Into the Breach: How Cyber Prepared Is Your Organization?

When you think of recent breaches, you wonder about the company’s preparedness and how they handled the communication process with customers, employees, regulators and the government. Today, cyber risk is a real challenge and it should be treated as a business issue rather than a technology issue. No data breach should come as a complete surprise; rather, as a foreseeable event for which you are completely prepared. 

What is Mitre’s ATT&CK framework? What red teams need to know

The ATT&CK framework, developed by Mitre Corp., has been around for five years and is a living, growing document of threat tactics and techniques that have been observed from millions of attacks on enterprise networks. The funky acronym stands for Adversarial Tactics, Techniques, and Common Knowledge. It began as an internal project and morphed into this behemoth of a public knowledge base that numerous security vendors and consultants have picked up. (More on that in a moment.)

Dark Web Price Index For Hacked Accounts

Cybersecurity experts with STEALTHbits, VASCO Data Security and NuData Security commented below on the recent Dark Web Market Price Index published by VPN ratings service’s consumer site “Privacy Central.” The index puts the price of a full online identity at $1,170, while hacked Uber, Airbnb and Netflix accounts go for $10 each, and hacked Grubhub, Walmart and Costco accounts go for between $5 and $10 each.

Why Data Loss Prevention Will Suffer the Same Fate as Anti-Virus

For years, Data Loss Prevention (DLP) has been the first line of defense against data leaving an organization’s four walls. DLP solutions have been touted as having the ability to track and prevent the loss of data through unauthorized channels. However, there are challenges associated with DLP, such as solution stability, the time-consuming data classification process and ongoing maintenance, and disconnects between data owners and DLP administrators. Security teams are realizing DLP is not sufficient in keeping an organization’s critical data safe.

toolsmith #132 – The HELK vs APTSimulator – Part 2

Continuing where we left off in The HELK vs APTSimulator – Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK offers Apache Spark, GraphFrames, and Jupyter Notebooks  as part of its lab offering. These capabilities scale well beyond a standard ELK stack, this really is where parallel computing and significantly improved processing and analytics truly take hold. This is a great way to introduce yourself to these technologies, all on a unified platform.

Let me break these down for you a little bit in case you haven’t been exposed to these technologies yet. First and foremost, refer to @Cyb3rWard0g‘s wiki page on how he’s designed it for his HELK implementation, as seen in Figure 1. Leaks Millions of Customer Records, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

Quintacorn Robinhood’s free crypto trading rolls out in Cali, 3 more states

Robinhood is rolling out its Coinbase-killer that’s already helped the fintech startup’s valuation grow 4X in a year. Zero-fee trading of Bitcoin and Ethereum is now available to all investors in California, Massachusetts, Missouri, and Montana. Everyone else is still on the waitlist. Robinhood users everywhere can already track 16 crypto coins including BTC, ETH, Litecoin, and Ripple, as well as trade traditional stocks with no transaction commission.

Complete Guide to Enterprise Container Security *New Paper*

Posted under: Research and Analysis

The explosive growth of containers is not surprising because the technology (most obviously Docker) alleviates several problems for deploying applications. Developers need simple packaging, rapid deployment, reduced environmental dependencies, support for micro-services, generalized management, and horizontal scalability – all of which containers help provide. When a single technology enables us to address several technical problems at once, it is very compelling. But this generic model of packaged services, where the environment is designed to treat each container as a “unit of service”, sharply reduces transparency and audit-ability (by design), and gives security pros nightmares. We run more code faster, but must in turn accept a loss of visibility inside the containers. It begs the question, “How can we introduce security without losing the benefits of containers?”

SB18-092: Vulnerability Summary for the Week of March 26, 2018

acrolinx_server — acrolinx_server  Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. 2018-03-25 not yet calculated CVE-2018-7719CONFIRMEXPLOIT-DB apache — http_server  A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. 2018-03-26 not yet calculated CVE-2018-1303MLIST