Information Security News
I have recently started looking at the MITRE 10 strategies for a SOC (hxxps://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf). Strategy one in their doc is to consolidate the following under one management team: Tier 1 Analysis, Tier 2+, Trending Intel, SOC System admin and SOC Engineering. This makes a lot of sense. But what do you do when you don">">My group has individuals assigned responsibilities to different products for patching, maintenance ">One strategy is to have the tier 2+ group alternate between weeks for engineering/maintenance. This will force them to better plan upgrades within that window or work on other assignments. ">">Long term plans should include additional positions that can be assigned the maintenance and engineering of systems What are other strategies being used by groups that maintain their systems, but without a dedicated resource to it? Please leave comments..
Tom Webb(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Hospitals and healthcare providers are increasingly falling victim to crypto-ransomware attacks. While attacks over the past few months have not been highly targeted thus far, they have caused a great deal of disruption. And disruptions at hospitals can have a much more dire impact than at most other organizations vulnerable to malware-based extortion.
This past week, that point was brought home again when multiple US hospitals acknowledged that they had been forced to take systems offline in response to crypto-ransomware infestations. And on Wednesday, security researchers at Cisco Talos Research revealed a new strain of crypto-ransomware designed to attack vulnerable servers that appeared to be primarily focused on targets in the healthcare industry.
The latest disruption came on Monday, when Columbia, Maryland based MedStar Health reported malware had caused a shutdown of some systems at its hospitals in Baltimore.
DNS root server attack was not aimed at root servers – infosec bods
There is no mention in the report of claims that the DDoS attack stemmed from a smartphone app reportedly used by the Islamic State to spread news and propaganda (the ISIS Amaq News Agency app). McAfee claimed in response to earlier information from ...
What happens if FBI-Apple case goes back to court?
“They'll have to find ways around those challenges to manage risk — and that's going to be hard,” he said. Consumers of that software, like Equinix, would be affected, too, Do said. Encrypted security tools may no longer be the go-to software for ...
A file with with extension .vbe is an encoded Visual Basic Script file. I" />
You can find my YARA rule here.
Public networked printers at a number of universities were part of the target pool of a massive print job sent out by hacker and Internet troll Andrew "Weev" Auernheimer. At least seven universities were among those that printed out flyers laden with swastikas and a white-supremacist message.
Since Auernheimer merely sent printouts to the printers and didn't actually do anything to gain access to the printers that would fall into the realm of unauthorized access, it's unlikely that he will be prosecuted in any way. Auernheimer exploited the open nature of university networks to send print jobs to the networked printers, which in some cases were deliberately left open to the Internet to allow faculty and students to print documents remotely. These printers could easily be found with a network scan of public Internet addresses.
The New York Times reports that the flyers were printed at Princeton University, University of California-Berkeley, University of Massachusetts-Amherst, Brown University, Smith College, and Mount Holyoke College, as well as others. Auernheimer took credit for the printouts in an interview with the Times, saying that he had not specifically targeted the universities but had sent the flyer print job to every publicly accessible printer in North America.