Cybersecurity reports, blog posts, and white papers are not in short supply these days, so I thought I would help folks decide what subset to read. I'm hoping this will make up for some of the neglect this blog has suffered over the past few months, due in no small part to my heavy--yet enjoyable--workload at ESET.
- The paper "Follow the Money" offers great insight into the spam business today. A lot of other papers worth reading are listed on the same page.
- The Trustwave Global Security Report 2012 has a lot of interesting statistics, some quite surprising: "Industries with franchise models are the new cyber targets: more than a third of 2011 investigations occurred in a franchise business."
- The Verizon 2011 Data Breach Investigation Report (pdf) is almost a year old but still worth reading is you haven't already. Good background for the 2012 report.
- Some highlights from the forthcoming Verizon 2012 DBIR, like "29% of threat incidents involved the ability to guess a user's password correctly."
- Selections from the ESET Threat Blog:
- Drive-by FTP: a new view of CVE-2011-3544. Novel way to distribute the payload for the most common java exploit.
- OSX/Imuler updated: still a threat on Mac OS X and hiding Trojan code in erotic pictures.
- Modern viral propagation: Facebook, shocking videos, browser plugins, spreading Koobface, Boonana, Win32/Delf.QCZ, Yimfoca, and more.