A news article published recently discusses the use of Indicators of Compromise to root out malware infections. It underscores the value of utilizing information shared from organizations that have discovered security breaches to detect similar breaches at other organizations. Specifically, the article discusses a collection of indicators released by Kasperksy Labs and AlienVault related to the Red October […]
Indicators of Compromise Root Out Malware Infections
Java Vulnerability: Initial Thoughts
As many of you are aware, recent news reports have surfaced about an old unpatched vulnerability in Java being exploited in the wild. Here are some quick basic facts as we understand them, followed by a bit of immediate advice: This vulnerability has been known about and exploited massively by “bad guys” for some time. Oracle […]
News reports of attack on 50Hertz
There have been a number of news reports this week about a purported ”cyber attack” on Germany’s 50Hertz Transmission GmbH. According to news reports, this incident consisted solely of a denial-of-service (DoS) attack against their public-facing internet presence. Reported impacts included an outage of their website and email system that each lasted a few hours. There is no news being reported that […]
The Problem With Attribution
Wired Magazine’s “Danger Room” blog published a post titled, Bank Hackers Deny They’re Agents of Iran, that brought into question who was actually the force behind a series of recent high-profile denial-of-service attacks on major US banks. While some US officials were quick to blame the Iranian government for the attacks, it was actually an independent […]
Chinese Cyber Threat in the Open
When people are discussing nation-state cyber threats against the U.S. in public, they often do so in whispers, assuming that all information is classified. However, it may come as a surprise to many the amount of information that currently exists in the public domain. One example of this can be found in a compelling report […]
DHS ICSJWG Fall 2012 Slides Posted
DHS has posted a number of the slide decks from this fall’s ICSJWG conference. Overall, the set of presentations posted (not all are available at this time) generally fall into the category of “basic things you should already be doing.” Specific tool usage, such as presentations around Microsoft’s EMET and Attack Surface Analyzer, is covered […]
IOCExtractor: A Tool Worth Watching
The Verizon Risk Team published a blog post earlier this week discussing a tool they developed called IOCExtractor. The product helps automate the time-consuming and error prone process of removing indicators of compromise (IOCs) from shared documents or other files into which they’ve been implanted. The extractor essentially uses a Python script to scan documents for items […]
Federal Government Musings: Cyber Reserve
Yesterday, CNBC issued a short report saying “The U.S. Department of Homeland Security is considering setting up a ‘Cyber Reserve’ of computer security experts who could be called upon in the event of a crippling cyber attack.” The nature of what this cyber reserve would be is unclear at this point, but DHS S2 (DHS […]
Focused on Power Grid Security
This week, NESCO’s Tactical Analysis Center (TAC) is represented at the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Industry Workshop at the University of Illinois in Urbana-Champaign. Co-funded by the U.S. Department of Energy and the U.S. Department of Homeland Security, TCIPG attempts to address the “challenge of how to protect the nation’s power grid by […]
More Tools For PLC Security Testing
Researchers from DigitalBond have published a blog post describing the release of two Python-based tools designed to manipulate PLCs based on the CoDeSys runtime. This manipulation is accomplished without using any authentication and these tools allow full command-line access to the PLC as well as full filesystem access. This results in the capability to read or […]