Information Security News
by Robert Lemos
A professional espionage group has targeted a variety of Eastern European governments and security organizations with attacks aimed at stealing political and state secrets, security firm FireEye stated in a report released on Tuesday.
The group, dubbed APT28 by the company, has targeted high level officials in Eastern European countries such as Georgia, and security organizations such as the North Atlantic Treaty Organization (NATO). While Russian and Ukrainian cybercriminal groups are known to conduct massive campaigns aimed at stealing money and financial information, APT28 focuses solely on political information and state secrets, according to FireEye.
The report argues that the group is closely tied to Russia and likely part of Moscow’s intelligence apparatus.
SANS Institute Offers a MacBook Air or $800 Discount to InfoSec Professionals
Virtual-Strategy Magazine (press release)
BETHESDA, Md., Oct. 28, 2014 /PRNewswire-USNewswire/ -- SANS Online Training announces a special opportunity to receive a new MacBook Air laptop, a Toshiba Portege Z30 laptop, or an $800 discount on online courses with SANS' top-rated cyber ...
by Sean Gallagher
Welcome to Ars UNITE, our week-long virtual conference on the ways that innovation brings unusual pairings together. Today, a look at how everyone involved with the modern cloud is looking to improve its security. Join us this afternoon for a live discussion on the topic with article author Sean Gallagher and his expert guests; your comments and questions are welcome.
When the technology industry embraced “cloud computing” and made it part of our daily lives, we all made a Faustian bargain. They gave us a way to break free from the expense of owning all the hardware, making computing and storage capacity dirt cheap and available on demand. On the other side, we promised not to worry too much about the fine print.
“In the 2000s we had this wild cloud party,” said Peter Eckersley, technology projects director at the Electronic Frontier Foundation. “That party ended—Edward Snowden crashed that party. And we’ve woken up with a massive privacy and security hangover that companies are now trying to shake.”
I will never forget the name of my first server - Rachel. I was very proud to be the person whose job it was to defend Rachel from all types of disruption. To this day I still remember each IP address, user account, service account and application. When patches were installed, I manually verified they had been applied successfully. I diligently reviewed the logs and configured full auditing to let me know the success and failure of just about everything.">I have administered many servers since Rachel, but do not remember as much about them as I do about my first love. Consider this an invitation to fall back in love withyour">How can you do this? The act of actively measuring how well you manage, secure and maintain your severs can very well be the catalyst you need to return back toyourfirst love. Consider creating and sending yourself a daily report that clearly shows its current security posture. What are good candidates for this report? I am glad you asked, Some of my favorites include the following.">Mean time to identify a new service running (or not running anymore)
are certainly many metrics you could track. Pick a few and diligently check themevery day for the next month. Youll be glad you did!">Feel free to use our comment page to let us know what you are doing to remember your first love.
">@russelleubanks(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continuing our theme of False Positives this month, Id like to talk about the process of managing false positives we encounter in the course of analysis. False positives will almost always show at some point during a security analysis, which leads to unwanted additional work on the part of either the sysadmins, security teams, or both. Even worse, continued false positives can lead to complacency during analysis, where things are assumed">">Managing false positives in our testing and analysis is part of the overall security process, which can be used to identify and eliminate false positives. ">-Ports, Protocols, and Services baseline (need to know what we have on the wire, and where it">">An ideal scenario in an operating environment may run something like this: A Continuous Monitoring program alerts that a vulnerability exists on a host. A review of the configuration of the host shows that the vulnerability does not exist, and a verification can be made from the traffic logs which reveal that no traffic associated with the vulnerability has transited the wire. The Continuous Monitoring application should be updated to reflect that the specific vulnerability reported on that specific host is a false positive, and should be flagged accordingly in future monitoring. The network monitoring would *not* be updated, because it did not flag a false positive, leaving the defense-in-depth approach in tact.">">Now, this is *ideal*, and a very high level, but it hopefully gives some ideas on how false positives could be managed within the enterprise, and the processes that contribute. We would really like to hear how false positives are managed in other enterprise environments, so let us know. :)
tony d0t carothers --gmail(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
6 tips for effective security tabletop testing
The tabletop exercise is the opportunity to demonstrate the purpose and value of our InfoSec program.” Make sure the participants know the ground rules of the exercise. “Communicate what is in scope for the exercise and out of scope,” says Elayne ...
Explaining infosec magic to kids
Help Net Security
After talking with my InfoSec peers, I believe many of us often feel that our kids don't truly know what Mom or Dad does on the job because we find it difficult to explain our work to most adults, sometimes even our bosses. Or we think that our kids ...
Shipping Secure Software: Strategy and Tactics for Infosec Managers ...
To watch this webinar you'll need an Infosecurity Magazine account. Log in or sign up for your's below. Log In. Email Address. Password Forgotten your password? Or. Sign Up. Get up-to-the-minute news and opinions, plus access to a wide assortment of ...
SC Magazine UK
8 in 10 infosec pros think perimeter security can combat APTs
SC Magazine UK
A new survey from Lieberman Software reveals that almost eight in ten IT security professionals believe that perimeter security technologies like firewalls and anti-malware solutions are sufficient in defending against advanced persistent threats (APTs ...
Posted by InfoSec News on Oct 27Forwarded from: William Knowles <wk (at) infosecnews.org>
Posted by InfoSec News on Oct 27http://arstechnica.com/tech-policy/2014/10/feds-examining-medical-devices-for-fatal-cybersecurity-flaws/
Posted by InfoSec News on Oct 27http://www.nytimes.com/2014/10/22/world/student-spins-double-life-among-spanish-elite.html