We are all privileged towork in the field of information security. We alsocarry the responsibility tokeep current in our chosenprofession.RegularlyI hear from fellow colleagues whowant to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several approaches that can be used to bridge this gapand willhopefullyinspire a self-investmentboththis weekend and beyond. None of these ideas cost anything more than time.
I decided to borrow an idea from an informal mentor, something I generally give them credit for, but not always. I decided to wake up early eachmorning with the intentto learn something new every day. Maybe the something is a new tool, anew linux distribution or taking an onlineclass. Having done this now for the last 7 years, I can say without hesitation or regret that it has been pivotal in making me a better me.I am convinced that applyingjust a little bit of incremental effort will serve you well as well.
Ideas to get you started:
  • SANS Webcastsand in particular theirArchive link
  • Serve as an informalmentor to a junior team member, while beingopen tolearn from them
  • Volunteer help out in a local informationsecurity group meeting
  • Read that book on your shelf that has a little more dust that you would like to admit
  • Subscribe toAdrian CrenshawsYouTube channel
  • Be intentional by creating a weekly appointment with your team in orderto learn something new over a brown bag lunch
  • Foster an environment that facilitates a culture of learning
Afterconsidering this topic for a long time, I want to askthis question -What are you doing to invest in yourself, particularly in ways that do not cost anything but your time? Please leave what works for you in our comments section below.
Russell Eubanks
SANS Instructor
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge (credit: Intel)

A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday.

As Ars reported Monday, the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it's usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer's mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access.

AMT, which is available with many vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface's digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all.

Read 8 remaining paragraphs | Comments

Microsoft Windows SMB Server CVE-2017-0146 Remote Code Execution Vulnerability
Microsoft Windows SMB Server CVE-2017-0148 Remote Code Execution Vulnerability
Microsoft Windows SMB Server CVE-2017-0147 Information Disclosure Vulnerability
Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability
CA20170504-01: Security Notice for CA Client Automation OS Installation Management

I read an interesting article in aBelgian IT magazine[1]. Every year, they organise a big survey to collect feelings from people working in the IT field (not only security). It is very broad and covers their salary, work environments, expectations, etc. For infosec people, one of the key points was that people wanted to attend moretrainings and conferences. The salary is not the key element. When I was visiting the Hack in the Box conference in Amsterdam a few weeks ago, there were flyers distributed to participate in an online survey about trainings infosec[2].

When I twitted[3] about the Belgian article, the author of this survey contacted me and told me that the results of his survey demonstrated that 76% of participantsare ready to search for a new position if they arent allowed to attend (enough) security conferences! This reminds me the joke of the CFO speaking to the CEO:

CFO: What happens if we train them and leave?
CEO: What happens if we dont and they stay?

We are working in a field where things are changing at light speed. We mustattend trainings, we must meet peers and share our experience! Have a nice weekend!

[1] http://www.datanews.be

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status