The Effects of #OpUSA
In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In […]
Shedding More Light on MDM
Starting with a primer on MDM, Networking 101: MDM, Jimmy Ray answers the questions on what is MDM and what can it do for my organization in his entertaining and educational white board approach.
Watering Hole Attacks an Attractive Alternative to Spear Phishing
“Watering Hole” attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a “Watering Hole” attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly. Eventually, someone from […]
Security Logging in an Enterprise, Part 2 of 2
We first logged IDS, some syslog from some UNIX hosts, and firewall logs (circa 1999). We went from there to dropping firewall logging as it introduced some overhead and we didn’t have any really good uses for it. (We still don’t.) Where did we go next?
Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities
Update 2 5/9/2013: Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately. Update 5/6/2013: An […]
Security Logging in an Enterprise, Part 1 of 2
Logging is probably both one of the most useful and least used of all security forensic capabilities. In large enterprises many security teams rely on their IT counterparts to do the logging and then turn to the IT logging infra when they need log information. That in itself isn’t bad; however, the needs/requirements for IT may not be a 100% fit for a CIRT. Read on to find out how we handled it.
STOPhausDDoS: Suspect in Custody
Back in March, Seth Hanford wrote about a distributed denial of service (DDoS) attack aimed at the SpamHaus organization. Since then, there have been some new developments in the aftermath of the DDoS attack, most notably the arrest of the attackers’ spokesperson, Sven Olaf Kamphuis. Update On April 26, Kamphuis, STOPhaus activist and possibly the person […]
Coordinated Attacks Against the U.S. Government and Banking Infrastructure
Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to […]
Last Friday (April 26), ESET and Sucuri simultaneously blogged about the discovery of Linux/CDorked, a backdoor impacting Apache servers running cPanel. Since that announcement, there has been some confusion surrounding the exact nature of these attacks. Rather than reinvent the analysis that has already been done, this blog post is intended to clear up some of the confusion. When did Linux/CDorked […]