Splunk + Other YouTube Channels

splunkIntro1 Splunk + Other YouTube ChannelsCentralizing alerting from multiple devices and speeding up incident response are just some of the critical issues solved by investing in SIEM technology (more on choosing the best SIEM for your environment HERE).

There are many SIEM vendors however I continue to be impressed by what Splunk is doing in regards to their open source APPs developed by customers and Splunk engineering. I wrote a blog post HERE that showcases a Cisco management APP that can correlate events from various security products such as Cisco ISE, WSA, Firewalls, Sourcefire and so on. There isn’t a Cisco manager of managers so doing things like running a report on high level events against any security product for a particular IP address can only be accomplish by a SIEM solution.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication

PayPal Hacking Software Free Download 300x221 Duo Security Researchers Uncover Bypass of PayPal’s Two Factor Authentication

Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service (api.paypal.com) — an API used by PayPal’s official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

2014 Cisco Live Talk: Splunk Analytics and Cisco for Security and BYOD

Ciscolive1 2014 Cisco Live Talk: Splunk Analytics and Cisco for Security and BYOD

The Splunk and Cisco team delivered a great talk at this past Cisco Live event in San Francisco. The talk covered the value of integrating Splunk with Cisco Cloud and Managed Security services.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (3 votes cast)

Interview with Joseph Muniz Co-Author : SecurityOrb Podcast

SOInterview Interview with Joseph Muniz Co Author : SecurityOrb Podcast

Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.

For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Days After a Federal Seizure, Another Type of Ransomware Gains Ground

cryptolocker Days After a Federal Seizure, Another Type of Ransomware Gains Ground

Nicole Perlroth wrote a interesting post on the NewYorkTimes blog about a new type of Ransomware and Cisco’s view as it spreads in the wild. The original post can be found HERE

It has been mere days since federal agents seized control of computer networks used by hackers to infect victims with CryptoLocker, a piece of malware known as “ransomware,” which encrypts the contents of computing devices so hackers can demand a ransom to decrypt it. More on Ransomware such as CryptoLocker can be found HERE

Now security researchers are seeing an influx of another form of ransomware, called Cryptowall. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

First Heartbleed, Now A Man-In-The-Middle OpenSSL Encryption Toolkit Vulnerability!

ahh First Heartbleed, Now A Man In The Middle OpenSSL Encryption Toolkit Vulnerability!

Today the folks at openssl.org published a new vulnerability found in OpenSSL encryption. For those that are not aware, OpenSSL is found on approximately 66% of all websites found on the Internet.  You can find the official notice on this vulnerability HERE as well as details posted below. This time its a known bug and yet again, we are being told by the openssl team the remediation for this is to upgrade to the latest version of OpenSSL using the recently patches being released.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

F5 Networks Acquires Defense.net for DDoS defense offering

imgres1 F5 Networks Acquires Defense.net for DDoS defense offeringdefensenet F5 Networks Acquires Defense.net for DDoS defense offering

F5 just announced they are acquiring Defense.net. Distributed Denial of Service or DDoS is an attacks that attempts to make a server or a network resource unavailable to users (more on launching and preventing DoS and DDoS can be found HERE). Many sources such as the latest Verizon Breach Report as well as some of my customers are seeing a rise in this form of attack. Typically, DDoS / DoS attacks are volumetric meaning they are caused by a ton of systems targeting a specific server, which is hard to defend against. For this reason, the DDoS /DoS vendors are seeing an increase in Interest such as Arbor, Radware and now Defense.net. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Announces Intent to Acquire ThreatGRID

imgres Cisco Announces Intent to Acquire ThreatGRID

Cisco announced this morning they will be acquiring ThreatGRID. ThreatGRID combines advanced malware analysis with deep threat analytics and content that is used to defend attacks and prevent malware outbreaks. Cisco originally got into the security research market back in 2007 with the acquisition of IronPort, which included a security research division now known as the Security Intelligence Operations aka SIO. Cisco enhanced this research team with the recent acquisition of SourceFire that includes open source projects such as SNORT, ClamAV, etc. ThreatGRID will provide even more research and development around identifying advanced threats as well as compliment SourceFire’s malware detection component known as fireAMP. ThreatGRID’s appliances and cloud offerings should improve the overall security vision of preventing attacks before, during and after they happen.

Here is a summary of the announcement originally found HERE Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (4 votes cast)

Heartbleed bug infographic

The people at IDF Marketing created a infographic covering the recently announced Hearthbleed bug. You can find more on IDF Marketing HERE. Check out this overview including a list of popular sites with heartbleed vulnerability status.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)