues in the power grid including smart grid technologies And their report on Dissecting Operation High Roller concisely assesses crimeware, especially Zeus http://www.secuobs.com/revue/news/384794.shtmlhttp://www.secuobs.com/revue/news/384794.shtml Secuobs.com : 2012-06-28 19:15:19 - Verizon Business Security Blog - There were quite a few statistics that jumped out at me in this year s data breach report, however one of them stuck in my head 79pourcents of all attacks were classified as opportunistic We define opportunistic attacks in the report as The victim isn t specifically chosen as a target they were identified and attacked because http://www.secuobs.com/revue/news/384433.shtmlhttp://www.secuobs.com/revue/news/384433.shtml Secuobs.com : 2012-06-23 04:44:37 - Verizon Business Security Blog - Last week s vulnerability headlines became this week s exploit headlines Reports of state-sponsored attacks against Microsoft s unpatched XML Core Services vulnerability continued this week as Sophos blogged about two compromised European websites serving up exploits Metasploit released exploit modules for the XML vulnerability as well as for an Internet Explorer vulnerability patched in last week s Microsoft http://www.secuobs.com/revue/news/383329.shtmlhttp://www.secuobs.com/revue/news/383329.shtml Secuobs.com : 2012-06-16 17:23:58 - Verizon Business Security Blog - InfoSec professionals who are also partial to country-western classics were probably caught humming Dickie Lee s Patches this week as we re managing more than a dozen patch and vulnerability announcements We were expecting the seven security bulletins from Microsoft, but we weren t expecting a security advisory on another vulnerability in XML Core Services that s already under http://www.secuobs.com/revue/news/381961.shtmlhttp://www.secuobs.com/revue/news/381961.shtml Secuobs.com : 2012-06-10 02:50:18 - Verizon Business Security Blog - It has been an unusually tough week for leaked passwords LinkedIn, eHarmony, and Lastfm all reported data breaches with users passwords being posted online What we don t know or have confidence in when or how long ago the breaches occurred and if the full extent of the breaches is known and reported, eg what other http://www.secuobs.com/revue/news/380635.shtmlhttp://www.secuobs.com/revue/news/380635.shtml Secuobs.com : 2012-06-04 22:26:12 - Verizon Business Security Blog - Sometimes we can learn new things from the data by answering a question we ve already asked in a different way That s what we re doing with this installment we re re-asking about the difference in threat actions between large and small organizations http://www.secuobs.com/revue/news/379441.shtmlhttp://www.secuobs.com/revue/news/379441.shtml Secuobs.com : 2012-06-01 23:09:20 - Verizon Business Security Blog - If W32 Flamer really was the product of the US government, Congress would have named it The Full Employment of Tech Journalists and Pundits Act of 2012, and 2013 FETJPA Flame is another example of the discovery of an unknown-unknown We can acknowledge there are things we don t know, but then we may discover something that http://www.secuobs.com/revue/news/379087.shtmlhttp://www.secuobs.com/revue/news/379087.shtml Secuobs.com : 2012-05-25 21:37:01 - Verizon Business Security Blog - This week s intel in the InfoSec space can be summed up with a simple phrase more of the same Anonymous hacked the US Department of Justice s Bureau of Justice Statistics and stole 17 GB of data, most of which were crime statistics The Anonymous affiliated ATeam DDoSed NATO s official website as part of online protests http://www.secuobs.com/revue/news/377849.shtmlhttp://www.secuobs.com/revue/news/377849.shtml Secuobs.com : 2012-05-19 19:25:13 - Verizon Business Security Blog - I don t think anyone on the RISK Team is lining up today to get in on Facebook s IPO Although Facebook probably provided the most interesting InfoSec risk development this week with their new LilyJade worm While on the subject of Facebook, the RISK Team offers our begrudged admiration to Ascend Media They generated 20 million http://www.secuobs.com/revue/news/376537.shtmlhttp://www.secuobs.com/revue/news/376537.shtml Secuobs.com : 2012-05-16 17:59:33 - Verizon Business Security Blog - Question Do you happen to have any metrics on internal breaches caused by employees not locking their screens, or failure to implement an idle inactivity screen saver lock We recently devised, communicated, and implemented a 15 minute inactivity screensaver lock, so that users would be required to sign in after their screen saver started We re receiving http://www.secuobs.com/revue/news/375912.shtmlhttp://www.secuobs.com/revue/news/375912.shtml Secuobs.com : 2012-05-11 22:59:17 - Verizon Business Security Blog - Apple, Adobe, and Microsoft dominated InfoSec headlines this week by releasing multiple security updates to patch dozens of vulnerabilities Microsoft led the pack with 7 bulletins for 23 vulnerabilities Last week s Adobe Flash Player vulnerability continues to be exploited in targeted attacks And attacks on last week s PHP-CGI vulnerability emerged this week The PHP Group http://www.secuobs.com/revue/news/375166.shtmlhttp://www.secuobs.com/revue/news/375166.shtml Secuobs.com : 2012-05-04 21:50:05 - Verizon Business Security Blog - InfoSec risk was substantially unchanged this week Intell collections generally fell under the categories of more of the same, or vulnerability without a problem Ransomware, drive-by-downloads of known Trojans, and Android malware reports were simultaneously new and not new May s Microsoft Tuesday forecast is for seven bulletins, Google updated Chrome and OpenX ad platform is http://www.secuobs.com/revue/news/373795.shtmlhttp://www.secuobs.com/revue/news/373795.shtml Secuobs.com : 2012-05-03 23:34:21 - Verizon Business Security Blog - Hello World I m Jay Jacobs and I joined the Verizon RISK Intelligence team in January of this year It was good timing because it was right after the tedious data collection for 2011 was completed and right before the fun data analysis and writing commenced on the 2012 Data Breach Investigations Report DBIR While the VERIS http://www.secuobs.com/revue/news/373579.shtmlhttp://www.secuobs.com/revue/news/373579.shtml Secuobs.com : 2012-05-02 21:26:15 - Verizon Business Security Blog - Every once in a while we get questions that go above and beyond the information provided in our data breach investigations report Usually the questions center around some particular slice or view that the reader would like to see, a specific security control question or queries about a particular vertical market, and when we receive http://www.secuobs.com/revue/news/373226.shtmlhttp://www.secuobs.com/revue/news/373226.shtml Secuobs.com : 2012-04-28 01:11:17 - Verizon Business Security Blog - Required reading Microsoft Security Intelligence Report 12 for the last half of 2011 The SIR is second to none as an InfoSec intell source and has few equals The Microsoft Security Blog has begun running weekly summaries most of our readers should find useful Most current intelligence collections come from outside North America Iran s oil http://www.secuobs.com/revue/news/372521.shtmlhttp://www.secuobs.com/revue/news/372521.shtml Secuobs.com : 2012-04-20 21:52:28 - Verizon Business Security Blog - An Iranian engineer threw a tantrum and dumped the credit card information of 3 million of his countrymen and women on his blog and fled the country In all the fuss and finger-pointing over the Flashback malware, another OS X Trojan is getting legs Some users, having applied Apple s Java patch and Flashback removal tool, may not http://www.secuobs.com/revue/news/371160.shtmlhttp://www.secuobs.com/revue/news/371160.shtml Secuobs.com : 2012-04-14 04:16:01 - Verizon Business Security Blog - Vulnerabilities and patches dominated the InfoSec environment this week Microsoft, Adobe, and Cisco all released major security bulletins Google released another update to Chrome Over the last couple weeks, patches have been released for almost every Mac and Windows computer on earth Now Linux Unix admins won t feel left out as they have a Samba update to apply In malware developments, targeted http://www.secuobs.com/revue/news/369967.shtmlhttp://www.secuobs.com/revue/news/369967.shtml Secuobs.com : 2012-04-07 07:13:31 - Verizon Business Security Blog - The reported breach of 15 million credit card records from payment processor Global Payments leads this week s OSINT Adobe pre-announced security advisories for Acrobat and Adobe Reader, and their new priority ratings indicate Reader and Acrobat version 9 on Windows is already under attack In addition to Adobe advisories, we re expecting six Microsoft security bulletins on Tuesday Russian anti-virus Dr Web http://www.secuobs.com/revue/news/368721.shtmlhttp://www.secuobs.com/revue/news/368721.shtml Secuobs.com : 2012-03-30 22:05:02 - Verizon Business Security Blog - Keep Calm and Carry On was a classic propaganda poster in the UK during the Second World War InfoSec professionals consider dusting it off and posting it in your office because intel collections this week paint a dire picture Shawn Henry, Assistant Director of the FBI declared We re not winning, in the Wall Street Journal James http://www.secuobs.com/revue/news/367261.shtmlhttp://www.secuobs.com/revue/news/367261.shtml Secuobs.com : 2012-03-23 23:22:50 - Verizon Business Security Blog - It s that time of year again Spring is upon us, flowers are budding, and The RISK Team and Verizon have released the 2012 Data Breach Investigations Report Be sure to add it to your reading list Speaking of data breaches, the University of Tampa reported that it mistakenly exposed information on 30,000 individuals for 8 months due http://www.secuobs.com/revue/news/365797.shtmlhttp://www.secuobs.com/revue/news/365797.shtml Secuobs.com : 2012-03-22 16:45:12 - Verizon Business Security Blog - It s hard to believe, but it s time again for another installment of Verizon s annual Data Breach Investigations Report This year s report represents our largest dataset ever, with 855 confirmed security breaches accounting for a combined 174 million compromised records As always, we analyze the data and attempt to explain what happened, who did it and http://www.secuobs.com/revue/news/365476.shtmlhttp://www.secuobs.com/revue/news/365476.shtml Secuobs.com : 2012-03-16 19:36:01 - Verizon Business Security Blog - Cyber warfare was the dominant theme in risk intelligence this week The BBC reported a denial of service attack on both Internet and telephone systems with indications of Iranian involvement Alienvault reported targeted attacks on Tibetan dissidents Almost three years ago the Wall Street Journal reported attacks appearing to come from the People s Republic of http://www.secuobs.com/revue/news/364138.shtmlhttp://www.secuobs.com/revue/news/364138.shtml Secuobs.com : 2012-03-09 20:59:25 - Verizon Business Security Blog - At the very end of the credits for the film Ferris Bueler s Day Off , Matthew Broderick s character, a Chicago native, shoo s the audience home Contrary to the headlines, Chicago native Jeremy Hammond won t be shooing us all home as if the world s computer security problems have been solved with his arrest along with the arrests of four LulzSec confederates To http://www.secuobs.com/revue/news/362627.shtmlhttp://www.secuobs.com/revue/news/362627.shtml Secuobs.com : 2012-03-08 16:04:11 - Verizon Business Security Blog - This past week, several RISK Team members descended upon the lovely city of San Francisco for the annual RSA Mini-Metricon B-Sides pilgrimage On Monday, we did a quick lightening talk at Mini-Metricon on some of the things we ve been doing lately with respect to attack modeling and analysis If you missed it, you can check out Appendix A in the soon-to-be-published 2012 http://www.secuobs.com/revue/news/362241.shtmlhttp://www.secuobs.com/revue/news/362241.shtml Secuobs.com : 2012-03-02 21:49:06 - Verizon Business Security Blog - This week, Imperva succeeded in improving the risk intelligence signal-to-noise ratio Worth reading Imperva s report on an Anonymous attack on the Vatican s web site that was highlighted in the New York Times Their infographic for the attack is here However, in a follow-up article they label anti-virus as useless and ineffective For this specific incident that might be true, but http://www.secuobs.com/revue/news/361177.shtmlhttp://www.secuobs.com/revue/news/361177.shtml Secuobs.com : 2012-02-29 16:20:16 - Verizon Business Security Blog - We re going to try something new As you may or may not know, it takes us quite a bit of time to put together our annual Data Breach Investigations Report DBIR We usually publish in the later April timeframe, but some have asked us for a perspective on the previous year before that date Thus, we thought a few snapshots http://www.secuobs.com/revue/news/360620.shtmlhttp://www.secuobs.com/revue/news/360620.shtml Secuobs.com : 2012-02-24 23:53:00 - Verizon Business Security Blog - Your iron y for the week Anonymous, without hacking or DoSing, hijacked the Wall Street Journal s Facebook page Tuesday to express their criticism of a WSJ article on the power of Anonymous No data breach or network outage, but it demonstrates a general risk in social media for a business message to be hijacked What was a tool http://www.secuobs.com/revue/news/359836.shtmlhttp://www.secuobs.com/revue/news/359836.shtml Secuobs.com : 2012-02-18 03:46:59 - Verizon Business Security Blog - Updates, attack reports and superb intel reports galore this week Microsoft, Adobe, Adobe again, Mozilla, Chrome, Java and Real Player DoS attacks caused intermittent connectivity on at least five stock exchange web sites without interrupting trading It would be surprising if there were no DoS attacks leading up to Russian elections The reader s attention is invited to useful intelligence reports released this week on http://www.secuobs.com/revue/news/358586.shtmlhttp://www.secuobs.com/revue/news/358586.shtml Secuobs.com : 2012-02-11 00:56:40 - Verizon Business Security Blog - A Zeus variant some AV s call Citadel has received considerable attention recently, but we know that malware criminals are almost constantly modifying their wares to avoid detection and to add features Citadel may develop into a significant risk, but in spite of its press, it appears to the RISK Team to be just another Trojan Malware exploiting a http://www.secuobs.com/revue/news/357240.shtmlhttp://www.secuobs.com/revue/news/357240.shtml Secuobs.com : 2012-02-03 20:50:46 - Verizon Business Security Blog - Best InfoSec risk intel this week please read Imperva s Business Logic Attack report John Levine on the CircleID blog nailed it World Notices That Verisign Said Three Months Ago That They Had a Security Breach Two Years Ago Verisign said we do not believe that the operational integrity of the Domain Name System DNS was http://www.secuobs.com/revue/news/355880.shtmlhttp://www.secuobs.com/revue/news/355880.shtml Secuobs.com : 2012-01-27 23:18:59 - Verizon Business Security Blog - In terms of risk to Verizon Security customers, the most significant developments this week revolve around governance issues in Europe Data protection, privacy and anti-piracy laws, regulations and agreements are in flux and regardless of the final outcomes, the changes themselves are costly Predictably, Anonymous finds only fault with these developments, thus attacks and threats of attacks are among this week s http://www.secuobs.com/revue/news/354538.shtmlhttp://www.secuobs.com/revue/news/354538.shtml Secuobs.com : 2012-01-24 22:05:54 - Verizon Business Security Blog - Every once in a while, a vulnerability disclosure incident occurs that significantly changes the game Recently, Digital Bond released vulnerability information in conjunction with exploit code packaged in Metasploit for 6 different SCADA system devices This time around, the stakes have been raised with much bigger consequences With consequences this high, it is worth re-evaluating the http://www.secuobs.com/revue/news/353888.shtmlhttp://www.secuobs.com/revue/news/353888.shtml Secuobs.com : 2012-01-20 23:11:33 - Verizon Business Security Blog - The period of tedium in risk intelligence ended last week An already busy week was capped when Digital Bond announced serious, but non-specific vulnerabilities in six control systems This happened at their S4 conference under the auspices of creating a Firesheep moment We could interpret that to mean some sort of wake up call to the industry, but happily for them it http://www.secuobs.com/revue/news/353286.shtmlhttp://www.secuobs.com/revue/news/353286.shtml Secuobs.com : 2012-01-13 22:24:32 - Verizon Business Security Blog - Paraphrasing Lenin the last couple weeks nothing has happened in all likelihood, we ll soon pay for them with a week when decades happen The significant InfoSec risk data point this week was Microsoft Tuesday with seven bulletins and one Adobe bulletin In the coming week, Oracle will release a CPU with 78 fixes for vulnerabilities in Oracle, http://www.secuobs.com/revue/news/352033.shtmlhttp://www.secuobs.com/revue/news/352033.shtml Secuobs.com : 2012-01-06 23:25:27 - Verizon Business Security Blog - 0006 Percent Technical media headlines exploded Thursday night after Seculert blogged that the Ramnit worm had compromised 45,000 Facebook users But the headlines don t read Six one-thousandths of one percent of Facebook users infected One cannot make reasonable intelligence assessments while running around with one s hair on fire upon seeing the number 45,000 in a headline Sorry, http://www.secuobs.com/revue/news/350739.shtmlhttp://www.secuobs.com/revue/news/350739.shtml Secuobs.com : 2012-01-04 04:19:27 - Verizon Business Security Blog - Microsoft issued an out-of-cycle security bulletin for four vulnerabilities in ASPNET Recall that large scale ASPNET attacks took place recently using unrelated vulnerabilities It s not too great a leap to give Microsoft a trust me and roll the bulletin out in 30 days or less Stratfor was compromised and the RISK Team is more concerned about the 27 http://www.secuobs.com/revue/news/350171.shtmlhttp://www.secuobs.com/revue/news/350171.shtml Secuobs.com : 2011-12-27 22:25:43 - Verizon Business Security Blog - Ah, the week between Christmas and New Year s Day lots of folks out enjoying use or lose vacation time, the pace of work a bit slower than normal, significantly fewer emails and other distractions demanding attention A great time to reflect on the old, anticipate the new, and cross off some long-standing items from the to-do list Given the http://www.secuobs.com/revue/news/349189.shtmlhttp://www.secuobs.com/revue/news/349189.shtml Secuobs.com : 2011-12-19 19:21:44 - Verizon Business Security Blog - Adobe released updates for Adobe Acrobat and Reader version 9 for a vulnerability reported last week which was being used for targeted attacks Enterprises that have not migrated to Adobe Reader X should test and deploy this patch within 30 days More reports of exploits for a Java vulnerability patched by Oracle in October are showing up in crimeware Video game http://www.secuobs.com/revue/news/348042.shtmlhttp://www.secuobs.com/revue/news/348042.shtml Secuobs.com : 2011-12-10 01:13:33 - Verizon Business Security Blog - Adobe announced a previously unreported vulnerability in Adobe Reader and Acrobat, and acknowledged Lockheed Martin and the Defense Security Information Exchange for reporting it Mila Parkour and Symantec have additional details on targeted attacks exploiting the vulnerability Defensive systems from AV to IDS have been updated this week to improve detection of related attacks Your http://www.secuobs.com/revue/news/346417.shtmlhttp://www.secuobs.com/revue/news/346417.shtml Secuobs.com : 2011-12-02 22:24:59 - Verizon Business Security Blog - From the same source that informed us that Sergey Brin and Steve Ballmer cooked up a new and frightening Stuxnet on Larry Ellison s barbecue, we now hear about West Milford New Jersey s water plant victim of Terrorism After the comedy of errors at an Illinois water plant, stirred up by Joe Weiss, we had expectations http://www.secuobs.com/revue/news/345121.shtmlhttp://www.secuobs.com/revue/news/345121.shtml Secuobs.com : 2011-11-28 19:11:52 - Verizon Business Security Blog - In the Republic of Korea, Nexon reported a massive data breach affecting as many as 13 million users in the MMORPG MapleStory The Department of Homeland Security sent a go-team to Springfield, Illinois and determined every significant piece of last week s report of SCADA hacking was baseless It remains to be seen if the lemmings http://www.secuobs.com/revue/news/344141.shtmlhttp://www.secuobs.com/revue/news/344141.shtml Secuobs.com : 2011-11-19 04:49:14 - Verizon Business Security Blog - Wednesday, technical media in the US were busy exercising their jumping to conclusions skills over a bug in Bind DNS software Open source intelligence collections reflect about two dozen DNS servers experienced outages due to the bug no one has reported any malicious traffic The first lemming stampede was on when every hiccup on the http://www.secuobs.com/revue/news/341549.shtmlhttp://www.secuobs.com/revue/news/341549.shtml Secuobs.com : 2011-11-17 21:59:55 - Verizon Business Security Blog - Over on the New School Security blog link , Adam Shostack recently wrote an interesting piece link on APTŠbut not the kind you¹re thinking of He was referring to ³Authorization Preservation Threats,² and his subject matter was the 2011 DBIR link The post centered on the plethora of incidents stemming from exploits failures related to authentication and authorization we observed in among http://www.secuobs.com/revue/news/341287.shtmlhttp://www.secuobs.com/revue/news/341287.shtml Secuobs.com : 2011-11-11 18:10:51 - Verizon Business Security Blog - More than a dozen organizations collaborated to bring about Operation Ghost Click six arrests and four million bots no longer under criminal control Gary Warner at the University of Alabama Birmingham s posted a very good one-stop summary and he links to other reliable and detailed reports Cynics may label it Whack-a-mole, but every arrest cements http://www.secuobs.com/revue/news/340181.shtmlhttp://www.secuobs.com/revue/news/340181.shtml Secuobs.com : 2011-11-04 22:55:36 - Verizon Business Security Blog - We may be entering another bi-polar phase in InfoSec intelligence We ve cycled from last week s abundance of lame collections to this week s abundance of useful, but generally not actionable, risk intelligence reports Symantec released a report on Nitro targeted attacks from China on at least 48 chemical and defense companies in the US, Bangladesh and http://www.secuobs.com/revue/news/338943.shtmlhttp://www.secuobs.com/revue/news/338943.shtml Secuobs.com : 2011-10-29 08:49:15 - Verizon Business Security Blog - No single word describes risk intelligence this week better than lame Researchers came out of the woodwork announcing new problems not solutions to existing problems Several hundred companies joined RSA as victims, but not a shred of actionable defensive information was forthcoming Zilch According to SC Magazine, Amazon EC2, Eucalyptus hacked Lame Some researchers in Germany http://www.secuobs.com/revue/news/337587.shtmlhttp://www.secuobs.com/revue/news/337587.shtml Secuobs.com : 2011-10-22 02:21:53 - Verizon Business Security Blog - Winston Churchill, acknowledging the heroism of the Royal Air Force in the Battle of Britain, said, Never in the field of human conflict was so much owed by so many to so few Forgive me Never in the field of information security was so much time wasted by so many to so few victims Duqu http://www.secuobs.com/revue/news/336306.shtmlhttp://www.secuobs.com/revue/news/336306.shtml Secuobs.com : 2011-10-15 00:36:01 - Verizon Business Security Blog - Unplanned work BlackBerry users, especially in EMEA, certainly didn t plan on a 3 day outage, and obviously, neither did Research in Motion Snarky comments comparing BlackBerry to iPhone 4S are trivial The InfoSec world was prepared for this week s Microsoft Tuesday Those of us who also process InfoSec intelligence didn t have space cleared on our calendars, or nightstands, http://www.secuobs.com/revue/news/334951.shtmlhttp://www.secuobs.com/revue/news/334951.shtml Secuobs.com : 2011-10-13 18:13:23 - Verizon Business Security Blog - It was a busy week for tracking vulnerabilities Microsoft pre-announced eight security bulletins for next Tuesday Cisco released three advisories, all for security infrastructure components Check Point and SonicWALL responded to vulnerabilities in their respective firewalls Google updated Chrome In other intel collections there were two different snipe hunts whether Bank of America s website was the victim of a DoS attack and http://www.secuobs.com/revue/news/334599.shtmlhttp://www.secuobs.com/revue/news/334599.shtml Secuobs.com : 2011-10-01 02:33:03 - Verizon Business Security Blog - B 7 seven days since BEAST was released and as Airman Dougherty told General Beringer in 1983, We re still here On reflection, the last SSL TLS vulnerability that was going to put an end to the Internet, SSL renegotiation, has had almost two years and we re still waiting for the earth-shattering KABOOM After more than three years, http://www.secuobs.com/revue/news/332097.shtmlhttp://www.secuobs.com/revue/news/332097.shtml Secuobs.com : 2011-09-28 23:23:42 - Verizon Business Security Blog - About this time last year, we published the first Verizon PCI Compliance Report PCIR It s that time again you can get the new 2011 PCIR here Like the original Verizon PCI Compliance Report, the new PCIR is chock-full http://www.secuobs.com/revue/news/331629.shtmlhttp://www.secuobs.com/revue/news/331629.shtml Secuobs.com : 2011-09-27 18:35:35 - Verizon Business Security Blog - The InfoSec vocabulary word for the week saibā kōgeki Mitsubishi Heavy Industries MHI , Kawasaki Heavy Industries and Ishikawajima Heavy Industries, all Japanese Defense manufacturers, reported attacks to the National Police Agency Targeted e-mail attacks with stealthy Trojans were used in the attacks on MHI Government web sites in Japan were the target of denial of http://www.secuobs.com/revue/news/331313.shtmlhttp://www.secuobs.com/revue/news/331313.shtml Secuobs.com : 2011-09-17 00:47:53 - Verizon Business Security Blog - Anonymous is scheduled to release a new DoS tool, Refref, on Saturday 2011-09-17 They will also attempt a protest in the real world,Occupy Wall Street, and will stage similar protests in a handful of other cities on the same day The Anonymous collective can be a significant threat The Risk Team will be collecting info about these http://www.secuobs.com/revue/news/329438.shtmlhttp://www.secuobs.com/revue/news/329438.shtml Secuobs.com : 2011-09-15 17:23:25 - Verizon Business Security Blog - It s no longer uncommon for forensic investigators to come across remnant evidence of anti-forensic measures taken by criminals during the course of a forensic engagement The purpose of such measures, obviously, is to keep both the crime and the criminal hidden from detection This may take the form of attempts to remove traces of malware http://www.secuobs.com/revue/news/329091.shtmlhttp://www.secuobs.com/revue/news/329091.shtml Secuobs.com : 2011-09-09 23:40:23 - Verizon Business Security Blog - The RISK Team sees no imminent threats this weekend that would give rise to increased vigilance or anxiety Trojans and criminals weren t the biggest headaches for many InfoSec professionals in the States this week In the US, Tropical Storm Lee and Hurricane Irene have brought the worst flooding in 40 years to the Northeast In the http://www.secuobs.com/revue/news/328099.shtmlhttp://www.secuobs.com/revue/news/328099.shtml Secuobs.com : 2011-09-07 15:47:18 - Verizon Business Security Blog - Odd title, I know, but there s an element of truth there Allow me to explain If you ve read our Data Breach Investigations Report, you ll probably remember that we re not overly encouraging about the ability of organizations to detect and respond to security incidents It s been our very consistent finding over the years that breach discovery takes http://www.secuobs.com/revue/news/327497.shtmlhttp://www.secuobs.com/revue/news/327497.shtml Secuobs.com : 2011-09-03 00:31:15 - Verizon Business Security Blog - Morto who On Sunday the InfoSec world was all atwitter I just couldn t help myself over the Morto RDP worm Andrew Brandt at Webroot wins the award for August s Best Bottom line, the worm was written to spread to and infect the computers run by people who don t take security seriously Then along came DigiNotar It drew comparisons to the RSA http://www.secuobs.com/revue/news/326856.shtmlhttp://www.secuobs.com/revue/news/326856.shtml Secuobs.com : 2011-08-26 22:14:08 - Verizon Business Security Blog - Correlation does not imply causation Two or more events may appear to have a temporal or physical connection, but that does not mean they share the same cause until other evidence confirms it More SpyEye-related spam and Trojans reported this week may be due to new kits, but we ve observed surges in SypEye before Ice IX may http://www.secuobs.com/revue/news/325482.shtmlhttp://www.secuobs.com/revue/news/325482.shtml Secuobs.com : 2011-08-23 19:01:12 - Verizon Business Security Blog - The Hong Kong stock exchange was attacked at least twice this week The first was probably an intrusion attempt The second almost certainly was a DDoS attack Symantec reported a huge run of Bredolab-related malware and FireEye reported resurgence in Harnig, a pay-per-install Trojan Microsoft, Adobe, Google Chrome browser , BlackBerry and Apple all issued security bulletins or patches for vulnerabilities in their products The Risk Team http://www.secuobs.com/revue/news/324728.shtmlhttp://www.secuobs.com/revue/news/324728.shtml Secuobs.com : 2011-08-23 19:01:12 - Verizon Business Security Blog - Some weeks the RISK Team s efforts result in the collection and assessment of a wide variety of new risks This week however, we collected a variety of problems that are not risks, nor are they likely to become risks One headline this week proclaimed, AES proved vulnerable by Microsoft Researchers Oh my We should stop http://www.secuobs.com/revue/news/324727.shtmlhttp://www.secuobs.com/revue/news/324727.shtml Secuobs.com : 2011-08-06 00:00:29 - Verizon Business Security Blog - The most useful intel collected this week must be Joe Stewart s report for Dell Secureworks on HTran due to him providing specific details for bolstering defenses against the threat Defenders can use the Secureworks report to check for old, dormant evil, ongoing attacks and confound some future intruders Honorable mention goes to Kaspersky s Vincente Diaz for the http://www.secuobs.com/revue/news/321406.shtmlhttp://www.secuobs.com/revue/news/321406.shtml Secuobs.com : 2011-07-30 04:29:07 - Verizon Business Security Blog - Thirty-five million users on South Korean social network site Cyworld suffered a breach of their accounts LiveJournal suffered from more massive DDoS attacks Criminals compromised Italy s cybercrime organization, CNAIPIC, ten web sites operated by Peru s Ministry of Education and the Congress of the Republic of Philippines That was the bad news Good news includes arrest of Topiary a key figure http://www.secuobs.com/revue/news/320105.shtmlhttp://www.secuobs.com/revue/news/320105.shtml Secuobs.com : 2011-07-23 01:17:02 - Verizon Business Security Blog - Two different attack campaigns were reported that targeted US military and intelligence contractors this week LulzSec came out of retirement to attack News International and the Sun Newspaper in the UK, and claimed they have a gigabyte of NATO files The FBI arrested some Anonymous suspects but it remains to be seen if a meaningful blow was struck or just a round http://www.secuobs.com/revue/news/318846.shtmlhttp://www.secuobs.com/revue/news/318846.shtml Secuobs.com : 2011-07-15 21:17:41 - Verizon Business Security Blog - It had been relatively quiet tracking important InfoSec risk intelligence, but that all ended this week We tracked attack reports against Booz Allen Hamilton, Monsanto, Toshiba, David Beckham, and the Pentagon Even Microsoft was the target of a reputation attack Unfortunately, details and especially shared risk mitigations have been virtually non-existent Targeted e-mail attacks, trojans, APTs, cyber ninjas, you know, the usual http://www.secuobs.com/revue/news/317283.shtmlhttp://www.secuobs.com/revue/news/317283.shtml Secuobs.com : 2011-07-15 02:24:14 - Verizon Business Security Blog - Ever want your own Data Breach Investigations Report In case you missed it, Verizon s Risk Intelligence Innovation groups have introduced a newservice, our Incident Analytics Service IAS We re very excited that the IAS service will produce insight and new research in Information Security over the next few years Here s a link to Alex Hutton talking to BankInfoSecuritycom about http://www.secuobs.com/revue/news/317099.shtmlhttp://www.secuobs.com/revue/news/317099.shtml Secuobs.com : 2011-07-09 00:16:58 - Verizon Business Security Blog - Although it s not an official activity, several members of the Risk Team are involved with developing security metrics, and those activities were this week s central theme We re looking forward to the next Metricon on 2011-08-06 in San Francisco We re also involved in the evolving Security Futures market as well as VERIS It was a relatively uneventful week in risk intelligence http://www.secuobs.com/revue/news/315968.shtmlhttp://www.secuobs.com/revue/news/315968.shtml Secuobs.com : 2011-07-02 03:06:24 - Verizon Business Security Blog - Human wave cyberattacks A horde of trained cybercriminals will be coming over the hill at us just as the Black Hat and Defcon conferences take place Really it s in Network World it must be true And the same source informs us that millions of systems in 172 out of 195 counties in the world are infected with Metulji, a http://www.secuobs.com/revue/news/314858.shtmlhttp://www.secuobs.com/revue/news/314858.shtml Secuobs.com : 2011-06-30 13:07:16 - Verizon Business Security Blog - The RISK Team tries to put events into context consistent with our doctrine of risk being the product of threat, vulnerability, and impact In that context, it s hard to support a recommendation for the majority of Verizon Cybertrust Security customers to dedicate additional resources, especially staff time, to the RSA token problem Also, they should http://www.secuobs.com/revue/news/314434.shtmlhttp://www.secuobs.com/revue/news/314434.shtml Secuobs.com : 2011-06-25 00:15:10 - Verizon Business Security Blog - This week we learned DistributeIT, an Australian hosting company was compromised on 2011-06-11, and the data from 4,800 web sites was wiped with no local backups StartSSL, an Israeli Certification Authority, was compromised last weekend and has ceased operations but claimed no fraudulent certificates were issued Those were the most significant InfoSec risk developments this week To http://www.secuobs.com/revue/news/313509.shtmlhttp://www.secuobs.com/revue/news/313509.shtml Secuobs.com : 2011-06-23 17:54:23 - Verizon Business Security Blog - Numbers and charts courtesy of Marc Spitler Since publishing the 2011 DBIR back in April, we ve received a lot of questions about the dataset presented in the report From the 761 incidents covered in the report, one gets a pretty decent view of what this says about the general community, but it can be challenging to http://www.secuobs.com/revue/news/313161.shtmlhttp://www.secuobs.com/revue/news/313161.shtml Secuobs.com : 2011-06-18 00:59:12 - Verizon Business Security Blog - Are we having fun yet Microsoft rolled out sixteen security bulletins Adobe issued five bulletins including the second Flash Player update in as many weeks in which the vulnerability has already been found in the wild Symantec reports one of the vulnerabilities patched this week by Microsoft s Cumulative Update to IE is being exploited in http://www.secuobs.com/revue/news/312090.shtmlhttp://www.secuobs.com/revue/news/312090.shtml Secuobs.com : 2011-06-10 22:39:20 - Verizon Business Security Blog - Planning to take a little time off in August You might want to re-think that decision In March 2010, Andrew Stroms reported Microsoft had established a big-little cadence for security bulletins The pattern has continued with the exception of last Aug-Sep-Oct, when we went 15-10-16 with two out-of-cycles Next week, we ll receive 16 June Microsoft http://www.secuobs.com/revue/news/310537.shtmlhttp://www.secuobs.com/revue/news/310537.shtml Secuobs.com : 2011-06-03 22:10:12 - Verizon Business Security Blog - InfoSec news this week was dominated by reports that Lockheed Martin, L3 and Northrop Grumman recently suffered attacks on their SecurID I A Wait Northrop reportedly replaced their SecurID back in March And neither Lockheed nor L3 have announced SecurID has anything to do with their network activities It may be news, but the Risk Team http://www.secuobs.com/revue/news/309088.shtmlhttp://www.secuobs.com/revue/news/309088.shtml Secuobs.com : 2011-06-02 22:48:27 - Verizon Business Security Blog - Tuesday, Jeffrey Carr posted An Open Source Analysis Of The Lockheed Martin Network Breach Carr literally wrote the book on Cyber Warfare and his analysis is probably spot on However, I m uncomfortable with the quantity and quality of sources supporting most of the reporting on this event, and would like to suggest a plausible alternative http://www.secuobs.com/revue/news/308833.shtmlhttp://www.secuobs.com/revue/news/308833.shtml Secuobs.com : 2011-05-28 20:38:08 - Verizon Business Security Blog - Education in one of the hard physical sciences can benefit a risk intelligence analyst later in life by providing structured thinking This is especially useful when detecting ones own cognitive biases and those of others Among the structured thinking lessons was, correlation does not imply causation One blogger, with no independent confirmation, correlates network outage http://www.secuobs.com/revue/news/307791.shtmlhttp://www.secuobs.com/revue/news/307791.shtml Secuobs.com : 2011-05-27 20:26:02 - Verizon Business Security Blog - In 2008, we wrote a three-part series advising against the use of antivirus software on systems running Mac OS X In those posts, we suggested that the cost of running antivirus software on OS X was often higher than the cost of not running it Our study of the subject showed that far more users lost http://www.secuobs.com/revue/news/307660.shtmlhttp://www.secuobs.com/revue/news/307660.shtml Secuobs.com : 2011-05-20 23:23:22 - Verizon Business Security Blog - Mobile devices were the closest thing we had to a trend or theme this week ESet tried to calm some of the hand-wringing over a No Threat configuration in Android, and Google is promising to push out a fix The MIT Blog opined that iPhone and Android mobile apps will soon be dead Kaspersky joined the http://www.secuobs.com/revue/news/306236.shtmlhttp://www.secuobs.com/revue/news/306236.shtml Secuobs.com : 2011-05-16 20:00:30 - Verizon Business Security Blog - We would like to congratulate all of the 2011 cover challenge winners For those of you who are still working through the puzzle, or have not yet started, spoilers lurk ahead The winners are First place Dan Caselden and Jon Erickson of Maryland Second place Michael Oglesby of Oklahoma also last year s winner see his write-up Third http://www.secuobs.com/revue/news/305134.shtmlhttp://www.secuobs.com/revue/news/305134.shtml Secuobs.com : 2011-05-13 21:30:44 - Verizon Business Security Blog - Zebras don t change their stripes K-OTiK, a group of researchers known for producing more problems than solutions changed their name about five years ago to FrSIRT and tried to reimage themselves as an incident response team Almost no one bought it So they changed their name to VUPEN and they had free and for-pay vulnerability http://www.secuobs.com/revue/news/304709.shtmlhttp://www.secuobs.com/revue/news/304709.shtml Secuobs.com : 2011-05-06 21:32:11 - Verizon Business Security Blog - Microsoft will begin rolling out a security update to Windows Phone 7 that will prevent the device from accepting fraudulent digital certificates issued after Comodo had an intrusion In terms of new InfoSec risk intelligence, that s just about it for this week No journeyman InfoSec professional should have been surprised when international events were used http://www.secuobs.com/revue/news/303167.shtmlhttp://www.secuobs.com/revue/news/303167.shtml Secuobs.com : 2011-04-29 20:40:22 - Verizon Business Security Blog - Customer communications was the significant theme in InfoSec risk intelligence this week The data breach at Sony s PlayStation Network took the kick me signs away from Amazon for their cloud outage and from EMC RSA for post-breach communications shortcomings Apple and, to a lesser extent, Google took a beating over cell phone user tracking Bob Sullivan at http://www.secuobs.com/revue/news/301681.shtmlhttp://www.secuobs.com/revue/news/301681.shtml Secuobs.com : 2011-04-19 18:09:45 - Verizon Business Security Blog - Here we are again our fourth installment of the DBIR series sixth if you count the 08 and 09 mid-year supplementals To our readers, it may seem like the 2010 DBIR published ages ago To us, it feels more like yesterday The expanding scope and increasing depth of the report makes it almost one http://www.secuobs.com/revue/news/299448.shtmlhttp://www.secuobs.com/revue/news/299448.shtml Secuobs.com : 2011-04-15 21:14:26 - Verizon Business Security Blog - Adobe announced new surprise targeted attacks on yet another authplaydll vulnerability in Flash Player, Acrobat and Adobe Reader the ninth in 2 years Adobe has become increasing known for these issues over the last two decades, as Sendmail was in the 90 s and IIS IE were in the Oughts Barracuda Networks was the victim of http://www.secuobs.com/revue/news/298756.shtmlhttp://www.secuobs.com/revue/news/298756.shtml Secuobs.com : 2011-04-12 14:49:18 - Verizon Business Security Blog - The Verizon Enterprise Risk and Incident Sharing VERIS framework provides a common language for describing security incidents in a structured and repeatable manner The VERIS community application provides the means by which VERIS-classified incidents can be anonymously reported and shared with others The overall goal is to lay a foundation from which we can constructively http://www.secuobs.com/revue/news/297805.shtmlhttp://www.secuobs.com/revue/news/297805.shtml Secuobs.com : 2011-04-08 21:20:41 - Verizon Business Security Blog - There are significant risks to the reputations of all companies involved in a data breach, including breaches of information belonging to the customers of other companies Customer communications will almost certainly suffer, to some extent, for an indefinite period The victim will lose money, at least, on the investigation into the breach and probably due http://www.secuobs.com/revue/news/297185.shtmlhttp://www.secuobs.com/revue/news/297185.shtml Secuobs.com : 2011-04-01 23:10:09 - Verizon Business Security Blog - Second verse same as the first It seems fitting somehow that Peter Noone s memorable contribution to the British Invasion should come to mind the week ending on April Fool s Day Night Dragon burned the Australian Prime Minister, cabinet and MPs and Inspector Renault visited Oz just in time for sources to conjecture the Chinese did http://www.secuobs.com/revue/news/295788.shtmlhttp://www.secuobs.com/revue/news/295788.shtml Secuobs.com : 2011-03-25 23:26:52 - Verizon Business Security Blog - We all constantly make adjustments to what we regard as normal in life In InfoSec, these adjustments are usually subtle, eg there s a new cross-site scripting vulnerability in foo wow, big deal Are we experiencing an abrupt shift in normal over the first three months of 2011 Night Dragon, the French Finance Ministry, RSA, and this week, Comodo and http://www.secuobs.com/revue/news/294273.shtmlhttp://www.secuobs.com/revue/news/294273.shtml Secuobs.com : 2011-03-18 22:33:31 - Verizon Business Security Blog - RSA has disclosed that they were the victims of a breach sometime in the recent past They state that certain information was extracted from RSA s systems that relates to RSA s SecurID two-factor authentication products They go on to say that this information could potentially be used to reduce the effectiveness of a current two-factor authentication http://www.secuobs.com/revue/news/292712.shtmlhttp://www.secuobs.com/revue/news/292712.shtml Secuobs.com : 2011-03-18 19:13:03 - Verizon Business Security Blog - RSA notified their customers and the InfoSec community that they had suffered a data breach which they attribute to an Advanced Persistent Threat What followed was a disturbing volume of SWAG Not the tchotchkes you pick up from the booths at the, ironically, RSA Conference SWAG as in Scientific Will-A ed Guesses We don t know enough http://www.secuobs.com/revue/news/292651.shtmlhttp://www.secuobs.com/revue/news/292651.shtml Secuobs.com : 2011-03-11 21:11:03 - Verizon Business Security Blog - The prayers and thoughts of the Risk Team go out to the Japanese people and especially to our colleagues and their families in Japan indeed to all people in the Pacific affected by this cataclysm Obviously, the BCP DR aspects of the catastrophe make it the most significant event in risk intelligence this week Google exercised http://www.secuobs.com/revue/news/291104.shtmlhttp://www.secuobs.com/revue/news/291104.shtml Secuobs.com : 2011-03-09 15:20:21 - Verizon Business Security Blog - In my now in famous RSA talk with Josh Corman called The Zombie Apocalypse, Baseball, and Security Metrics, I mentioned the book Moneyball, in which author Michael Lewis describes how baseball teams used statistical analysis to identify opportunities to make themselves better more efficient than their opponents The Oakland Athletics utilized an under appreciated statistic walks http://www.secuobs.com/revue/news/290434.shtmlhttp://www.secuobs.com/revue/news/290434.shtml Secuobs.com : 2011-03-07 19:50:00 - Verizon Business Security Blog - You may have picked up on the fact that Verizon s RISK team is quite fond of data We all spend an enormous amount of our time finding, assessing, collecting, organizing, examining, pondering, preparing, visualizing, and distributing it It s fun in a never-ending challenge sort of way to work in a place rich in information resources waiting to be harvested and http://www.secuobs.com/revue/news/289935.shtmlhttp://www.secuobs.com/revue/news/289935.shtml Secuobs.com : 2011-03-04 22:42:40 - Verizon Business Security Blog - The word or the week in risk intelligence was down Forty sites in the Republic of Korea were the target for DDoS attacks DDoS criminals targeted WordPresscom, host for 25 million blogs including many corporate and media sites Outages struck several large banks this week affecting millions of customers Commonwealth Bank of Australia had a http://www.secuobs.com/revue/news/289544.shtmlhttp://www.secuobs.com/revue/news/289544.shtml Secuobs.com : 2011-02-25 22:15:38 - Verizon Business Security Blog - More details emerged this week regarding both Night Dragon attacks on energy companies and attacks on Canadian government systems In neither case does it seem the attacks require revolutionary thinking or new defensive strategies They re-emphasize what security professionals have known for centuries we have to be right all the time The enemy only needs http://www.secuobs.com/revue/news/287814.shtmlhttp://www.secuobs.com/revue/news/287814.shtml Secuobs.com : 2011-02-24 16:05:08 - Verizon Business Security Blog - Over on Verizon s ThinkForward blog, a recent post discusses woes surrounding authentication credentials and their relationship to data breaches When you combine the number of breaches exploiting weaknesses in authentication plus incidents in which credentials were actually stolen, the proportionality of all breaches gets pretty high The good doc gives his a prescription for those http://www.secuobs.com/revue/news/287427.shtmlhttp://www.secuobs.com/revue/news/287427.shtml Secuobs.com : 2011-02-21 06:50:15 - Verizon Business Security Blog - Oracle issued a Critical Patch Update for Java this week Java has become a very popular target for criminals to attack and exploit systems The Risk Team recommends deploying Java updates with a high priority equal to similar targets like Adobe and browser updates That s it While the cacophony was especially loud, nothing else in http://www.secuobs.com/revue/news/286558.shtmlhttp://www.secuobs.com/revue/news/286558.shtml Secuobs.com : 2011-02-11 23:45:56 - Verizon Business Security Blog - Anecdote n A previously untold secret account of an incident Axiomatic adj Evident without proof or argument The vocabulary review is especially useful this week after reports of intrusions at Nasdaq, eHarmony and an unnamed energy company Those are three data points A year ago headlines were driving people into their bomb shelters with APT Just as we http://www.secuobs.com/revue/news/284736.shtmlhttp://www.secuobs.com/revue/news/284736.shtml Secuobs.com : 2011-02-11 18:34:50 - Verizon Business Security Blog - Hey folks We understand that everyone out there is busy informing the world what they ll be doing and saying at RSA next week At the risk of over-committing your to-do list for the show, we d like to let you know about a few VERIS-related activities First off, there will be a VERIS community demo station http://www.secuobs.com/revue/news/284666.shtmlhttp://www.secuobs.com/revue/news/284666.shtml Secuobs.com : 2011-02-05 00:17:33 - Verizon Business Security Blog - We re all spending too much emotional energy and time worrying about patching because of the latest headline or cries from Henny Pennies Vulnerability-related developments led the InfoSec risk discussions on our team conference call this week We routinely review vulnerabilities with a CVSS of 80 and greater In addition to pre-announcements by Microsoft 12 bulletins http://www.secuobs.com/revue/news/283133.shtmlhttp://www.secuobs.com/revue/news/283133.shtml Secuobs.com : 2011-01-29 02:14:51 - Verizon Business Security Blog - In spite of several high-profile pwnages this week, the most significant developments in InfoSec risk related to Privacy The US Government seeks ISP data retention Ob Disclosure We are an ISP But a German study found data retention didn t help fight crime A German State Commissioner for Data Protection determined Google Analytics and some other http://www.secuobs.com/revue/news/281579.shtmlhttp://www.secuobs.com/revue/news/281579.shtml Secuobs.com : 2011-01-25 23:53:15 - Verizon Business Security Blog - This past week, security vendor Trustwave released their 2011 Global Security Report registration is required We re always pleased when organizations share their data because it gives us an opportunity to compare our data and see the similarities and differences Based on the case metrics mentioned in Trustwave s introduction, the report covers around 170 cases 85pourcents http://www.secuobs.com/revue/news/280733.shtmlhttp://www.secuobs.com/revue/news/280733.shtml Secuobs.com : 2011-01-21 22:05:54 - Verizon Business Security Blog - This week in Risk Intelligence was strangely reminiscent of college Reports were due after coming back from Christmas break, and these all deserve at least a B and don t require registration Cisco s Annual Security Report, Sophos Security Threat Report 2011,and Panda s Cyber Crime Black Market Symantec went for extra credit with their 3rd Quarter Symantec http://www.secuobs.com/revue/news/279990.shtmlhttp://www.secuobs.com/revue/news/279990.shtml Secuobs.com : 2011-01-18 19:31:08 - Verizon Business Security Blog - Since the release of VERIS this past year, we have fielded many questions regarding the classification of incidents that organizations respond to on a daily basis Quite a few of these relate to partner threat agents and the nature of their involvement in various circumstances In this short write-up, we would like to clarify this http://www.secuobs.com/revue/news/279002.shtmlhttp://www.secuobs.com/revue/news/279002.shtml Secuobs.com : 2011-01-14 21:30:07 - Verizon Business Security Blog - The Risks Team tracked a spasm of incidents due to malice or error from insiders and partners this week NASA, Vodafone, the US Transportation Security Administration, Perth Police, University Medical Center Tucson, Arizona , Bank of Kenya and Renault all popped up on our screens Unfortunately, there are no new trends, lessons or controls derived from http://www.secuobs.com/revue/news/278347.shtmlhttp://www.secuobs.com/revue/news/278347.shtml Secuobs.com : 2011-01-07 22:04:06 - Verizon Business Security Blog - It s been an ominous start to 2011 Microsoft released a new security advisory for a vulnerability in Windows Graphics Rendering Engine Of greater concern is a revision to December s advisory for Internet Explorer to add targeted attacks Only two MS Security Bulletins next week, and neither on the aforementioned vulnerabilities A relative lull in malicious http://www.secuobs.com/revue/news/276673.shtmlhttp://www.secuobs.com/revue/news/276673.shtml Secuobs.com : 2011-01-04 19:54:26 - Verizon Business Security Blog - Happy New Year all I know Wikileaks is so last year s news, but I wanted to point out an Infragard editorial that I enjoyed over the break by our former colleague and current friend, William H Murray There are some great insights in it, not only about Wikileaks, but about privileged user controls in general I have http://www.secuobs.com/revue/news/275748.shtmlhttp://www.secuobs.com/revue/news/275748.shtml Secuobs.com : 2011-01-04 00:35:14 - Verizon Business Security Blog - The domain name records for ChronoPaycom, an online payment processor in Russia, were hijacked to point to a look-alike site where several hundred customers became data breach victims Another victim of targeted attacks on e-mail service providers came forward this week when Honda reported millions of customers who had accounts on Owner Link or My http://www.secuobs.com/revue/news/275587.shtmlhttp://www.secuobs.com/revue/news/275587.shtml Secuobs.com : 2010-12-24 18:20:30 - Verizon Business Security Blog - Many people were hoping for a nice quiet week leading up to the Christmas holiday But hope is not a method and it s been anything but quiet Microsoft dropped a Security Advisory for an IE vulnerability that, contrary to most headlines and bloggers, has been public since at least 2010-12-08 No attacks using it have http://www.secuobs.com/revue/news/274110.shtmlhttp://www.secuobs.com/revue/news/274110.shtml Secuobs.com : 2010-12-21 21:17:18 - Verizon Business Security Blog - Answers by Tom Keetch Recently, Verizon Business Threat and Vulnerability Practice released a white paper, Escaping from Protected Mode Internet Explorer Evaluating a potential security boundary This was widely reported upon in the technical press and so we asked Tom Keetch a few questions about the white paper Hopefully his answers will clarify some common http://www.secuobs.com/revue/news/273420.shtmlhttp://www.secuobs.com/revue/news/273420.shtml Secuobs.com : 2010-12-17 23:49:19 - Verizon Business Security Blog - Forbes has a must read article about the attack on Gawker Media by a group self-identifying as Gnosis Included in the compromise was disclosure of the account registration details for 13 million Gawker users, writers and employees Brute force decryption of the passwords yielded more than a quarter million passwords in 17 hours Because so http://www.secuobs.com/revue/news/272768.shtmlhttp://www.secuobs.com/revue/news/272768.shtml Secuobs.com : 2010-12-16 18:19:44 - Verizon Business Security Blog - About this time last year, I posted some predictions for 2010 Before I do something similar for 2011, it s worth reflecting on how well I did for 2010 How would you call it My 2010 predictions 1 Services will protect themselves Facebook, Google, Twitter, TinyURL and the like will gain more control over criminal content They will http://www.secuobs.com/revue/news/272291.shtmlhttp://www.secuobs.com/revue/news/272291.shtml Secuobs.com : 2010-12-10 22:46:25 - Verizon Business Security Blog - We were reminded this week that with no standard curriculum for InfoSec professionals or the journalists covering us , we must not assume everyone recognizes the shoulders we stand upon today Almost 20 years ago, in November 1994, Padgett Peterson sent an ASCII-only Christmas Card demonstration program to his colleagues in the anti-virus and InfoSec communities, http://www.secuobs.com/revue/news/270976.shtmlhttp://www.secuobs.com/revue/news/270976.shtml Secuobs.com : 2010-12-09 19:29:28 - Verizon Business Security Blog - Not to be overdramatic, but I wonder if we really aren t in the middle of another watershed event in InfoSec today Regardless of what you think or how you feel about Wikileaks, or the reaction to Wikileaks and the reactions to the reaction as it impacts the information security community, I think there will be http://www.secuobs.com/revue/news/270610.shtmlhttp://www.secuobs.com/revue/news/270610.shtml Secuobs.com : 2010-12-06 21:32:57 - Verizon Business Security Blog - Today I was going about my usual business of analyzing IR case reports for the 2011 DBIR when I clicked over to CNN to see what was going on in the real world Lo and behold, front and center was an article about how the Pentagon s computers are only 60pourcents safe Being the wonk that I am, I http://www.secuobs.com/revue/news/269742.shtmlhttp://www.secuobs.com/revue/news/269742.shtml Secuobs.com : 2010-12-03 22:58:38 - Verizon Business Security Blog - Ok, who broke the Internet this week Come on, own up That s a bit of an exaggeration, but it s about the only headline we didn t see Reports of outages were the most common risk theme this week Comcast and Level3 have opposing views on peering and content delivery, and Comcast had their own outage problem http://www.secuobs.com/revue/news/269292.shtmlhttp://www.secuobs.com/revue/news/269292.shtml Secuobs.com : 2010-12-02 23:02:29 - Verizon Business Security Blog - By Tom Keech The level of protection offered by Protected Mode Internet Explorer is not well understood As such, there are common misconceptions about how secure it is As a member of Verizon Business Threat and Vulnerability Management practice, I set out to discover the full extent of how Protected Mode a feature that makes it http://www.secuobs.com/revue/news/268988.shtmlhttp://www.secuobs.com/revue/news/268988.shtml Secuobs.com : 2010-12-01 21:18:04 - Verizon Business Security Blog - At 3pm today RI s Alex Hutton alexhutton will be doing an interview over twitter with Dark Reading s Kelly Jackson Higgins DarkReading kjhiggins Follow along with the hashtag verizonDR on twitter http://www.secuobs.com/revue/news/268679.shtmlhttp://www.secuobs.com/revue/news/268679.shtml Secuobs.com : 2010-11-29 22:13:56 - Verizon Business Security Blog - Targeted and insider attacks lead this week s risk intelligence Neil Schwartzman reported targeted attacks on e-mail service providers, direct mailers and gambling sites FireEye reported on a cunning new backdoor that exploits CVE-2010-3962, the unpatched vulnerability in Internet Explorer The Register has a very thin on substance report of a targeted e-mail attack on a UK Ministry of Defense http://www.secuobs.com/revue/news/268077.shtmlhttp://www.secuobs.com/revue/news/268077.shtml