When administrators think about identifying cyber breaches, many become hyper focused on analyzing files for malware (IE scanning hard drives with signature based technologies). What has been a more current trend, which has been linked to large scale attacks such as the Angler Exploit Kit is using fileless malware meaning not hitting the hard drive by staying in memory. An example is kovter malware covered in a blogpost by airbuscybersecurity HERE. Sean Metcalf did a fantastic presentation at the recent Bsides Baltimore event covered HERE. In the post below, I’m taking a post on journeyintoir that covers investigating fileless malware. The original post can be found HERE. All of these are good reads. Continue reading
For those have been following the various forms of Ransomware in the wild (more on exploit kits and ransomware HERE), TelsaCrypt was one that came out a while back. Cisco’s security team Talos created a decryption tool for a few variants of TelsaCrypt (found here) however later versions used a form of asymmetric encryption preventing decryption. Well it seems the people behind TelsaCrypt have moved on to bigger and worst things closing shop and posting the master decryption key. They even said SORRY! Bleepingcomputing posted about this. The original post can be found HERE. Funny thing is somebody asked for the master key and they said yes! Many of us found this shocking.
I have had requests to create videos of how to setup Cisco FirePOWER technology such as an ASA running FirePOWER. Blog posts that cover this can be found on this blog under the FirePOWER labs section. Below are a few videos that walk you through the setup process for FirePOWER 6.0.1. I will be adding a configuration one IE part 4 shortly. Continue reading
Thehackernews posted about Facebook’s capture the flag platform HERE.
Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices.
Capture the Flag hacking competitions are conducted at various cyber security events and conferences, including Def Con, in order to highlight the real-world exploits and cyber attacks. Continue reading
The Verizon Data Breach Investigations Report (DBIR) is one of the most popular referenced security research documents. I feel like every other presentation I see contains quotes and references however have you ever wondered how accurate the data is? The people at Trail of bits took a look at the DBIR’s data quality and found a ton of areas that need improvement. They opened the post with the statement “If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less”. Their original post can be found HERE. Continue reading
The FBI recently posted about increase in ransomware attacks seen on various organizations. You know its bad when the FBI has to officially call out that things are not good. The original post from the FBI website can be found HERE. They also provide some general recommendations such as patch management and limiting endpoint access rights.
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. Continue reading
Cisco’s research group Talos posted about their research on the Nuclear Exploit Kit HERE. They compare it to their research on Angler as well as break down the attack. Its a good read.
Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit kit and reveal details of the activity that were previously unknown. Now we have focused our attention on the Nuclear exploit kit with similar results. Continue reading