(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I have recently started looking at the MITRE 10 strategies for a SOC (hxxps://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf). Strategy one in their doc is to consolidate the following under one management team: Tier 1 Analysis, Tier 2+, Trending Intel, SOC System admin and SOC Engineering. This makes a lot of sense. But what do you do when you don">">My group has individuals assigned responsibilities to different products for patching, maintenance ">One strategy is to have the tier 2+ group alternate between weeks for engineering/maintenance. This will force them to better plan upgrades within that window or work on other assignments. ">">Long term plans should include additional positions that can be assigned the maintenance and engineering of systems What are other strategies being used by groups that maintain their systems, but without a dedicated resource to it? Please leave comments..


Tom Webb

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Baltimore's Union Memorial Hospital is one of the latest victims of ransomware disruptions. (credit: MedStar Health)

Hospitals and healthcare providers are increasingly falling victim to crypto-ransomware attacks. While attacks over the past few months have not been highly targeted thus far, they have caused a great deal of disruption. And disruptions at hospitals can have a much more dire impact than at most other organizations vulnerable to malware-based extortion.

This past week, that point was brought home again when multiple US hospitals acknowledged that they had been forced to take systems offline in response to crypto-ransomware infestations. And on Wednesday, security researchers at Cisco Talos Research revealed a new strain of crypto-ransomware designed to attack vulnerable servers that appeared to be primarily focused on targets in the healthcare industry.

The latest disruption came on Monday, when Columbia, Maryland based MedStar Health reported malware had caused a shutdown of some systems at its hospitals in Baltimore.

Read 13 remaining paragraphs | Comments


The Register

DNS root server attack was not aimed at root servers – infosec bods
The Register
There is no mention in the report of claims that the DDoS attack stemmed from a smartphone app reportedly used by the Islamic State to spread news and propaganda (the ISIS Amaq News Agency app). McAfee claimed in response to earlier information from ...


TechTarget (blog)

What happens if FBI-Apple case goes back to court?
TechTarget (blog)
“They'll have to find ways around those challenges to manage risk — and that's going to be hard,” he said. Consumers of that software, like Equinix, would be affected, too, Do said. Encrypted security tools may no longer be the go-to software for ...

and more »

A file with with extension .vbe is an encoded Visual Basic Script file. I" />

You can find my YARA rule here.

Didier Stevens
SANS ISC Handler
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
IT Security consultant at Contraste Europe.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
[security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information
[SECURITY] [DSA 3534-1] dhcpcd security update
Coplanar waveguide, designed at NIST, used to apply microwave magnetic fields to multilayer films for ferromagnetic resonance measurements.Imitation may be a form of flattery, but sometimes exact duplication is just common sense. That ...
For many years, when you swiped your credit card, your number would be stored on the card reader, making encryption difficult to implement. Now, after nearly a decade of collaboration with industry, a new computer security standard ...

Andrew "Weev" Auernheimer in 2012. Auernheimer told the New York Times he was behind a wave of racist print jobs that hit universities across the US. (credit: pinguino k)

Public networked printers at a number of universities were part of the target pool of a massive print job sent out by hacker and Internet troll Andrew "Weev" Auernheimer. At least seven universities were among those that printed out flyers laden with swastikas and a white-supremacist message.

Since Auernheimer merely sent printouts to the printers and didn't actually do anything to gain access to the printers that would fall into the realm of unauthorized access, it's unlikely that he will be prosecuted in any way. Auernheimer exploited the open nature of university networks to send print jobs to the networked printers, which in some cases were deliberately left open to the Internet to allow faculty and students to print documents remotely. These printers could easily be found with a network scan of public Internet addresses.

The New York Times reports that the flyers were printed at Princeton University, University of California-Berkeley, University of Massachusetts-Amherst, Brown University, Smith College, and Mount Holyoke College, as well as others. Auernheimer took credit for the printouts in an interview with the Times, saying that he had not specifically targeted the universities but had sent the flyer print job to every publicly accessible printer in North America.

Read 4 remaining paragraphs | Comments

Fireware XTM Web UI - Open Redirect
[SECURITY] [DSA 3533-1] openvswitch security update
Internet Storm Center Infocon Status