There are two new reports out for general consumption.

I haven’t had a chance to read the Cisco 2010 Midyear Security Report yet, but it should be worth a read. There is a focus on more IT centric technologies as well as a look at spam and the trends there of.

Another document out for review is the 2010 Verizon Data Breach Investigations Report. This was a very good read last year and certainly the sections I have read have been very interesting. While I’m a little confused as to how they gathered their samples the results still prove to be very useful.

The interesting point for this years DBR is that they have included samples from the United States Secret Service breach data. While this may “skew” the output, Verizon believe it gives a more “real world” representation.

So there you have it, two reports to read through. Please get in touch and let us know what you think.

There’s a great technical overview of Zeusbot over at Secure Works. As many of you know, Zeus is still very much in use in the cybercrime underworld. Of late it’s been seen to use vulnerabilities in Adobe Reader and the PDF format to propagate itself onto more machines around the world.

If you want to know a little more about Zeus, we can highly recommend you take a look at the article here.

Cisco has a very interesting article recently on “Who’s Performing Computer Incident Coordination”.

The premise of the article is to give a high level overview of the roles and tasks a CSIRT needs to perform when an incident occurs. It’s certainly worth a read, even if you’re only considering starting an Incident Response Team within your
own organization.

This does raise the question, are the larger organizations really doing enough when it comes to Incident Response ?

Do you have a team fully capable of dealing with an incident ?

The full article can be read here.