If you are having trouble viewing this email,
click here to view this online
 |
| |
VOLUME 66 |
ISSUE 66 |
20 January 2017 |
|
| | Article of the Month | | | | Around the World | |
Sri Lanka CERT|CC trains Bhutan
Computer Incident Response Team (BtCIRT)
|
| | |
Sri Lanka CERT|CC, the
national center for cyber security in Sri Lanka, recently undertook an
assignment to train the staff of Bhutan�s national CERT.
Bhutan Computer Incident Response Team (BtCIRT) is a part of the
Department of Information Technology and Telecom, Ministry of
Information and Communication of Bhutan. The team commenced operations
in April 2016.
On the request of Bhutan�s Ministry of Information and Communication,
Sri Lanka CERT|CC invited Bhutan CERT staff for a 4 day training
programme on CERT operations. Five Bhutan CERT staff were trained
under this programme. The training commenced on 26th December 2016 at
Sri Lanka CERT|CC's offices, and all the training was conducted by Sri
Lanka CERT|CC staff. The training consisted of in-house experience
sharing sessions as well as high-level technical sessions relating to
Incident handling, Vulnerability Assessment, Penetration Testing and
Digital Forensics Investigations, as well as Information Security
Policy Formulation and Implementation.
Sri Lanka CERT|CC is a
Member of the Asia Pacific Computer Emergency Response Team (APCERT)
and the Forum of Incident Response and Security Teams (FIRST).
As an active and long-time Operational Member of APCERT, Sri Lanka
CERT|CC is expected to perform certain tasks within the community,
such as participating in regional incident response drills, signing up
for APCERT initiated security projects, sharing threat intelligence,
and building and maintaining contact with other APCERT members.
Additionally, Sri Lanka
CERT|CC supports newly established CERT teams in the region to develop
their capabilities and obtain membership of APCERT and FIRST. Earlier
this year (2016) Sri Lanka CERT|CC helped Tonga CERT officials with
in-house experience sharing sessions, that eventually led to the
establishment of Tonga�s national CERT. A similar assignment was
undertaken in November 2016, when Sri Lanka CERT|CC sponsored
Bangladesh�s application for Asia Pacific CERT membership, by carrying
out a comprehensive audit of Bangladesh national CERT�s operations.
Founded in 2006, the Sri Lanka Computer Emergency Readiness Team |
Coordinating Centre (Sri Lanka CERT|CC), is Sri Lanka�s National CERT
and a fully owned subsidiary of ICTA under the supervision of the
Ministry of Telecommunications and Digital Infrastructure. It is
mandated with the task of protecting Sri Lanka�s Information and
Information Systems infrastructure. Its services range from responding
to and investigating information security breaches, to preventing
security breaches by way of awareness creation, security assessments
and security capability building. It is a member and the national
point of contact, for both the Asia Pacific Computer Emergency
Response Team (APCERT) and the Forum of Incident Response Security
Teams (FIRST), which are regional and global associations
respectively, formed to coordinate security efforts between nations.
Learn more at
www.cert.gov.lk
| | | | | | |
References | | |
1 Statistics on the Internet
growth in Sri Lanka | | |
http://www.trc.gov.lk/images/pdf/ | | |
statis_sep_2012.doc | | |
2.The Dragon Research Group (DRG) | | | |
http://www.dragonresearchgroup.org/ | |
3.TSUBAME (Internet threat
monitoring system) from JPCERT | CC | | |
https://www.jpcert.or.jp/english/tsubame/ | | |
4.Shadowserver Foundation | | | | | | | | | | |
http://www.shadowserver.org/wiki/ | | |
5. Team Cymru | | |
http://www.team-cymru.com | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | |
| |  | | | | |
 | | |  |
Cyber-savvy New Year�s resolutions you�ll want
to keep | | | |
| | | |
"....For many, the New Year is a
great time for starting afresh and improving on behaviors and actions from the
previous year. As a result, many of us turn our attention to New Year�s
resolutions � setting goalposts for the year ahead. While losing weight,
quitting smoking or hitting the gym are all popular resolutions, it�s worth
giving thought to your relationship with technology too....." | | | |
The economics of ransomware revealed | | | |
"...70 percent of businesses
infected with ransomware have paid ransom to regain access to business data
and systems. In comparison, over 50 percent of consumers surveyed said they
would not pay to regain access back to personal data or devices aside from
financial data, according to IBM Security..." | | | | | | | |
The 10 biggest security incidents of 2016 | | |
|
'...2016 has been a challenging year for politics, public sanity and
celebrity longevity, but also, for individuals and companies, a testing
time in terms of online security. Pitted against increasingly
sophisticated and targeted cybercriminals, it�s not been easy going, as
these notable security incidents from the past 12 months reveal.....' | | |
| | |
Intel Core i7-7700K Kaby Lake review: Is the
desktop CPU dead? | | | | |
| |
| | |
'....The Intel Core i7-7700K is what happens when a chip company stops
trying. The i7-7700K is the first desktop Intel chip in brave new
post-"tick-tock" world�which means that instead of major improvements to
architecture, process, and instructions per clock (IPC), we get slightly
higher clock speeds and a way to decode DRM-laden 4K streaming video.
Huzzah.......' | | |
5 disruptive technologies to track in 2017 | | |
 | | | |
'....Digital transformation is sparking change on many fronts, which
means IT professionals have a lot to tackle as they head into 2017.
As part of this march toward IT-driven reinvention, tech leaders are
keeping watch on several emerging technologies that they believe will be
catalysts for long-term innovation.....' | | |
| |
|
|
Month in Brief | |
Facebook Incidents
Reported to Sri Lanka CERT|CC in December 2016 | | |
 | |
| | |
Statistics - Sri Lanka CERT|CC | |
|
| | |
| | | |
Police mull gathering crime evidence from smart
home devices | |
 | |
'...Detectives are being trained to process data gathered from
Internet of Things (IoT) �smart� devices for use in criminal
investigations, Scotland Yard�s forensic head Mark Stokes has told The
Times.
Internet-enabled fridges, toasters, washing machines and coffee makers
have endured a mixed press � security flaws that render them
potentially hackable have been a recurring theme recently � but to
police the forensic opportunity is the real deal....' | |
Google Researcher Finds Certificate Flaws in
Kaspersky Products | |
| |
"...Google Project Zero
researcher Tavis Ormandy has discovered two serious certificate-related
issues in Kaspersky Lab�s anti-malware products. The flaws were addressed by
the security firm in late December.
The first vulnerability, rated �critical� by Ormandy, is related to how
Kaspersky Antivirus inspects SSL/TLS connections. According to the expert,
Kaspersky uses a Windows Filtering Platform driver to intercept outgoing
HTTPS connections...." | |
Chinese hackers of NY law firms charged | |
 | |
�...After hacking their way into the networks of seven law firms and
siphoning out data that was used in making $4 million profit in trades,
three Chinese men were hit with charges and one was arrested......� | |
FOUR NEW NORMALS FOR 2017 | |
 | |
Let�s not talk about cybersecurity predictions for 2017. Let�s talk
instead about new normals, things that have ceased to be novel because,
well, they happen all the time and everywhere.
Let�s concede that things such as greedy ransomware, imposing IOT
botnets, high-profile bug bounties and bug-buying-and-selling
governments aren�t going away. They can�t be fixed; won�t be swayed; are
part of the landscape; insert your favorite clich� here.' |
| | | | |
| | Notice Board | | | | Training and Awareness Programmes
- January 2017 | | | | | | | | | | Date | Event | | Venue | | | | | | |
10th to 11th January |
University Grants Commission, Colombo 07
| |
Awareness program on student admission procedure for State
Universities � Sinhala medium
| | |
16th January |
University Grants Commission, Colombo 07
| |
Awareness program on student admission procedure for State
Universities � Tamil medium | | |
23rd to 27th January |
Meepe, Leadership Training Center,
| |
A/L Syllabus Training
| | |
|
| |
| | |
|
| |
| | |
|
| |
| |
|
| |
|
|
| | | | | Brought to you by: | | | |  | |
|
|