A Review of the Best News of the Week on Cyber Threats & Defense

How DARPA sparked dreams of self-healing networks (C4ISRNET, Dec 27 2017)
DARPA’s Cyber Grand Challenge showed how artificial intelligence could give the Defense Department the edge in the ongoing cat-and-mouse network battles.

Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation (Dark Reading, Dec 29 2017)
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.

Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker (McAfee Blogs, Dec 20 2017)
CTB Locker, also known as Critroni, is known as one of the largest ransomware families—helping to drive a new ransomware surge of 165 percent in 2015 as one of the top three ransomware families, and earning a spot as No. 1 just a year later. Operation Tovar, in which law enforcement agencies took down the infrastructure responsible for spreading CryptoLocker, created a need for more malware—CTB Locker and CryptoWall malware families helped to fill the gap.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

New Research: How to Actually Test Security? (Gartner Blog Network, Dec 26 2017)
First, a quick poll: how many types of security testing do you know? Let me try…
Penetration testing (PT)
Red teaming (RT)
Vulnerability assessment
Application security testing (AST)
Security rating services (like BitSight and SecurityScorecard)
Attack, threat, breach simulation tools
Others, possibly many others….

Email scam using Xero invoice as bait detected (SC Magazine, Dec 27 2017)
A large email scam centered on a fake Xero invoice was detected by the firm Mailguard, the second such campaign using the popular cloud-based accounting software this month.

What is a Threat Library? (ThreatQuotient, Dec 12 2017)
A threat library should:
Serve as an organized, indexed and searchable location for structured and un-structured security information.
Be easily accessible not only from a native interface, web or otherwise, but it should also provide access to the data from remote systems through an API or other easily accessible means.
Automatically aggregate and normalize data while maintaining a consistent trail of information on what has been added or modified, by whom, and when.

Acoustical Attacks against Hard Drives (Schneier on Security, Dec 26 2017)
Despite the widespread use of HDDs and their critical role in real-world systems, there exist only a few research studies on the security of HDDs. In particular, prior research studies have discussed how HDDs can potentially leak critical private information through acoustic or electromagnetic emanations.

How to Detect NMAP Scan Using Snort (Hacking Articles, Dec 22 2017)
In this article we are testing Snort against NMAP various scan which will help network security analyst to setup snort rule in such a way so that they become aware of any kind of NMAP scanning.

3 Cyber Threat Intelligence Myths — Busted (Recorded Future, Dec 27 2017)
1) We can get all the threat intelligence we need from internal data and logs.
2) External threat intelligence is just a matter of tapping into data feeds.
3) Threat intelligence experts can easily analyze threat data feeds.