Saturday, March 7, 2015

Weekly Infosec News Summary - 02-08 Mar 2015

This isn't ALL the news, just the news that is most critical to small and medium organizations and which calls for action.

Law Firms Create Industry System for Sharing Data on Cyber Threats The banking, defense, and energy industries all have created systems for sharing cyber threat data, clearinghouses where organizations dealing with attacks or breaches can share information to help their peer organizations detect and deal with similar threats. Now a group of large, international law firms is doing the same for their industry.

Federal Cybersecurity Incidents up 15% in FY 2014 An OMB report released February 27th shows federal cybersecurity incidents at over 70,000 in fiscal year 2014. The total number may due as much (or more) to improved detection as to increased attacks. The most interesting aspect was the fact that the report says nearly half of the incidents could have been prevented by the use of stronger authentication methods, such as two-factor authentication. Is your organization using two-factor authentication?

"Domain Shadowing" on the Rise as it is Leveraged by Angler Exploit Kit The phenomenon of "domain shadowing" refers to the malicious practice of breaking into organization's hosted DNS settings and adding subdomains to point to malicious sites. This can happen with your organization's domain and can easily go undetected for a long time if you're not checking frequently. SANS' Internet Storm Center has an old post from 2011 on the phenomenon with good suggestions on avoiding it and monitoring if it's happening.

New Chrome Release, Chrome 41, Fixes 51 Vulnerabilities A new release of Google Chrome was released last Tuesday. The new release fixes fifty-one security flaws, many of them serious. Chrome has a robust and highly automated update mechanism, so your Chrome installations have most likely already updated themselves. If your organization runs a centrally-managed deployment of Chrome, be sure to test and release this update if you haven't already.

D-Link Releases Firmware Updates for a Number of Vulnerable Routers A major vulnerability in D-Link router/firewalls was publicized last Monday, and an update is now available. Like most router/firewall vulnerabilities, this one is most dangerous when administration is allowed from outside the protected network. These routers are most often used in homes and very small organizations, but may be in use in some branch offices as well. Also, the threat is significant enough to pass the information off to your users if they work from home at all. This vulnerability also highlights the danger of disallowing remote administration of your firewall; THIS is an issue that affects many organizations' enterprise-class firewalls as well as many home firewalls.

No comments:

Post a Comment