Don't forget to register for this great conference that supports local infosec professionals and organizations.
This year's SUMMIT 2018 is scheduled for October 22-26, 2018 at the Cleveland I-X Center.
https://www.informationsecuritysummit.org/summit-2018/
August 17, 2018
August 4, 2017
G's Reading List for August 4, 2017
Security Concerns Lead to a Conference Boom
by Beth Thomas Hertz @ CrainsCleveland.com
Link to article: http://www.crainscleveland.com/article/20170729/NEWS/170729795/security-concerns-lead-to-a-conference-boom
Great conference - I highly recommend it! It's a week long event that's coming to Cleveland area the week of October 30, 2017. Details can be found here (https://www.informationsecuritysummit.org/ssw-2017/).
by Zelkja Zors, Managing Editor HelpNetSecurity.com
Link to article: https://www.helpnetsecurity.com/2017/06/22/attacker-tactics-techniques-procedures/
_____________________________________________
by Beth Thomas Hertz @ CrainsCleveland.com
Link to article: http://www.crainscleveland.com/article/20170729/NEWS/170729795/security-concerns-lead-to-a-conference-boom
Great conference - I highly recommend it! It's a week long event that's coming to Cleveland area the week of October 30, 2017. Details can be found here (https://www.informationsecuritysummit.org/ssw-2017/).
_____________________________________________
Forget about the malware, go after attackers’ tactics, techniques and proceduresby Zelkja Zors, Managing Editor HelpNetSecurity.com
Link to article: https://www.helpnetsecurity.com/2017/06/22/attacker-tactics-techniques-procedures/
_____________________________________________
March 19, 2017
G's Reading List for March 19, 2017
Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]
by Dan Goodin @ Arstechnica.com
Using 3 different exploits in Microsoft Edge browser, Windows 10, and then VMWare contestants were able to escape a virtual machine to compromise the host the VM was running on. Impressive.
Link: https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
by Dan Goodin @ Arstechnica.com
Using 3 different exploits in Microsoft Edge browser, Windows 10, and then VMWare contestants were able to escape a virtual machine to compromise the host the VM was running on. Impressive.
Link: https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
_____________________________________________
Malwarebytes teams up with Cybersecurity Factory
by Malwarebytes Labs
_____________________________________________
WikiLeaks to Share CIA Hacking Data with Tech Companies
by Marissa Lang, San Francisco Chronicle
Google Points to Another POS Vendor Breach
by Brian Krebs @ Krebs on Security
Another good thing about Google's site warnings.
Malwarebytes teams up with Cybersecurity Factory
by Malwarebytes Labs
Malwarebytes is proud to support Cybersecurity Factory, a 10-week summer program for early-stage cybersecurity companies. This program runs in collaboration with Highland Capital Partners provides teams with a $35,000 convertible note investment, office space, and dedicated security mentorship from industry leaders at leading companies throughout the United States...Link: https://blog.malwarebytes.com/malwarebytes-news/2017/02/malwarebytes-teams-up-with-cybersecurity-factory/
_____________________________________________
WikiLeaks to Share CIA Hacking Data with Tech Companies
by Marissa Lang, San Francisco Chronicle
WikiLeaks will release the code showing how the CIA managed to break into phones, work around encrypted messaging apps and avoid detection by software designed to defend against cyberattacks.
_____________________________________________
by Brian Krebs @ Krebs on Security
Another good thing about Google's site warnings.
Labels:
CIA,
Cyber Security,
Data Breaches,
Hacking,
Information Security,
InfoSec,
Malware,
POS Security,
WikiLeaks
December 4, 2016
G's Reading List for Dec.4, 2016
Some interesting quotes from a couple articles...
The Hard Thing About Safe Things
The Hard Thing About Safe Things
By Rich Seymour
October 12, 2016
https://www.endgame.com/blog/hard-thing-about-safe-things
Completeness
"This is an especially useful distinction for infosec, which often fails to integrate the insider threat element or human vulnerabilities into the security posture."
Clear Prioritization
"...urges practitioners and organizations to step back and assess one thing: What can I not accept losing?"
"Treating unacceptable loss as the only factor, not probability of loss, may seem unscientific, but it produces a safer system. As a corollary, the more acceptable loss you can build into your systems, the more resilient they will be."
Resilience
"...the rush to place blame hindered efforts to repair the conditions that made the accident possible." "To blame the user for clicking on a malicious link and say you’ve found the root cause of their infection ignores the fact that users click on links in email as part of their job."
From Theory to Implementation
"Cybersecurity epitomizes the complexity and systems of systems approach ideal for STPA. If we aren’t willing to methodically explore our systems piece by piece to find vulnerabilities, there is an attacker who will."
https://www.endgame.com/blog/hard-thing-about-safe-things
Completeness
"This is an especially useful distinction for infosec, which often fails to integrate the insider threat element or human vulnerabilities into the security posture."
Clear Prioritization
"...urges practitioners and organizations to step back and assess one thing: What can I not accept losing?"
"Treating unacceptable loss as the only factor, not probability of loss, may seem unscientific, but it produces a safer system. As a corollary, the more acceptable loss you can build into your systems, the more resilient they will be."
Resilience
"...the rush to place blame hindered efforts to repair the conditions that made the accident possible." "To blame the user for clicking on a malicious link and say you’ve found the root cause of their infection ignores the fact that users click on links in email as part of their job."
From Theory to Implementation
"Cybersecurity epitomizes the complexity and systems of systems approach ideal for STPA. If we aren’t willing to methodically explore our systems piece by piece to find vulnerabilities, there is an attacker who will."
Human Adversaries: Why Information Security is Unlike Engineering
By Matt Weeks
January 29, 2016
https://www.root9b.com/newsroom/human-adversaries-why-information-security-unlike-engineering
January 29, 2016
https://www.root9b.com/newsroom/human-adversaries-why-information-security-unlike-engineering
"There are many ways to break down these differences, which I’ve summarized in the table below, but a simple way to think about it is that in the fields without human adversaries (e.g. building bridges) once you have found a solution, (make sure your cables can support the expected loads and stresses) you can standardize that solution and be basically done."
"In contrast, human adversaries means your opposition is adaptable, intelligent, and goal-driven."
Doing the Unexpected
"In fields with human adversaries, although some actions will be standardized, complete predictability is a recipe for failure."
"In information security, those who have conducted offensive operations know that offensive groups will never send an attack they believe will be stopped by defensive measures."
"...we have intelligent, adaptive, goal-driven, human adversaries. So let’s learn from the fields that have been dealing with them for centuries."
November 24, 2016
G's Reading List for Nov.24, 2016
I read a lot - at least I try to find time to. I have to...just like all my peers in this the industry of information security. My focus is in the threat intelligence and infosec/cyber attack space and that requires even more reading. Thankfully there are a lot of smart people in this space with interesting insights, and my plan is to start highlighting these interesting articles, books, etc. in this blog more frequently. In some cases I may make some "piffy" comment about the article to give you an idea what it's about and/or my thoughts on it.
I don't have some catching name to call these posts so for now I'll call them "G's Reading List." Pretty inventive...huh?! not.
My hope is that you'll find these readings as interesting as I find them. Feel free to share your thoughts on them as well in the comment section. Also, I encourage you to share any interesting readings you've found related to my posts and if you let me know it's okay to share with others I will put it on this blog with full attribution (let me know if you don't want attribution).
Okay let's get this party started...here are two great posts by MalwareJake...
Source: MalwareJake
Source: MalwareJake
Wow, this is just embarrassing. C'mon, OpSec 101 people!
Labels:
CIA,
Counterstrike,
Cyber Security,
Operational Security
June 27, 2015
Interesting analysis' of US OPM data breach
If you are interested in the recent US Office of Personnel Management (OPM) data breach you'll want to check out the following articles and blog posts. For those not familiar with this breach, see here.
Richard Bejtlich has a great blog post regarding what Einstein and Continuous Diagnostic Monitoring (CDM) does and does not. He talks about a debate going on in the Federal govt. about CDM and the misconception they have about it. Statements are being tossed around that CDM searches for nefarious actors once they are already in networks. Richard rightly points out that CDM does not do this but rather it is a vulnerability management program which searches for known cyber flaws. Read more about this here:
http://taosecurity.blogspot.com/2015/06/continuous-diagnostic-monitoring-does.html (link)
Richard has a follow up post to the CDM debate where he talks about the House of Representatives' OPM breach hearings. One of the witnesses testimony incorrectly talks about CDM providing real-time anomalous behavior detection. Read more here:
http://taosecurity.blogspot.com/search/label/cdm (link)
Arstechnica article Why the "biggest government hack ever" got past the feds:
http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/ (link)
Richard Bejtlich has a great blog post regarding what Einstein and Continuous Diagnostic Monitoring (CDM) does and does not. He talks about a debate going on in the Federal govt. about CDM and the misconception they have about it. Statements are being tossed around that CDM searches for nefarious actors once they are already in networks. Richard rightly points out that CDM does not do this but rather it is a vulnerability management program which searches for known cyber flaws. Read more about this here:
http://taosecurity.blogspot.com/2015/06/continuous-diagnostic-monitoring-does.html (link)
Richard has a follow up post to the CDM debate where he talks about the House of Representatives' OPM breach hearings. One of the witnesses testimony incorrectly talks about CDM providing real-time anomalous behavior detection. Read more here:
http://taosecurity.blogspot.com/search/label/cdm (link)
Arstechnica article Why the "biggest government hack ever" got past the feds:
http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/ (link)
February 8, 2015
Chrome's weird DNS lookups
SANS ISC Handler Bojan Zdrnja has a great post on the ISC diary about how Google Chrome performs DNS prefetching lookups in order to speed up browsing. I hope you find the post as interesting as I did.
https://isc.sans.edu/diary/Google+Chrome+and+(weird)+DNS+requests/10312
Adding to Bojan's post I found a tip on how to disable the function:
http://hanxue-it.blogspot.com/2014/04/how-to-disable-dns-prefetching-in.html
September 19, 2014
Simple routing mistake breaks Internet on 18-SEP-2014
Did you know the Internet broke down for a bit on 18-SEP-2014? It's true...and all it took was a simple mistake with a routing table. Just ask VolumeDrive. At around 06:49 UTC on 18-SEP-2014, VolumeDrive started advertising to one of it's upstream ISPs (Atrato) all the routes it knew from another one of it's ISPs (Cogent).
How big was the mistake you ask? Well normally it advertises 39 networks (a.k.a. prefixes) but this time it advertised 400,000...that's 400K networks! The entire global routing table for the Internet is 500K networks, or 80% of the entire Internet.
The impact was traffic was rerouted through the ISP Atrato erroneously. Whoops. And this stuff can easily be done. A much more detailed (and quite good one I might add) can be found on Renesys' website. Go have a read.
http://www.renesys.com/2014/09/why-the-internet-broke-today/
How big was the mistake you ask? Well normally it advertises 39 networks (a.k.a. prefixes) but this time it advertised 400,000...that's 400K networks! The entire global routing table for the Internet is 500K networks, or 80% of the entire Internet.
The impact was traffic was rerouted through the ISP Atrato erroneously. Whoops. And this stuff can easily be done. A much more detailed (and quite good one I might add) can be found on Renesys' website. Go have a read.
http://www.renesys.com/2014/09/why-the-internet-broke-today/
June 15, 2014
US Senate is concerned about Internet 'malvertising'
The US Senate issued a report on the problems with Internet/online ad networks that are distributing malware to unsuspecting consumers. The investigation was conducted by the Committee on Homeland Security's Permanent Subcommittee on Investigations, which stated the objective was to raise consumer awareness and pressure ad networks to clean up the problems. The report is called "Online Advertising and Hidden Hazards to Consumer Security and Data Privacy" dated May 15, 2014. Senator Carl Levin and Senator John McCain led the committee.
At least some attention is being brought to this problem; it's a start. Now let's see what kind of results they can achieve. Sorry for my pessimism but I'm not going to be holding my breadth on this. Unless they are able to exact financial repercussions onto the networks, in my opinion little will be changed.
A PDF of the report is here:
http://www.hsgac.senate.gov/download/report-online-advertising-and-hidden-hazards-to-consumer-security-and-data-privacy-may-15-2014&ei=NiSdU86xKoGPyAT10oLACg&usg=AFQjCNEY4S1B-XiWvoDNCftD40ZwjC1_2A&bvm=bv.68911936,d.b2U
You can also find the transcripts from the associated hearing on May 15, 2014 here:
http://www.hsgac.senate.gov/hearings/online-advertising-and-hidden-hazards-to-consumer-security-and-data-privacy
At least some attention is being brought to this problem; it's a start. Now let's see what kind of results they can achieve. Sorry for my pessimism but I'm not going to be holding my breadth on this. Unless they are able to exact financial repercussions onto the networks, in my opinion little will be changed.
http://www.hsgac.senate.gov/download/report-online-advertising-and-hidden-hazards-to-consumer-security-and-data-privacy-may-15-2014&ei=NiSdU86xKoGPyAT10oLACg&usg=AFQjCNEY4S1B-XiWvoDNCftD40ZwjC1_2A&bvm=bv.68911936,d.b2U
You can also find the transcripts from the associated hearing on May 15, 2014 here:
http://www.hsgac.senate.gov/hearings/online-advertising-and-hidden-hazards-to-consumer-security-and-data-privacy
Citing: Credit to Spyware Sucks blog who highlighted this report. Go check out his blog, he has interesting posts there.
May 24, 2014
In the category of 'This is News?'
Two recent news stories invoked a 'this is new news?' reaction from me. More like 'this is OLD news.'
The one article is about Russians perpetrating cyber-espionage against American companies and the other is about online cyber-gangs hacking online companies. The victim of the latter news story is eBay (link here to story). Those of us in the information security industry who investigate compromises/breaches and track attackers are not surprised by any of this. We've seen Chinese and Russian attackers going after American company's systems, applications, data, etc. for many many years.
And it's not getting any better...they aren't letting up and neither are we. Keep fighting the good fight!
References:
FBI threatens to go after Russian hackers
http://rt.com/usa/161132-fbi-russian-hackers-china/
eBay hacking: online gangs are after you
http://www.telegraph.co.uk/technology/internet-security/10849689/eBay-hacking-online-gangs-are-after-you.html
The one article is about Russians perpetrating cyber-espionage against American companies and the other is about online cyber-gangs hacking online companies. The victim of the latter news story is eBay (link here to story). Those of us in the information security industry who investigate compromises/breaches and track attackers are not surprised by any of this. We've seen Chinese and Russian attackers going after American company's systems, applications, data, etc. for many many years.
And it's not getting any better...they aren't letting up and neither are we. Keep fighting the good fight!
References:
FBI threatens to go after Russian hackers
http://rt.com/usa/161132-fbi-russian-hackers-china/
eBay hacking: online gangs are after you
http://www.telegraph.co.uk/technology/internet-security/10849689/eBay-hacking-online-gangs-are-after-you.html
Subscribe to:
Posts (Atom)