New to Alert response? Here is a nice little writeup on an approach to it:
I wrote up a new blog post on how I did the Lockbit KQL query:
I came up with a pretty simple KQL query to help with Lockbit Detection. This is based off the latest info from a Sentinel One Blog post. Feel free to share and if you have suggestions to make it better, feel free to let me know.
https://github.com/siliconshecky/KQL-Queries/blob/main/MDEH-Potential%20Lockbit%20detection
Who on earth would be trying to promote EC-Council University via comment spam on my website?
https://grahamcluley.com/ec-council-university-comment-spam/
The question on this, and it is a pretty nasty bug, is how common is LAM on the web?
https://portswigger.net/daily-swig/ldap-account-manager-bug-poses-unauthenticated-remote-code-execution-risk
We all know change is scary, but if your authentication method is weak, shouldn't you shore it up?
I guess these firms feel it costs less to pay for a breach than to fix the systems, or is it something else in the integration between back end systems?
https://www.infosecurity-magazine.com/news/financial-firms-authentication/
Anyone surprised? The game of cat and mouse continues...
https://www.theregister.com/2022/07/06/brc4_state_sponsored_apt29/
Ok, it seems that threatpost article is going off vendor research, I'm linking the original vendor blog which shows nothing new on the mitigation front and a sales pitch at the end of it basically.
https://www.forescout.com/blog/ot-icefall-56-vulnerabilities-caused-by-insecure-by-design-practices-in-ot/
Here we go with insecure by design talk this time on OT vendors. Yes they should be paying more attention to it now. That said, how does that affect everything.
Not being in OT, I don't have the answers, but others could speak on this better.
https://threatpost.com/discovery-of-56-ot-device-flaws-blamed-on-lackluster-security-culture/180035/
If I can find the time, I might have to see how I can compare Firefox's anti-tracking to Brave's.
https://www.bleepingcomputer.com/news/security/firefox-now-blocks-cross-site-tracking-by-default-for-all-users/
Metasploit 6.2.0 improves credential theft, SMB support features, more
So Internet Explorer is "Officially Dead" which of course means that it will linger for the next 100 years.
I mean, look at Flash, Python 2 and other legacy tech that is still around.
The real issue is laziness. Things that rely on the "dead" tech never get updated but still wind up being needed until some new version is hopefully written.
Then after writing said new version is needs to be tested and eventually rolled out. Some industries this can take 10+ years to accomplish.
Cybersecurity #books on HumbleBundle
#infosec #security
https://lazybear.io/notes/cybersecurity-books/
Working with Linux Logical Volume Manager in forensic disk images with Tsurugi Linux - something you might run into if you are analyzing a Linux image.
On today's #SaturdayHackerday, we finish the setup of our packet capture interfaces for Suricata/Zeek. Then, I have a wacky malware sample to show y'all! That plus the week's cyber news live at 10 AM Pacific! https://twitch.tv/mttaggart
The only thing that surprises me about this one is that it took this long to happen.
One always needs to make sure of what they are getting, and what their attack vector can be.
Dad, Security Engineer, Burbsec North Organizer, BlueTeam, Padawan, Theatre Actor/Tech Man, Train Hobbyist, "Dammit Shecky" Opinions and more, GCIH, CISSP