Tuesday evening the US Department of Labor's website got hacked, and served up malware!  People often get a false sense of security and think "I won't get hacked if I don't go to the bad parts of the web."

Even the trustworthy parts of the web can serve up malware from time to time.  It's really unsafe out there!  

In a recent cyber-heist, 50 million encrypted passwords were stolen from LivingSocial last week.  Since it takes a week or two to hack stolen encrypted passwords you can bet this week will be full of unauthorized account hijacking across the web, as people shared the same password between LivingSocial and other websites they use.  In an effort to make sure this doesn't happen to any of my friends, here's a friendly reminder to change your passwords!

There’s some really good actionable intelligence in this report from Palo Alto Networks.  I'm really pleased with the effort, and authoring of the content too, these guys really get it, and know how to share the ideas.  

The big things brought to light in this report are:

• 94% of undetected malware comes from the web, and remains undetected an average of 20 days.  From my own experience, I tell people it's 80%, so this surprised me too!
• Relatively accurate detection is possible for half of the undetected malware, by looking at any custom TCP/UDP network traffic and connections to newly registered DNS domains.
• Some good recommendations: Investigate any outbound SMTP that isn't from your mail server.  Restrict the access capabilities of unknown, newly registered, or dynamic DNS domains.

It’s really nice for us to see data like this support our tenacious efforts at Spikes.  

-B

Hackers, don't hack hospitals or power grids.  If you cause any loss of life or significant property damage it could be considered an act which justifies military or "conventional response".  This new Tallinn Manual from NATO's "Cooperative Cyber Defence Centre of Excellence" has a lot of good intentions and hopefully provides civilians some additional protection from cybercrime.