You are viewing 'GTIR'
We are excited to announce the publication of our new Global Threat Intelligence Report (GTIR). The report is our most comprehensive one yet. Analyzing content from NTT Group companies and data from our new Global Threat Intelligence Center, the GTIR highlights the latest phishing and ransomware attack trends, and the impact of today’s threats against global organizations.
Most cybersecurity reports are meant for security professionals. They are not intended for use by anyone without significant security knowledge and experience. But we have taken a different approach for this year’s GTIR. We want to provide a resource for educating everyone with security responsibilities, from security and IT professionals through to executives, management, and end users. In today’s... read more >
Observations of the Trends and Statistics that Shaped Cybersecurity in 2015
Now in its fourth year of publication, the 2016 Global Threat Intelligence Report (GTIR) highlights observations and details about global threats. In this year’s report we continue tracking trends that have affected our clients over the last few years, as well as identify the new threats that presented themselves in 2015.
This year’s GTIR provides actionable intelligence, guidance about what attackers are doing, and comprehensive security controls designed to disrupt attacks. Controls recommended in this report will contribute to an organization’s survivability and resiliency in the face of an attack.
To develop this year’s annual report, we collaborated with several well-respected organizations, including Lockheed Martin, Recorded Future, Wapack Labs, and the Center for Internet Security. These contributors provided key feedback and observations from their unique perspectives of the cyber... read more >
Flash continues to pose a significant threat
Again with the Flash.
It seems like only yesterday I wrote a blog about a critical patch for Adobe Flash Player. And suddenly this week we have more. Yeah, not only is it yet another Flash vulnerability, it is multiple CVEs, with CVSS scores of 10 – with a high impact (execute arbitrary code or DoS), and simple to exploit. Actually, given the way Flash has been doing so far this year, it seems like that is more like “about every 35.5 hours” we would see a new Flash vulnerability.
Think about that.
“Every 35.5 hours.”
Actively patching can help remove active, known vulnerabilities
There is no “silver bullet” to security. No single, one security control which will answer all of our security woes.
But, time and time again, we hear of vulnerabilities which are affecting organizations, right now. A good example is the Adobe Flash Player vulnerability (CVE-2015-3113). If you check the details for the vulnerability, you can see that it has a CVSS score of 10. You can also see that it has been actively exploited in the wild; meaning attackers have been using it, and are using it right now.
This is a client system vulnerability. Adobe Flash Player runs on the user workstation. We all know that it can be difficult to keep all systems current, especially in a heterogeneous, geographically distributed environment.
But, Adobe has released a patch for this vulnerability, and applying that patch can remove a current, known threat from your environment. For more... read more >
An alternate take on the snake
I guess it is time to take off my shoes, because I have run out of fingers to count the number of times I read "OMG THIS IS THE NEXT HEARTBLEED!" for normal vulnerabilities.
Marketing firms have definitely figured out how to promote their researchers' activities:
Scary Name + Cool Logo == Unique Hit Counts == KPI met on your next review
I get it. I totally do. It becomes an issue, however, when every blog site picks it up and people start getting freaked out about relatively normal things.
- New vulnerabilities occur all the time
This includes high, medium and low priority vulnerabilities. Some are pretty bad, allowing for sensitive information disclosure, denial of service, or remote code execution. Most software engineers are not magicians who create perfect code every time. Even those who are have their code pieced together with the work of others, resulting in unintended...