Providing managed detection and response (MDR) services is tough in today’s world. Unless you are constantly investing in R&D and a dedicated workforce, attackers will continue to be ahead of us, the defenders. Yesterday’s solutions won’t detect tomorrow’s threats. The most popular cybersecurity solutions today, referred to as 3rd generation, were built as reactionary threat […]
Read more
On July 15th the FBI, in partnership with global contributors, released a decryptor for the Gandcrab ransomware. The decryptor for Gandcrab and can be downloaded at nomoreransom.org (we should also note that other more obscure ransomware have decryptors available on that site). The FBI Flash adds, “The collaborative efforts further identified the master decryption keys […]
Zero-day vulnerabilities (with their exploits) discovered and kept private by governments and their intelligence agencies are often some of the most powerful and dangerous vulnerabilities, especially when something that is meant to stay private is released to the public. Like EternalBlue before it, BlueKeep was a zero-day that the National Security Agency allegedly discovered and […]
Behavioral analytics are critical to successful security monitoring and detection. Quite simply, standard rule and signature based detection is wholly insufficient to detect today’s attacks. Unfortunately, when most organizations think about and implement behavioral analytics they only approach it through looking at human behaviors via user behavioral analytics (UBA). However, real security is better achieved […]
User Behavioral Analytics (UBA) baselines and analyzes the day-to-day behaviors of the users on our networks. Using Active Directory, Kerberos, Linux, Content Management or other user account based logging we have the data we need to model out the normal behaviors of all accounts on the network. UBA looks primarily (not exclusively) at three user […]
Today, a very unsophisticated phishing campaign targeted our company. In fact, there is nothing terribly exceptional about it, aside from the fact that about 25% of our employees received their own version of it and as I did a little research online, I saw many others received a similar email also. Despite the low sophistication […]
Web Application Firewalls (WAF) often produce millions of detected SQL Injection events each day. As security professionals we are obviously concerned about the success of such attacks, but struggle to sift through such high volumes of activity (see Image 1) that have a high prevalence of false positives. Here are a few ways you can […]
Across all industries smart devices are becoming the norm. This is increasing opportunity for hackers to steal data, make money, and wreak havoc. Among the most useful, yet dangerous, of these smart Internet of Things devices are medical device implants. Such implants ensure hearts keep beating at the right rhythm, sugar levels are balanced in […]
Every day our networks are scanned by hundreds, even thousands, of bots, crawlers, scrapers, search engines, and other services. While most of these scans are innocuous, some are conducted by malicious bots or bad actors seeking to find systems they can exploit. Considering the amount of noise scans create and the fact that they very […]
Google’s Threat Analysis Group discovered in late February a zero-day vulnerability (CVE-2019-5786) that exists in Google Chrome. There are reports that there is an exploit that currently exists in the wild. It is critical that all instances of Google Chrome are updated to the latest version that was released at the beginning of March 2019. […]
