A very interesting week with significant
implications for everyone. The
spear-phishing attack is certainly a wake-up call, a hack in the U.K. could
happen anywhere and mid-size companies appear to be the current target. However, perhaps of greatest concern could be
the impact of the H1N1 virus upon the Internet and for those doing business in
the U.S. a possibility for additional controls relative to the Internet.
The DHS Daily Open Source Infrastructure Report (DHS) covers
the publicly reported material for the preceding day(s) not previously
covered. This weekly summary provides a selection of those items of
greatest significance to the InfoSec professional.
Should you not be aware of even one of the items discussed
below it would be wise to familiarize yourself with it. The headline above each entry will take you
directly to the DHS report which presented the item for ten business days from
the date of inclusion. The Source link
will take you to the original source cited by DHS.
Week Ending:
Friday, October 30, 2009
Infrastructure
Report for Monday, 26 October 2009
Is it possible your firm is one suffering from this vulnerability?
37.
October 22, DarkReading – (International) Major secure email
products and services miss spear-phishing attack. A spear-phishing
experiment conducted during the past few days by a researcher has netted some
disturbing results: Most major enterprise email products and services were
unable to detect a fake LinkedIn invitation on behalf of a very well known
philanthropist which landed successfully in users’ inboxes. Source: http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=220900191
Infrastructure
Report for Tuesday, 27 October 2009
Could such a hack happen to your firm?
40.
October 26, IDG News Service –
(International) Guardian jobs site falls victim to ‘sophisticated’ hack. A
major U.K. newspaper has notified 500,000 people that details they posted to
the newspaper’s employment site may be in the hands of hackers. Source: http://www.networkworld.com/news/2009/102609-guardian-jobs-site-falls-victim.html?hpg1=bn
Infrastructure
Report for Wednesday, 28 October 2009
Suffering Internet performance issues? It could be due to the H1N1 virus!
40. October 27, Washington Post – (National) Internet networks unable to handle H1N1 telework traffic: GAO. As concerns rage over the spread of the H1N1 flu, a federal report showed that a pandemic that would keep millions of Americans at home could also overload Internet networks. Source: http://voices.washingtonpost.com/posttech/2009/10/as_concerns_grow_over_the.html
Infrastructure
Report for Thursday, 29 October 2009
Midsize companies seem to be the target. Are you at risk?
38. October
28, CNET – (International) More security breaches hit midsized
companies. More midsized companies are being attacked by cybercriminals at
the same time they are spending less on security, says a McAfee report released
on October 28. Source: http://news.cnet.com/8301-1009_3-10384916-83.html
Infrastructure
Report for Friday, 30 October 2009
Federal
standard for reporting data breaches? No
matter where you stand on the issue, this is a matter of concern!
12.
October 28, Nextgov – (National) Federal, industry reps call
for national standards to report data breaches. The Homeland Security
Department should establish a national standard to encourage companies and
individuals to report data breaches to federal authorities, helping them gauge
the intensity of cyberattacks and investigate cybercrime, security
professionals said on October 28. Source:
http://www.nextgov.com/nextgov/ng_20091028_3572.php?oref=topnews
Note:
The DHS only maintains the last ten days of their reports online. To
obtain copies of earlier reports or complete summaries, go to:
http://dhs-daily-report.blogspot.com/