A very interesting week with significantimplications for everyone.  Thespear-phishing attack is certainly a wake-up call, a hack in the U.K. couldhappen anywhere and mid-size companies appear to be the current target.  However, perhaps of greatest concern could bethe impact of the H1N1 virus upon the Internet and for those doing business inthe U.S. a possibility for additional controls relative to the Internet.

The DHS Daily Open Source Infrastructure Report (DHS) coversthe publicly reported material for the preceding day(s) not previouslycovered.  This weekly summary provides a selection of those items ofgreatest significance to the InfoSec professional.

Should you not be aware of even one of the items discussedbelow it would be wise to familiarize yourself with it.  The headline above each entry will take youdirectly to the DHS report which presented the item for ten business days fromthe date of inclusion.  The Source linkwill take you to the original source cited by DHS.


Is it possible your firm is one suffering from this vulnerability?

37.October 22, DarkReading– (International) Major secure emailproducts and services miss spear-phishing attack. A spear-phishingexperiment conducted during the past few days by a researcher has netted somedisturbing results: Most major enterprise email products and services wereunable to detect a fake LinkedIn invitation on behalf of a very well knownphilanthropist which landed successfully in users’ inboxes.  Source: http://www.darkreading.com/insiderth...leID=220900191


Could such a hack happen to your firm?

40.October 26, IDG News Service –(International) Guardian jobs site falls victim to ‘sophisticated’ hack. Amajor U.K. newspaper has notified 500,000 people that details they posted tothe newspaper’s employment site may be in the hands of hackers.  Source: http://www.networkworld.com/news/200...m.html?hpg1=bn


Suffering Internet performance issues?  It could be due to the H1N1 virus!

40. October 27, Washington Post – (National) Internetnetworks unable to handle H1N1 telework traffic: GAO. As concerns rage overthe spread of the H1N1 flu, a federal report showed that a pandemic that wouldkeep millions of Americans at home could also overload Internet networks.  Source: http://voices.washingtonpost.com/pos..._over_the.html


Midsize companies seem to be the target.  Are you at risk?

38. October28, CNET – (International) More security breaches hit midsizedcompanies. More midsized companies are being attacked by cybercriminals atthe same time they are spending less on security, says a McAfee report releasedon October 28.  Source: http://news.cnet.com/8301-1009_3-10384916-83.html


Federalstandard for reporting data breaches?  Nomatter where you stand on the issue, this is a matter of concern!

12.October 28, Nextgov– (National) Federal, industry reps callfor national standards to report data breaches. The Homeland SecurityDepartment should establish a national standard to encourage companies andindividuals to report data breaches to federal authorities, helping them gaugethe intensity of cyberattacks and investigate cybercrime, securityprofessionals said on October 28.  Source:http://www.nextgov.com/nextgov/ng_20...p?oref=topnews

Note: The DHS only maintains the last ten days of their reports online.  Toobtain copies of earlier reports or complete summaries, go to:


 




More...