Digital Common Sense

The US-CERT Quarterly Trends and Analysis Reprot came out today. It’s a look at events reporte to US-CERT from 7/1/06 to 9/30/06. It’s a fair snapshot into a specific window of time.

Here are some points of interest:

• Scans, Probes and Access Attempts was the largest incident category at 85.6%. Followed by Malicious Code at 4.1% and Unauthorized Access at 3.6%.
• Phishing reports made up 83.9% of reported incidents, reinforcing the point that phishing is the biggest security issue on the Internet today.

Zero-day exploits comprised a large concern, fueled by a zero-day exploit affectingMicrosoft’s Vector Markup Language (VML) in InternetExplorer in September. This has led to a great deal of discussion around third-party patches. US-CERT maintains a “buyer beware” approach to third-party patches.

Emerging Threats

• Blended threats stay high on the radar
• Threats to electronic devices like MP3 players and PDAs rose into high visibility
• Phishing remains a major concern

Stay informed and involved by subscribing to the products included in the US-CERT National Cyber Alert System. There are four products available for various technical levels and needs. They are as follows:

Technical Cyber Security Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.

Cyber Security Bulletins – Summarize information that has been published about new vulnerabilities.

Cyber Security Alerts – Alert readers to security issues that affect the general public.

Cyber Security Tips – Provide information and advice for non-technical readers about a variety of common security topics. Visit http://www.us-cert.gov/cas/signup.html to subscribe or learn more.

Technorati Tags: US-CERT, InfoSec

Filed by Ken at 10:59 am under InfoSec