FAQs
Q: What is the purpose of this blog?
A: This blog serves to aggregate and present a daily digest and summary of cyber security information, with a special focus on prevailing cyber threats and the Asian region.
Q: Who owns or maintains this blog?
A: It is started and maintained by a cyber security enthusiast who does it in his spare time.
Making public these summary digests is my way of sharing and an extension of my personal interest. I hope that readers benefit from and find value in the compiled daily news digests and summary reports.
On some rare occasions, reports may include links to certain articles promoting a cyber security product or service or written with a slant or bias toward certain party. The inclusion is purely by mistake when classifying the article.
Q: Why are you running this blog? What are your aims / motives / rationales / reasons?
A: As a techie, I am interested in reading cyber security information in my free time. But given the amount of information appearing everyday, I want to my news organized in some meaningful way before I read them. Therefore, I developed structured -- and hopefully logical -- filing systems for grouping and organizing these news articles, taking reference from how news sites generally organize their news and knowledge of cyber security concepts.Making public these summary digests is my way of sharing and an extension of my personal interest. I hope that readers benefit from and find value in the compiled daily news digests and summary reports.
Q: Are you paid or sponsored?
A: Threat Sighting is not sponsored or paid by any entity, and does not have any relationship with any of the information sources or businesses. Inclusion of links in this blog is purely neutral and does not indicate any endorsement of products or services. Furthermore, there is no preferential treatment given to any information sources.On some rare occasions, reports may include links to certain articles promoting a cyber security product or service or written with a slant or bias toward certain party. The inclusion is purely by mistake when classifying the article.
Q: What types of reports or posts can I find on this blog?
A: At the moment, there are 6 reports: APT report, daily brief, region brief, sector brief, threat report and platform report. Depending on the reader's preference on the news articles they wish to read, and how they ought to be grouped, they can choose to focus on one or more reports.
- Daily Brief. A newspaper-like with a mix of geographical and topical sections. Special focus is placed on Asia, with articles covering other regions or locations under the World section. This is the preferred option for most general readers.
- Region Brief. This organizes articles into the major regions of the world: North America, South America, Europe, Africa, Asia and Oceania. It is useful for some readers who are only focused on specific world region. However, do note that the majority of cyber security articles are not geographically specific and thus do not include or mention a geographical location or region. Readers may miss other important news that are not related to a geographical region.
- Sector Brief. Similar to the region brief, the Sector Brief is to cater to readers interested only in cyber news for specific industry sectors or vertical markets. The same disclaimer for Region Brief applies here that non-sector specific general news are not included in this Sector Brief. Readers may miss other important cyber news that may affect them if they only read Sector Briefs.
- Threat Report. The Threat Report groups articles into major cyber security concepts, and may be to readers who are interested in specific topics like types of attacks and threats. Accuracy of the classification and categorization is not perfect, but it generally works well enough for 80% to 90% of the time.
- Platform Report. The Platform Report classifies articles into various common operating systems for desktop and mobile computing devices. This format is useful for the general public interested in only desktop or mobile devices, or for engineers focused on maintaining or supporting computing devices running one or more of the operating system platform.
- APT Report. The APT Report is for the cyber security professionals such as security analysts and engineers who are tasked with defending high value targets and their high profile clients against sophisticated adversaries. The APT Report does not contain articles related to other low level threats and is thus much more concise in its coverage, and also more time saving to read.
Q: How frequent and when are reports produced and posted?
A: The reports are being produced daily approximately every 24 hours, and generally posted between 01:00 and 03:00 (UTC). However, this is a manual process and there is no system running 24x7 -- and no backup systems -- to ensure these reports are produced daily at a scheduled time. Thus, there is no guarantee on the timeliness, quality, accuracy on the reports and the information contained within since this is not a professional paid service.
On certain days, I may skip the reporting, though I may try to make up by producing the reports at a later date/time. Again, no guarantee. There are many possible reasons for such an event to happen, ranging from personal issues, computer breakdowns, unavailability of Internet access etc. The possibilities are endless. Just assume the the reports on this blog will appear if they can, and won't if they can't on a best effort basis.
If you are a professional whose job depends on acting timely on cyber threat intelligence, or if you are doing something mission critical and you depend heavily on cyber security to protect your high value assets, don't depend on this blog for the information to do so. It is definitely wise and highly recommended to engage the service of one or more professional security vendors with the resources and expertise to do so.
On certain days, I may skip the reporting, though I may try to make up by producing the reports at a later date/time. Again, no guarantee. There are many possible reasons for such an event to happen, ranging from personal issues, computer breakdowns, unavailability of Internet access etc. The possibilities are endless. Just assume the the reports on this blog will appear if they can, and won't if they can't on a best effort basis.
If you are a professional whose job depends on acting timely on cyber threat intelligence, or if you are doing something mission critical and you depend heavily on cyber security to protect your high value assets, don't depend on this blog for the information to do so. It is definitely wise and highly recommended to engage the service of one or more professional security vendors with the resources and expertise to do so.
Q: What time period is covered for the reports?
A: The reports are produced daily every 24 hours between 01:00 and 03:00 (UTC), covering the articles, blog posts and tweets released in the previous day. Fresh information just released in the current day from 00:00 (UTC) up till the time the reports are produced are captured, but are not included in the reports. They are kept and included in the reports generated the next day.Q: Is it possible to update it more frequently if it is too slow?
A: The short answer at the moment is no due to several considerations.
- This is a personal project being run on a recreational basis in my spare time. I can't devote my whole day to keep monitoring whether the reports are being produced duly on an hourly basis.
- It is technically possible to keep pushing out news as they appear on the Internet if we have an aggressive monitoring policy, but this would be a full time professional endeavor.
- Pushing out news in real time as they appear on Twitter is great for people -- usually cyber security professionals -- seeking to act on any breaking news. However, this blog would turn up pushing small discrete pieces of news with little/no organization or categorization just like a Twitter feed would. And most readers would rather follow the Twitter feeds.
Q: Why is there no short snippet or summary for each link?
A: The primary reason is avoiding copyright violation. I hope sharing only the title and URL link will stay legal forever even for articles behind paywall.
At the moment, it may be legal to reproduce a short snippet summary using the first line, first paragraph or first X number of characters, . However, I have never found any law that explicitly says that it is definitely legal worldwide. Given that copyright laws are not universal, and not uniformly interpreted in different countries and regions, I have chosen to err on the side of caution.
As such, I am depending on writers to describe their contents succinctly and attract readers solely using their article titles.
At the moment, it may be legal to reproduce a short snippet summary using the first line, first paragraph or first X number of characters, . However, I have never found any law that explicitly says that it is definitely legal worldwide. Given that copyright laws are not universal, and not uniformly interpreted in different countries and regions, I have chosen to err on the side of caution.
As such, I am depending on writers to describe their contents succinctly and attract readers solely using their article titles.
Q: The reports look long. Are any news articles actually filtered or curated?
A: I currently monitor approximately over 150 news sources including blogs and Twitter feeds. Approximately 40% to 50% of all these new articles get selected each day and are included in our reports. There are certainly a lot of cyber security and cyber threat related news being produced each day.Q: What is the editorial, news selection and curation policy?
A: The reports are primarily focused on presenting prevailing and emerging cyber threats and cyber attacks. Cyber security articles on cyber security technologies, techniques or management are generally not included or deemphansized. Sometime, a few may be included by mistake, but that is when they are misinterpreted and misclassified as covering a cyber threat or cyber attack.Q: Why are certain news repeated?
A: Certain important events may get reported by several news sources at different time or on different day. Some may even retweet or re-post the same or similar articles and updates several times a day. All repeated posts and updates get registered as a "new" item with an new timestamp in the previous day.Q: I am a web site owner and I object to the sharing of links to my contents in this blog, what should I do?
A: Notify me using the Contact Form at the bottom right, include the domain name of your web site, and the links to the reports in this blog linking to your site.
I would be glad to comply with your instruction and stop monitoring your site for articles to be included in all future reports.
I would be glad to comply with your instruction and stop monitoring your site for articles to be included in all future reports.
