Zero-day vulnerabilities (with their exploits) discovered and kept private by governments and their intelligence agencies are often some of the most powerful and dangerous vulnerabilities, especially when something that is meant to stay private is released to the public. Like EternalBlue before it, BlueKeep was a zero-day that the National Security Agency allegedly discovered and […]
Read more
Behavioral analytics are critical to successful security monitoring and detection. Quite simply, standard rule and signature based detection is wholly insufficient to detect today’s attacks. Unfortunately, when most organizations think about and implement behavioral analytics they only approach it through looking at human behaviors via user behavioral analytics (UBA). However, real security is better achieved […]
User Behavioral Analytics (UBA) baselines and analyzes the day-to-day behaviors of the users on our networks. Using Active Directory, Kerberos, Linux, Content Management or other user account based logging we have the data we need to model out the normal behaviors of all accounts on the network. UBA looks primarily (not exclusively) at three user […]
Today, a very unsophisticated phishing campaign targeted our company. In fact, there is nothing terribly exceptional about it, aside from the fact that about 25% of our employees received their own version of it and as I did a little research online, I saw many others received a similar email also. Despite the low sophistication […]
Web Application Firewalls (WAF) often produce millions of detected SQL Injection events each day. As security professionals we are obviously concerned about the success of such attacks, but struggle to sift through such high volumes of activity (see Image 1) that have a high prevalence of false positives. Here are a few ways you can […]
Across all industries smart devices are becoming the norm. This is increasing opportunity for hackers to steal data, make money, and wreak havoc. Among the most useful, yet dangerous, of these smart Internet of Things devices are medical device implants. Such implants ensure hearts keep beating at the right rhythm, sugar levels are balanced in […]
Every day our networks are scanned by hundreds, even thousands, of bots, crawlers, scrapers, search engines, and other services. While most of these scans are innocuous, some are conducted by malicious bots or bad actors seeking to find systems they can exploit. Considering the amount of noise scans create and the fact that they very […]
Google’s Threat Analysis Group discovered in late February a zero-day vulnerability (CVE-2019-5786) that exists in Google Chrome. There are reports that there is an exploit that currently exists in the wild. It is critical that all instances of Google Chrome are updated to the latest version that was released at the beginning of March 2019. […]
The Ryuk ransomware launched on the hacking scene with a bang in August 2018, netting the hackers behind it upwards of $640,000 in the first round of attacks. Since then Ryuk has continued to successfully exploit companies and organizations across the globe, resulting in over $3.6m in paid bitcoin ransoms according to Crowdstrike’s Global Threat […]
It seems like every day we hop on to the Internet, check out the news, and see a report about yet another company suffering a breach and losing control of their customers’ data. It is frustrating and can seem ridiculous that such breaches continue to occur. While breaches are frequent, fortunately, not every American has […]
