CVE-2015-0235: A GHOST in the Machine

ghost-170Nick BiasiniEarl Carter, Alex Chiu and Jaeson Schultz from the cisco security research team posted about the real impact of the recent announced ghost vulnerability found by Qualys. It seems to not be as scary as the market is advertising. The original post can be found HERE.

On Tuesday January 27, 2015, security researchers from Qualys published information concerning a 0-day vulnerability in the GNU C library. The vulnerability, known as “GHOST” (a.k.a. CVE-2015-0235), is a buffer overflow in the __nss_hostname_digits_dots() function. As a proof-of-concept, Qualys has detailed a remote exploit for the Exim mail server that bypasses all existing protections, and results in arbitrary command execution. Qualys intends to release the exploit as a Metasploit module. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco 2015 Annual Security Report

Cisco ASR2015Cisco just released its Annual Security Report for 2015. You can download this report for free HERE. The Cisco 2015 Annual Security Report, which presents the research, insights, and perspectives provided by Cisco Security Research and other security experts within Cisco, explores the ongoing race between attackers and defenders, and how users are becoming ever weaker links in the security chain. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

njRAT Malware – remote control malware

njRAT_goedist

My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.

Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.

One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Why Migrate From Cisco NAC Appliance To ISE?

why1I have received the question why should I migrate from NAC appliance to Identity Services Engine (ISE)?” a handful of times. This post will provide some reasons why you should consider migrating over. Regarding how to migrate and what discounts you could receive by migrating, see this post that covers these questions HERE.

Lets start off by looking at Cisco NAC and ISE.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Don’t Trust All Phone Calls: Phone Scams 2.0

phone-scammer

There are many methods criminals will use to steal money that fall outside of normal attack channels. I was having dinner with a buddy from work and heard one of the most outrageous social engineering attack methods he recently experienced. To summarize, he had attackers call his home phone and try to get him to install malicious software. He figured out they were full of it yet went along with the scam for 20 minutes to see where they would take things. This post will cover his experience and variations of this attack seen in the wild.

Lesson learned …. don’t trust somebody just because they called you. Make sure to tell your friends and family this message. If you do some Google research, you will find many non-technical people are being tricked by this form of attack. Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (3 votes cast)

Research Tool Featuring Live Attack Data From Norse

Norse2

Norse is a research group that leverages hundreds of honey pots placed all over the world to collect attack data. Their claim to fame is their research goes beyond the general internet targeting “dark intelligence” meaning parts of the darknet where the bad actors live. They offer a few products that can be placed on your network as well as SAS services that work with their threat intelligence to identify attacks against your network. You can find their main website HERE.

One cool free online tool they offer is a live mapping of attack data. That data can be found at http://map.ipviking.com/ or HERE. Below is a screenshot of this tool. Its a pretty cool concept. Check it out Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

When Does Cloud Make Sense For Security?

cloudsecurity1I see a lot of hesitation from administrators when having a conversation about cloud based security. People seem to be uneasy with the idea of having anything security related managed outside of their company walls. Some administrators express concerns that there is a potential weakness opening up a connection from their inside network to the cloud (even though it is encrypted) while others feel uneasy about having people outside their staff accessing equipment for maintenance or other purposes. I’ve also had the question “what happens if a client sharing a security device in the cloud gets compromised? Will that impact our business”? (I’ve never heard of this happening and there are hundreds of cloud offerings available today). These are just a few concerns that gives cloud based security a bad reputation before it is evaluated for its true potential.

Cloud Security should be looked at as a method of outsourcing security. Why would you want to do this? There are many benefits and for some situations such as locations spread across the world, cloud is the only feasible answer. Here are some of the top benefits of going cloud based security. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Enable SSH on Kali Linux

My buddy Aamir Lakhani wrote a good post on how to enable SSH on Kali Linux. He also has other tips for using Kali Linux found on his blog www.drchaos.com. Below is the post however you can find the original HERE

Kali Linux does not come with SSH enabled. SSH is the preferred method of remote management for most Linux based systems. Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)