Motherboard posted a very interesting article on the person behind the breach of Hacking Team. Many people heard about Hacking Team being hacked however until now, there wasn’t any explanation of who, how or why it was done. The original post can be found HERE.
Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it. Continue reading →
In the past, I wrote how to build a Lancope Stealthwatch lab found HERE. Since then, Cisco has acquired Lancope and many changes have been made including major improvements to the web GUI. I decided to delete my old lab and build a new one based on the latest 6.7.1 code. This post will cover how to install and configure a Lancope Stealthwatch lab made up of a Manager, Collector and Sensor. Continue reading →
Cisco’s research group Talos posted a detailed article on the history and current state of Ransomware HERE. They provided some best practices to protect your organization from being compromised. It is a bit of a long read but worth spending the time to check out.
The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we’re seeing ransomware evolve at an alarming rate. Continue reading →
The Kernel posted a fantastic article on how to create a new digital identity. The original post can be found HERE. You may think it is as simple as creating a new email or social media account however there are many ways to be tracked. This post goes into those details. Continue reading →
I was invited as a guest speakers on Dr. Chaos’s Security Podcast focused on the topic of Exploit Kits. For those unfamiliar with exploit kits, I posted a Exploit Kits 101 article HERE. In summary, exploit kits are tools attackers use to compromise and control systems. They are used to distribute malware such as remote access toolkits (RATs) and Ransomware. Below is a link to the youtube recording of the podcast. You can also find it on drchaos.com HERE. Continue reading →
This blog post will cover how to upgrade a virtualized FirePOWER manager from 188.8.131.52 to 6.0.1, ASA5512X running 184.108.40.206 centrally managed to 6.0.1 and 5506X not centrally managed from 220.127.116.11 to 6.0.1. I will also show how to install both the unified and non unified versions of 6.01. Let me explain what that means. Continue reading →
MedStar has been hacked and it looks really ugly. You can find healthcare informatics’s story below as well as HERE. The Baltimore post examiner also posted about it HERE. News reports confirmed a cyber-attack on the 10-hospital MedStar Health system that had disabled the organization’s EHR. Continue reading →
Cisco Talos posted a great article on a new variant of ransomware targeting healthcare. The original post can be found HERE.
Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom. A particular focus appears to have been placed on the healthcare industry. Continue reading →