Two high profile breaches have resurfaced in the media again along with a newly announced breach. LinkedIn was breached in 2012, Tumblr in 2013 and most recently MySpace in June 2016. If you had accounts at any of these sites, you may have been advised to change your password, and as a good cyber citizen, you probably logged on and made the obligatory password change. But did you think through the consequences?
By Jordan C. Rakoske
We have exciting news about our Windows releases! Over the past year and a half, our Windows community has worked very hard reviewing all of the benchmarks that we had previously released as well as focusing on the new upcoming line of Windows OS's (Windows 10 and Server 2016). Our First big updates released were our Windows 8.1 v2.0.0, Server 2012 R2 v2.0.0, and Windows 10 v1.0.0. Since then we have spent months reviewing all of the new and old Windows settings across all of our Windows Benchmarks. We worked closely with Aaron Margosis and Rick Munck from Microsoft to answer any technical questions that came up in the community and to help address some items within Microsoft Group Policy Templates.
by Dilan Samarasinghe, SOC Analyst
MS-ISAC has recently observed an increase in malware that is most often disseminated through malvertising. Malvertising, or malicious advertising, is the use of online, malicious advertisements to spread malware and compromise systems. Generally this occurs through the injection of unwanted or malicious code into ads. Malicious actors then pay legitimate online advertising networks to display the infected ads on various websites, exposing every user visiting these sites to the potential risk of infection. Generally, the legitimate advertising networks and websites are not aware they are serving malicious content.
CIS Community Newsletter
1. Benchmark Participation Needed for NGINX, Palo Alto and Cisco ASA
Your feedback and participation helps ensure that CIS Benchmarks continue to reflect security best practice. All contributors will receive attribution in the associated Benchmark and are eligible to earn CPE credits toward maintaining (ISC)2 certifications. We’re looking for help in the following areas:
• Palo Alto Networks – Editors and contributors needed to provide feedback and test draft benchmark
• NGINX – Editors and contributors needed to define scope, draft the benchmark, test and provide feedback
• Cisco ASA – Editors and contributors needed update existing benchmark, test and provide feedback
New Year’s Resolutions for a CISO
By the I&AWG
Every January 1st we take a few minutes to reevaluate our lives and where we want to be, and then create (occasionally) realistic resolutions to make our lives healthier or happier. It’s a tradition. A week or a month or two later we skip, slide, and forget about these resolutions until another January 1st rolls around and reminds us that we were going to do something.
So here we are, beginning February, the traditional time when resolutions start to slip, with a few new ones for you. While the following 15 resolutions won’t get you to an exotic island or help you hit the gym more often, hopefully, these will bring some happiness and ease into your work as a CISO. So pick a few (or take on them all!) and hop onto the bandwagon to do more this year with these easy (easier) resolutions that will make a difference in 2016. (There is also a handy one-page printable version https://www.cisecurity.org/documents/documents/Resolutions_for_2016.docx that you can hang as a reminder or print and put by the water cooler to get everyone on board with improving cybersecurity.)
by Intel & Analysis Working Group
This blog is the first of several by the Multi-State Information Sharing and Analysis Center’s (MS-ISAC) Intel & Analysis Working Group (I&AWG) on Cyber Threat Intelligence and intelligence analysis. Starting with this blog we will explore what is cyber threat intelligence, and examine what it is used for, its value to MS-ISAC members, the difficulties inherent in developing cyber threat intelligence, and the varying components of intelligence, such as Words of Estimative Probability.
Cyber threat intelligence is what cyber threat information becomes once it has been collected, evaluated in the context of its source and reliability, and analyzed through rigorous and structured tradecraft techniques by those with substantive expertise and access to all-source information. Like all intelligence, cyber threat intelligence provides a value-add to cyber threat information, which reduces uncertainty for the consumer, while aiding the consumer in identifying threats and opportunities. It requires that analysts identify similarities and differences in vast quantities of information and detect deceptions to produce accurate, timely, and relevant intelligence.
Ben Spear, Intel Cyber Analyst
National Cyber Security Awareness Month (NCSAM) kicked-off in Nashville this morning with a launch event featuring the U.S. Department of Homeland Security, the Center for Internet Security/Multi-State ISAC, the National Association of Chief Information Officers, the National Cyber Security Alliance and many other partners, who gathered to celebrate the eleventh year of Awareness Month.
WordPress Pingback Feature being used in DDoS Attacks
Written by Stacey Wright, Senior Security Intelligence Analyst