There is an interesting running discussion at reddit.com/netsec Started by Brian Krebs (the #2 site in Security News Analyzed) The question was ‘Why do you think organizations seem to prefer “learning these lessons the hard way”?’ And here is Brian’s answer { But in the end I think it comes down to a lack of … Read more
https://isc.sans.edu/ has a good post on how to do some rudimentary searches… Specifically https://isc.sans.edu/forums/diary/Botnets+spreading+Dridex+still+active/20295/ is the post. The image above is the same image from isc.sans.edu today post, notice how Brad Duncan searched for the Dridex malware with the hash mark, so if there is a suspected malware you are interested in researching that is a great … Read more
When do Wifi attacks Succeed? It depends on your setup Some basics: First of all, change your default admin password (since default admin passwords are on the Internet so that users can manage their WiFi Access points). New access points may look like this: and the support page shows how to access the WiFi … Read more
Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg wrote a paper (out of Boston University) http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf “Attacking the Networking Time Protocol” Apparently if your servers and clients (which all have NTP) have their time changed can affect various processes. To Attack … Change time by … TLS Certs … Read more
After seeing a good ISACA presentation today at the Renaissance in Saint Louis (near airport) http://www.isaca.org/chapters5/Saint-Louis/Pages/default.aspx by Josh Vander Veen with SpearTip Here are my notes: Sophistication of criminal attack is on the rise. Many small businesses have a false sense of security and say the following: I’m just a small company why would they … Read more