October is National Cybersecurity Awareness Month (NCSAM). That means that its time to think about securing ourselves and our families from the variety of cyberthreats waiting to get us and our data. It's time to think about complex passwords, anti-virus updates and spotting social engineering threats.
October is also the time for Oktoberfest (Oktoberfest this year is September 21- October 5). My husband and I were lucky enough to spend time in Munich to celebrate this year. The festivities weren't quite as exciting as NCSAM, but they came pretty close.
Just as craft beer is becoming more popular, so is cybersecurity. Cybersecurity is in the news. Resources are available to learn. People who were uneducated about cybersecurity before, are now starting to dabble. They now have a better idea of when they are being scammed (just like they are, hopefully, now starting to realize the difference between good and bad beer). The world is... read more >
Security Jobs, MSSPs and the Wisdom of Yoda
A long time ago, in a galaxy far far away… No. Wait. This is not a fairy tale or even a blog about the highly-anticipated new J.J. Abrams Star Wars: Episode VII movie. As much fun as that would be (as I’ve said before, I’m a bit of a Star Wars geek), this is still a blog about information security and an issue impacting many organizations – the information security talent crunch.
If this is not the blog you are looking for, I apologize.
Never Tell Me the Odds: Hiring and Retaining Security Talent
Hiring and retaining information security talent is a serious challenge. There are simply not enough experienced, qualified security practitioners to fill the demand. I was astonished at the number of vendors at a recent security conference with “We're Hiring” signs in their booths.... read more >
CVE-2014-6271, also know as “Shellshock” is getting quite a bit of attention, and rightfully so. In case you have missed it, we are talking about a CVSS score 10, critical remote code execution vulnerability present in almost every version of the GNU Bourne Again SHell (bash). Due to widespread acceptance, Shellshock puts most every flavor of Linux, Unix, Mac OS X and many Windows applications at the mercy of a powerful and easy to exploit vulnerability. For additional foundation information, refer to my initial blog Shellshock - Vulnerability in BaSH is a Big Deal.
In that blog, I stated that less than 24 hours after the vulnerability was announced, attackers had begun to leverage it. Solutionary continues to track, research, validate, and investigate the vulnerability and exploits associated with Shellshock.
Aside from monitoring for additional ways to detect and mitigate the overall threat, as well as... read more >
Vulnerability in BaSH is a Big Deal
Windows users rejoice!
There is a new major vulnerability that doesn’t directly target you. Unix, Linux and Mac users, however, aren’t so lucky this time around. Actually, pretty much ALL Unix, Linux and Mac users. I am talking about CVE-2014-6271.
This remote code execution vulnerability exists in almost every version of the GNU Bourne Again SHell (BaSH). When this was first announced, it didn’t have a cool, marketable name yet. Sure enough, the name Shellshock was coined by this morning. Who gets the job naming this stuff, anyway? Ice cream flavors, paint colors...
All kidding aside, this is actually extremely bad news. And yes, Windows users need to pay attention as well. There are plenty of Windows applications with BaSH included, such as Cygwin.
Shellshock is a... read more >
Online Intelligence Provides Critical Insights for Social Targets
In this blog we continue our journey down the yellow brick road of intelligence tradecraft, focusing on Open-Source Intelligence (OSINT) from a high-level perspective.
Here's the FBI definition of OSINT:
Open-Source Intelligence (OSINT) refers to a broad array of information and sources that are generally available, including information obtained from the media (newspapers, radio, television, etc.), professional and academic records (papers, conferences, professional associations, etc.), and public data (government reports, demographics, hearings, speeches, etc.).
This includes any form of web-based media (e.g., Twitter, Facebook, YouTube, RSS Feeds, Pastebin, etc.).
OSINT operations can prove to be quite an overwhelming situation for an... read more >
Top Ten Recommended Steps for an Incident Response
There may be an occasion when a governmental authority, or your own ISP, will contact your organization and state that one of your organization owned IPs is talking to known bad IPs.
Your first instinct is probably to stop the communication. Your second instinct may be to poke around the system(s) to figure out why there was communication to the bad IPs.
Although these are understandable steps, the poking actions could be altering artifacts that are critical to finding which and why these programs, services and processes are doing the communicating.
If your company does not have an incident response plan with a team or expertise to execute a plan, I highly recommend having at least one manager and one technical employee trained to properly gather, preserve, track and store forensic evidence.
These employees should be the very first contacted in the case of a possible ... read more >
Five Recommended Steps for Protecting your Data
When you are at home, how do you protect yourself from intruders?
You likely lock your doors. You probably arm your home alarm system. You may exercise your Second Amendment right and have a firearm handy.
How do you protect the sensitive information within your company from intruders?
You probably use anti-virus and anti-malware solutions. You may have a spam filter in place to block unwanted emails. And, more than likely, you have an Intrusion Prevention System (IPS) or Intrusion Detection System (IDS).
But how secure is your firewall?
In effect, your firewall is the gateway to your environment. Having poor firewall practices can be like leaving your front door open, or locking a screen door.
To minimize the threat from intruders, here are five recommendations to improve your... read more >