Cisco’s research group Talos posted about their research on the Nuclear Exploit Kit HERE. They compare it to their research on Angler as well as break down the attack. Its a good read.
Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit kit and reveal details of the activity that were previously unknown. Now we have focused our attention on the Nuclear exploit kit with similar results. Continue reading →
Motherboard posted a very interesting article on the person behind the breach of Hacking Team. Many people heard about Hacking Team being hacked however until now, there wasn’t any explanation of who, how or why it was done. The original post can be found HERE.
Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it. Continue reading →
In the past, I wrote how to build a Lancope Stealthwatch lab found HERE. Since then, Cisco has acquired Lancope and many changes have been made including major improvements to the web GUI. I decided to delete my old lab and build a new one based on the latest 6.7.1 code. This post will cover how to install and configure a Lancope Stealthwatch lab made up of a Manager, Collector and Sensor. Continue reading →
Cisco’s research group Talos posted a detailed article on the history and current state of Ransomware HERE. They provided some best practices to protect your organization from being compromised. It is a bit of a long read but worth spending the time to check out.
The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we’re seeing ransomware evolve at an alarming rate. Continue reading →
The Kernel posted a fantastic article on how to create a new digital identity. The original post can be found HERE. You may think it is as simple as creating a new email or social media account however there are many ways to be tracked. This post goes into those details. Continue reading →
I was invited as a guest speakers on Dr. Chaos’s Security Podcast focused on the topic of Exploit Kits. For those unfamiliar with exploit kits, I posted a Exploit Kits 101 article HERE. In summary, exploit kits are tools attackers use to compromise and control systems. They are used to distribute malware such as remote access toolkits (RATs) and Ransomware. Below is a link to the youtube recording of the podcast. You can also find it on drchaos.com HERE. Continue reading →
This blog post will cover how to upgrade a virtualized FirePOWER manager from 188.8.131.52 to 6.0.1, ASA5512X running 184.108.40.206 centrally managed to 6.0.1 and 5506X not centrally managed from 220.127.116.11 to 6.0.1. I will also show how to install both the unified and non unified versions of 6.01. Let me explain what that means. Continue reading →
MedStar has been hacked and it looks really ugly. You can find healthcare informatics’s story below as well as HERE. The Baltimore post examiner also posted about it HERE. News reports confirmed a cyber-attack on the 10-hospital MedStar Health system that had disabled the organization’s EHR. Continue reading →