Today there was an interesting VISA BlackPOS informational webinar today. What I got out of it is some more information to make sure and keep in mind these items when looking for Indicators of Compromise(IOC). VISA¹ has a great program to help small businesses protect themselves against cyber attacks There were a lot of good … Read more
If the theory says that Offense will always find a way into your environment (somehow) with a mistake or just better attacks then we must get better at developing Logs and react to attacks as fast as we can. This interesting and well thought out guide from Crest-approved.org¹ discusses what should be done in the … Read more
As we get ready for 2016 From the www.timessquarenyc.org/events/new-years-eve/sponsor-new-years-eve website (with additional Text “2016”). It will look similar to the image above – maybe a different font for the numbers. So before the new year is tomorrow and it is too late to make plans… How should one improve the cybersecurity situation at your company? Of … Read more
Reading the Oversitesentry 30 Security Analysis posts I was struck by the recurring theme of detection avoidance and obfuscation is the name of the criminal game. Specifically: Rapid7’s Blog post¹ on how attackers evade SIEM (Security Information event Manager) and the interesting post by Drops² about obfuscation by Windows programs that run in the 64bit … Read more
There was a presentation on the “Psychology of Security” which is a favorite topic of mine(past blogposts): http://oversitesentry.com/the-psychology-of-security/ http://oversitesentry.com/how-much-should-i-spend-on-cybersecurity/ http://oversitesentry.com/security-people-are-scaremongerers/ The topics in this slide from Stefan Schumacher presentation at BSides https://bsidesvienna.at/slides/2015/the_psychology_of_security.pdf Users Choose weak passwords. Users are not interested in Security Users don’t understand Security Programmers create Buffer overflows and forget safety regulations Admins … Read more
