You are viewing 'botnet'
In April, I wrote a blog about expanding the use of File Integrity Monitoring (FIM) with a focus on security, in addition to compliance. Now, I am doing a follow-up on this idea, diving into actual use cases where FIM can be leveraged to detect malicious files or code.
The goal of this is not to point to FIM as a stand-alone malware solution, but to outline that it has some untapped potential in this realm and can supplement traditional endpoint security solutions such as anti-virus or anti-malware applications.
There are a plethora of commercial and free FIM solutions available including Samhain, Tripwire and OSSEC. Due to cost and complexity, an enterprise-level file integrity monitoring solution may not always be an option for small to medium-sized businesses.
For the... read more >
Around the holidays, fellow Solutionary Minds blogger Rob Kraus and I like to have little fun with our blogs. Last year, we came up with “The Top Eight Holiday Songs of IT Security.”
This year, we’re sticking with the holiday song theme, but came up with our take on the holiday classic “12 Days of Christmas” called The MSSP 12 Days of Christmas.
On the first day of Christmas, a malicious actor gave to me Heartbleed exploit code.
On the second day of Christmas, a malicious actor gave to me 2 DOS attacks.
On the third day of Christmas, a malicious actor gave to me 3 pastebin dumps.
On the fourth day of Christmas, a malicious actor gave to me 4... read more >
Psst - the Answer is "Threat Intelligence Report"
What do these four items have in common?
- Shellshock and Son, Aftershock
- Malware Distribution Analysis
- Disassembled Perl Botnet
If you guessed that it is time for the Solutionary Security Engineering Research Team (SERT) Q3 '14 Threat Intelligence Report, then you have earned a piece of Halloween candy and not Charlie Brown's rock!
Trust me, reading threat intelligence reports is way better with a piece of candy. It also helps when the report is full of interesting and useful information (like this quarter's SERT report).
This quarter's analysis starts with a breakdown of Shellshock and Aftershock.
Shellshock is a 25-year-old vulnerability in the GNU Bash shell that affects nearly every instance of Unix, Linux and Mac OS X, and Aftershock... read more >
Russian Cybercrime Gang
Russian hackers, over a period of several years, have bought or compromised websites to amass 4.5 billion account records (usernames, passwords and email addresses), according to a recent report released from Hold Security. This is a total of about 1.2 billion unique entries. When you consider that there are something on the order of 3 billion total Internet users in the world, that means as many as 40% of all world-wide Internet users are directly affected by this compromise.
From available information, it appears that the Russian hackers bought or traded for site and account information, then built a prolonged process to locate and compromise websites that they could include in their botnet. Part of their process was to compromise website databases and steal any account credentials they could... read more >
Sometimes we feel like the IT world needs to have a standard issue wall plaque, poster, or something with two simple words on it: DON’T PANIC. As stated in the Douglas Adams classic, The Hitchhiker’s Guide to the Galaxy:In many of the more relaxed civilizations on the Outer Eastern Rim of the Galaxy, the Hitchhiker's Guide has already supplanted the great Encyclopedia Galactica as the standard repository of all knowledge and wisdom, for though it has many omissions and contains much that is apocryphal, or at least wildly inaccurate, it scores over the older, more pedestrian work in two important respects. First, it is slightly cheaper; and secondly it has the words DON'T PANIC inscribed in large friendly letters on its cover.