Smarter Cybersecurity

As we wrap up 2018 and move into 2019, it is valuable to take a look back and review the lessons learned from the breaches, evolutions, and developments in cybersecurity. We will be coming out with our 2018 year-in-review and 2019 outlook soon, however, we thought we would give you a bit of a preview […]

Read more

Last week Marriott International breach resulted in over 500 Million compromised records. These records contained personal and private information of individuals across the globe as well as corporate information.  Undoubtedly, those of us who had their information stolen should expect phishing messages designed to steal more information or compromise your computers.  So it is important […]

Read more

This morning news publications across the country reported that Marriott International, the largest hotel chain in the world, suffered a massive data breach affecting over 500 million customers. It is highly likely that this breach impacted your organization or your employees.  It appears that hackers breached the Starwood International reservations site and the breach was […]

Read more

Identifying and choosing a managed security service provider (MSSP) can be time consuming and difficult.  At their core many are very similar, but how do you narrow down your selection and find the one that is right for you and your organization? Among the myriad of criteria you should evaluate, here are five key questions […]

Read more

Traditionally, security operations have been largely driven by known indicators and rules that generate alerts, looking for attacks occurring within a pre-set correlation time window.  Security Analysts continue today to grapple with accurate identification and correlation of attacker activity over time. Risk Weighted Event Score Threshold (RWEST) is the most popular correlation algorithm that performs […]

Read more

Ransomware has consistently been one of the most prolific, destructive, and concerning cyber threats of the last many years. We have seen cities brought to their knees by SamSam, a global rapid outbreak of WannaCry, and even destructive malware masqueraded as ransomware in NotPetya. Ransomware, it may seem, has no plans to go away anytime […]

Read more

Vulnerability data comes in two flavors – scan data generated from vulnerability scanning and vulnerability disclosures from vendors. Both data sets are highly valuable in threat analysis and security operations as they direct us and focus us to look for specific threats that are highly relevant to the enterprise. Vulnerability Scanning Data When a vulnerability […]

Read more

Far too often information security is treated like a necessary evil. Infosec does not generate revenue, there is no guarantee that a major breach will occur, and it costs a lot of money.  We often observe that frequently companies do not take information security seriously until after a breach has already occurred. When executives and […]

Read more

Supply infiltration and exploitation by hackers was brought, yet again, to the forefront this week as Bloomberg reported that China successfully compromised nearly 30 companies through a supply chain attack that has been ongoing since at least 2015.  This is the 2nd major attack in as many years – the first being the NotPetya attack […]

Read more

The latest version of Advanced Threat & Log Analysis Service (ThreatWatch) Version 5.02 is now available to all customers. “Customer feedback continues to be a big factor in our product development”, according to Peter Bybee, CEO of Security On-Demand. “Many of the new enhancements were driven by customer input around supporting custom reports, improved threat […]

Read more

Security researchers at Trend Micro discovered a zero-day vulnerability within the Joint Engine Technology (JET) Database Engine. The vulnerability could permit an attacker to remotely execute malicious code on any vulnerable Windows computer. The Zero-Day Initiative (ZDI) disclosed the vulnerability to Microsoft in May of this year, but Microsoft failed to provide a patch for […]

Read more

Security researchers at Palo Alto Networks discovered a new malware that targets both Windows and Linux devices and incorporates various attack methods such as Ransomware, Destruction, Cryptocurrency mining, and botnet. XBash treats Linux and Windows system differently.  On Linux it operates as a ransomware and botnet.  It is questionable if calling the functionality a ransomware; […]

Read more

DNS is a critical protocol for the success of security operations. It contains valuable indicators that identify malicious activity such as malware command and control, data exfiltration points, crypto-jacking, ransomware, and Trojans/rootkits.  As data analytics, machine learning, and data processing power continues to improve, the value of DNS continues increase despite the fact it is […]

Read more

We had a number of Security On-Demand teammates attend “Hacker Summer Camp”, otherwise known as DEFCON. In an effort to help share what they learned, we are going to post a series of short articles highlighting their interests.  These topics do not always necessarily align with Security On-Demand’s primary business offerings, however they are very […]

Read more

Security On-Demand just launched their latest exceptional service – ThreatWatch Hunt.  This service provides customers an additional layer of security through a pro-active automated hunt across the network seeking to identify threats – both active and dormant – that may have made it through the network defenses. It does this through an agentless scan of […]

Read more

We had a number of Security On-Demand teammates attend “Hacker Summer Camp”, otherwise known as DEFCON. In an effort to help share what they learned, we are going to post a series of short articles highlighting their interests.  These topics do not always necessarily align with Security On-Demand’s primary business offerings, however they are very […]

Read more

Last week we had a number of Security On-Demand teammates attend “Hacker Summer Camp”, otherwise known as DEFCON. In an effort to help share what they learned, we are going to post a series of short articles highlighting their interests.  These topics do not always necessarily align with Security On-Demand’s primary business offerings, however they […]

Read more

Xiaoqing Zheng, an engineer working for GE in Albany, was arrested and charged by the FBI for stealing around 20,000 files and providing them to the Chinese government. Interestingly, Zheng used steganography – hiding data in images – to remove the data off of GE’s network.  The accused has been charged, but not convicted. Zheng […]

Read more

A new cryptomining malware, unofficially titled ZombieBoy, is active and exploiting numerous vulnerabilities in an effort to increase the likelihood of infection.  Similar to WannaCry, it exploits CVE-2017-0143 and CVE-2017-0146, DoublePulsar and EternalBlue respectively.  These two exploits look for open SMB (445) ports and exploits those that are unpatched.  It also exploits CVE-2017-9073, which is […]

Read more

How do you know if you are hacked?  That is one of the first five questions I ask when consulting a CISO or discussing Security On-Demand services with clients and customers.  It’s a simple but important question that is much harder to answer than you might expect, especially if you have a young or immature […]

Read more

It has been nearly 3-months since GDPR went into effect.  In some ways the impact has been notable for everyone as we have all seen a ton of “privacy policy” notifications to agree to.  What may not be as noticeable is its impact on Security Operations Manange Service Providers.  These businesses are designed to aggregate […]

Read more

If 2017 was the year of Ransomware, 2018 may well be known as the year of Cryptocurrency Miners.  Crypto mining in and of itself is neither malicious nor a security event. However, the same tools and domains that any random individual may use to legitimately mine their own crypto are also being used by botnets […]

Read more

Phishing is one of the most effective ways for hackers to breach a network, steal personal data, or conduct identity theft.  One would think that after so many years of phishing and spam emails coming at us and all the ways in which companies are training their staff on how to identify phishing that phishing […]

Read more

Insider threats continue to be the most dangerous threat to any organization.  They are threats to internal data and intellectual property, network performance and security, and even the health and safety of the workforce.  The veracity of this threat is exemplified by the FBI charging Joshua Schulte, a CIA engineer, as the individual behind the […]

Read more

This morning US-CERT published a malware analysis report on a North Korean trojan they call “TYPEFRAME”.  The report contains 11 malware samples that targeted Windows machines using executables and a macro-enabled Microsoft Word document.  TYPEFRAME appears to have much of the expected functionality of an Advanced Persistent Threat type malware; including connecting to C2 nodes […]

Read more

A new malware called VPNFilter has been quietly permeating across the internet and has compromised over 500,000 home and business networking devices across the globe. This malware has similar features to the old BlackEnergy botnet that was suspected to be tied to Russian state hacking and was used to launch attacks on global critical infrastructure […]

Read more

Blaze’s security blog recently reported that Satan ransomware added the EternalBlue exploit to improve the ransomware’s propagation. You may remember that a year ago (May 2017) the WannaCry ransomware outbreak was the first to use EternalBlue and it successfully compromised hundreds of thousands of computer systems in a matter of hours across the globe.  Since […]

Read more

We are excited to announce that our latest version of Advanced Threat & Log Analysis Service (ThreatWatch) Version 5.01 is now available to all customers. Version 5.01 has several important enhancements that are summarized below.  “Customer feedback continues to be a big factor in our product development”, according to Peter Bybee, CEO of Security On-Demand. […]

Read more

The Internet of Things is an exciting and innovative technological evolution that is changing the way we live, do business, and interact.  The IOT provides improvements in efficiency, convenience, and overall business processes.  Such technological advancements are welcomed and ought to be embraced.  However, from a cybersecurity standpoint, the IOT causes more problems and challenges […]

Read more

Security On-Demand’s CEO, Peter Bybee, and Director of the Threat Reconnaissance Unit, Steven Bay, sat down for RSA TV for a chat about how to prepare for the worst day of your career.  Steven was Edward Snowden’s boss at the time that Snowden fled the country to Hong Kong with millions of Top Secret NSA […]

Read more

Oracle issued a critical patch update this week  which provided 254 security fixes, including patches for the Spectre  (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754)  vulnerabilities.   These fixes apply across much of the Oracle product family.  A complete list of products this update applies to is listed in the Oracle advisory. It is recommended that organizations […]

Read more

USCert issued a joint Technical Alert informing the public of widespread attacks by Russian state-sponsored actors against network infrastructure devices. Targets are not limited to any one sector as the hackers both look for targets of opportunities as well as specifically targeting particular organizations (none are specifically identified however). The Russian actors are compromising routers […]

Read more

Florida officials disclosed a possible breach of medical files that contained personal identifiable information (PII). The state’s Agency for Health Care Administration stated in a press release that an employee “was the victim to a malicious phishing email” on November 15, 2017. This breach has the potential of exposing up to 30,000 records. Initial findings […]

Read more

Security researchers discovered that there are security bugs in the kernel of nearly every computer system that is capable of being exposed and exploited referred to Meltdown and Spectre. Outside of the software residing on a computer, the problem resides on the CPU itself. As an article published by TechCrunch.com explains: In modern architectures, there […]

Read more

Security researchers at the Kromtech Security Center, providers of MacKeeper and PCKeeper Anti-virus services, reportedly discovered that unidentified hackers obtained the personal information of 19+ million California voters. It is currently unknown if the data was obtained via an intrusion into the California state information systems. Nevertheless, the Secretary of State’s Office – responsible for […]

Read more

**To our Customers – If you have not received a critical notification from us, then we have not detected any Bad Rabbit activity in your monitored computing environment.**   Likelihood (SOD Customers): LOW It looks as though Bad Rabbit (an almost NotPetya clone) is another targeted attack against Russian and Ukrainian entities with broader, unintended infection vectors outside their […]

Read more

What’s the Story? Yesterday, Equifax announced it suffered a massive data breach that may have resulted in the personal data of up to 143 million people being compromised by currently unidentified hackers. The compromised data reportedly includes full names, birth dates, social security numbers, addresses, and, in some cases, driver’s license numbers.  It is currently […]

Read more

Attending DEF CON 25 is an annual rite of passage for many members of the Security On-Demand SOC. It presents a unique opportunity to hone network hunting and cybersecurity skills, learn about the latest and greatest threats and exploits being developed today, and network with other like-minded cybersecurity professionals.  Our SOC Team came back energized. Right […]

Read more

U.S. Cert released an alert providing technical details of the HIDDEN COBRA hacking group. HIDDEN COBRA (AKA Lazarus Group or Guardians of Peace) are allegedly tied to the North Korean government and have constructed a large botnet and intrusion infrastructure.

Read more

Leaks, After Leaks, After Leaks Recently there has been a rash of leaks from inside the two major U.S. intelligence agencies, the CIA and the NSA.  In the case of the CIA, WikiLeaks, via Vault7, released a slew of hacking tools that the CIA “lost control” of. Similarly, the group Shadowbrokers came into the possession […]

Read more

UPDATE: WCry Ransomware 20170515:1841 Summary Security-on-Demand continues to heavily monitor for and alert on any WanaCrypt 2.0 (WCry) Ransomware activity. The WanaCrypt malware continues to garner heavy attention and be a concern for organizations across the world. While it continues to be a threat, much of the spread appears to have been contained as security […]

Read more

Threat Flash Alert WCry Ransomware Worming Across Globe 20170512:2138 Summary Wanacrypt 2.0 (WCry) Ransomware has been propagating across the globe infecting over 45000 devices. The ransomware takes advantage of a Microsoft SMB vulnerability that is patched via bulletin MS17-010 Upon infection, computers receive a popup message informing the victim that their files have been encrypted […]

Read more

Behavioral Analytics is a term being tossed around the cybersecurity world in the last couple of years. So what are they? Well, traditionally, Behavioral Analytics are analytics that businesses use that focus on consumer trends, patterns, and activities.  Humans are typically creatures of habit and our use of the Internet is no different.  Through developing […]

Read more

Unfortunately ransomware works. This has been known by information security practitioners (and cyber-criminals) for a while now, but the recent public announcements of ransomware payoffs has let the cat out of the bag.

Read more

Security is complex and ever-changing. It takes months and even years to gain understand, experience and context. Certifications are an easy shorthand to collapse large bodies of knowledge and testing into simple acronyms that are understood by non-security practitioners.

Read more

Recent security news has been abuzz with stories about how easy it is to install credit card skimmers on PIN Pads. This is a particularly challenging area where physical security meets cybersecurity. In a video last week, we saw a man install a skimmer in 3 seconds. Now, imagine a busy store where the employees […]

Read more

The air was electric as hundreds of the most visionary CEOs in the information security industry descended upon the12th Annual West Coast Information Security & Broader Technology Growth Conference (called “AGC” by those in the know). This two-day innovation soiree is a veritable who’s who in the industry.  This is a high voltage meeting of […]

Read more

We work every day to manage risk and ensure the security of our organizations. We strive to create an environment where business can be transacted seamlessly, conveniently and securely. We are charged with enabling business to continue while accomplishing our ultimate responsibility of protecting the business.  The threats coming at us are complex, advanced and […]

Read more

Identity theft, credit card fraud have become hallmarks of the times. Consumers provide personal data to scores of entities from retailers to healthcare providers and even the government. But,  we expect these entities to do everything they can to keep our data safe. The  I.R.S. data breach in early 2015 brings forward a new and […]

Read more

Users of LastPass, an online password manager, learned on Monday that the service had been hacked and their email addresses and password reminders were compromised. Almost every site has a TOU (terms of use) that specify that passwords cannot be shared and recommend that users create a unique and strong password for every their site. […]

Read more

We have long accepted that compliance does not equal security. While the US has several public and private laws and governances covering almost every industry from healthcare to your local eatery to protect both consumers and businesses, is it enough? Europe has long been known to have stronger standards in many areas. They have policies in […]

Read more

A recent report has found that banks are ranked 79% higher in customer trust than 7 other industries in terms of protection of their personal data (Accenture, 2015). While this is a positive note to banks, this does not in any way mean that all financial institutions are safe from cyber-attacks. What are organizations in […]

Read more

Everyone knows that anti- malware software is required, but can present certain challenges. It gets in the way of installing other software and it is always asking you to make sure that your network is up to date. But what does it really do for your company? After all, you have it on every device […]

Read more

The Health Care industry has entered the information security spotlight. In February, Anthem, the second largest health care insurer in the country, notified customers of a breach of their computer systems that potentially affects more people than the Target breach in 2014 or the Home Depot breach of 2014. This follows on the heels of […]

Read more

It is generally accepted in the information security community that a good way to identify threats is to look for “anomalous behavior”. That’s all well and good, but we have recently discovered that seemingly normal behavior has led to successful security breaches and massive data loss for many companies out there. How do you know […]

Read more

Everyone is talking about the most recent “Sony Hack”.  In fact, you’re probably tired of hearing about it. But, here are some key takeaways to talk to your clients about:  Growing Complexity Hacks are getting more sophisticated and purpose-driven all the time.  Our security approach needs to be equally purpose-driven and must include prevention, detection […]

Read more
Contact Us

We're threat hunting! Send us a quick email here and we will get back to you asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search