4 min
Ransomware
Wanna Decryptor (WNCRY) Ransomware Explained
Mark the date: May 12, 2017.
This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst —
literally — onto the scene with one of the initial targets being the British
National Health Service . According to
The Guardian: the “unprecedented attack… affected 12 countries and at least 16
NHS trusts in the UK, compromising IT systems that underpin patient safety.
Staff across the NHS were locked out of their computers and trusts had to divert
em
4 min
Public Policy
White House Cybersecurity Executive Order Summary
Yesterday President Trump issued an Executive Order on cybersecurity:
“Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure.”
The Executive Order (EO) appears broadly positive and well thought out, though
it is just the beginning of a long process and not a sea change in itself. The
EO directs agencies to come up with plans
1 min
Vulnerability Disclosure
On the lookout for Intel AMT CVE-2017-5689
We've had some inquiries about checks for CVE-2017-5689, a vulnerability
affecting Intel AMT devices. On May 5th, 2017, we released a potential
vulnerability check that can help identify assets that may be vulnerable. We
initially ran into issues with trying to determine the exact version of the
firmware remotely, and so a potential check was released so that you would still
be able to identify devices that may be impacted by this.
We didn't stop there though. As part of yesterday's Nexpose rel
4 min
InsightVM
Discovery of assets in Active Directory
Many security teams work in a world that they can't fully see, let alone
control. It can be difficult to know how to make meaningful progress in your
vulnerability management program
when simply
maintaining visibility can be a struggle. One way to get some leverage is to
make wise use of asset discovery
. If you are
able to tap into repositories or sources of assets, you
3 min
Simplifying Account Takeover Protection
Account takeover
(ATO) is difficult to prevent against because it can go unnoticed for years
until a customer notices something is amiss. It’s tedious and requires detailed
logging as well as flexible query ability to survey for it ‘by hand’.
Many consumer-facing companies try to create in-house solutions, but it can take
years to develop the tools to even do ‘machine assisted’ ATO detection. Even
the
4 min
Komand
The Real Cost of Manual Security Operations
More tools, processes, or people doesn’t always equal better security. In fact,
the more you have to manage, the costlier it can get. But as threats evolve,
technologies and processes change, and so too must security operations.
If your security operations are highly manual today, this post will help you
visualize what that is costing your organization, not just from a monetary
standpoint, but from an efficiency and speed perspective, too. We’ll start by
looking at the three major areas of secu
4 min
Penetration Testing
IoT Security Testing Methodology
By
Deral Heiland IoT - IoT Research Lead Rapid7
Nathan Sevier - Senior Consultant Rapid7
Chris Littlebury - Threat Assessment Manage Rapid7
End-to-end ecosystem methodology
When examining IoT technology, the actionable testing focus and methodology is
often applied solely to the embedded device. This is short sighted and
incomplete. An effective assessment methodology should consider the entire IoT
solution or as we refer to it, the IoT Product Ecosystem. Every interactive
component that makes
2 min
Microsoft
Patch Tuesday - May 2017
It's a relatively light month as far as Patch Tuesdays go, with Microsoft
issuing fixes for a total of seven vulnerabilities as part of their standard
update program. However, an eighth, highly critical vulnerability (CVE-2017-0290
) that had some of the security community buzzing over the weekend was also
addressed late
Monday evening. A flaw in the
4 min
Automation and Orchestration
ChatOps for Security Operations
Synopsis
Bots are tiny helpers that can be part of any applications and are well suited
for a large scale, repetitive and real time tasks. They enable highly qualified
security teams to focus on more productive tasks such as building, architecting
and deploying rather than get occupied with menial tasks. Additionally, they act
as sharing and learning tools for everyone in the organizations and provide
context for all conversations and collaborations.
Benefits of ChatOps for Security
ChatOps
2 min
Metasploit
Metasploit Weekly Wrapup
hdm recently provided a new exploit module for a type confusion vulnerability that exists in Ghostscript versions 9.21 and earlier, allowing remote code execution on the target.
7 min
Verizon DBIR
2017 Verizon Data Breach Report (DBIR): Key Takeaways
The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been
released (Updated here: https://www.verizon.com/business/resources/reports/dbir/
), once again providing a data-driven snapshot into what topped the cybercrime
charts in 2016. There are just under seventy-five information-rich pages to go
through, with topics ranging from distributed denial-of-service (DDoS)
to ransomware,
prompting us to spin a reprise ed
2 min
3 Simple Ways to Approach Content Security Policy
In the 2 previous posts about Content Security Policy, we talked about the main
reasons why you need to get started with CSP and the common problems that you
will run into. In this post, we will dive deeper into the 3 types of CSP
solutions.
Phased Approach
Because reports of violations can be overwhelming for both analysis and
performance reasons tCell recommends starting with the most critical directives
first (such as script-src and object-src which help prevent XSS) and a very
permissive s
5 min
Komand
Translating and Detecting Unicode Phishing Domains with Komand's Security Orchestration Platform
I don't know about you, but in the past few weeks, my news feed has been abuzz
with unicode domain names as phishing
URLs. The use of unicode
domain names is a version of a homograph attack applied using International
Domain Names (IDN).
The underlying problem is that it’s difficult to visually distinguish some
unicode characters from ASCII ones. Luckily, Chrome and Firefox have stopped
converting domain names
2 min
Komand
Asia Cybersecurity Event Calendar [Free Shared Google Calendar]
Cybersecurity events and conferences are ways for the infosec community to
connect and share their knowledge. We’ve provided an extensive calendar of
events for US cybersecurity events
,
and now we are pleased to present the latest and upcoming events in other
regions of the world. This time though, we’re taking it international with an
Asia cybersecurity events list and shared calendar!
The Asian continent is home to
11 min
Komand
A Privacy Stack for Protecting Your Data
Over the years, there have been a number of incidents that have raised my
security-guy neck hairs. Every time something crops up, I get a bit more worried
about where my data lives, and who is privy to it that I don’t know about.
Most recently, we have the dismantling of privacy rules that protect our
information from being wantonly sold off by our ISPs, even more in depth
searching at US borders, large scale sweeping up of people and associated
electronic devices at occurrences of civil unrest