- [WEBINAR] Building a Threat Intelligence Program
- [WHITE PAPER] Building a Threat Intelligence Program That Works For You
- [Data Sheet] LookingGlass Cyber Threat Center
- [Data Sheet] Information Protection
Posted August 22, 2017
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“A stealthy group of hackers is using cloud infrastructure to attempt “low and slow” brute-force attacks on Microsoft Office 365 logins of senior executives at a broad swath of Fortune 2000 companies, according to recent research.
The cloud-on-cloud attacks, spotted earlier this year by Skyhigh Networks, appear to be an early example of a criminal or espionage group leveraging cloud infrastructure to hide not only their identity and the origins of their attack, but also the attack itself.
The research highlights the increased complexity of security issues companies face when they move to the cloud.”
“An overhaul of UK data protection laws that will effectively implement the EU General Data Protection Regulation (GDPR) will have a significant effect on the insurance industry, according to one expert.
Among a number of changes that the new Data Protection Bill will bring in is a strengthening of the ‘right to be forgotten’ rules, which will give more power to consumers as to the use of their personal information.
While rules about the ‘right to be forgotten’ already exist, the GDPR brings “significant” changes, although many businesses still don’t know what this means for them, Guy Cohen, head of policy at privacy engineering firm Privitar, told Insurance Business.”
“A new exploit kit (EK) has emerged recently on underground forums, where a malware developer is advertising it starting at just $80.
Called Disdain and discovered by malware analyst David Montenegro, the toolkit is available for rent on a daily, weekly, or monthly basis, priced at $80, $500, and $1,400, respectively. Security researchers have already managed to track the advert for the EK and learn more about its alleged capabilities.
According to Disdain’s author, the main features of the toolkit include domain rotator, RSA key exchange for exploits, panel server untraceable from payload server, geolocation, browser & IP tracking, and domain scanning capabilities.”
– Security Week