Archive | TAC Diary RSS feed for this section

Indicators of Compromise Root Out Malware Infections

A news article published recently discusses the use of Indicators of Compromise to root out malware infections. It underscores the value of utilizing information shared from organizations that have discovered security breaches to detect similar breaches at other organizations. Specifically, the article discusses a collection of indicators released by Kasperksy Labs  and AlienVault related to the Red October […]

Read More 0 Comments

Java Vulnerability: Initial Thoughts

As many of you are aware, recent news reports have surfaced about an old unpatched vulnerability in Java being exploited in the wild. Here are some quick basic facts as we understand them, followed by  a bit of immediate advice: This vulnerability has been known about and exploited massively by “bad guys” for some time. Oracle […]

Read More 0 Comments

News reports of attack on 50Hertz

There have been a number of news reports this week about a purported ”cyber attack” on Germany’s 50Hertz Transmission GmbH. According to news reports, this incident consisted solely of a denial-of-service (DoS) attack against their public-facing internet presence. Reported impacts included an outage of their website and email system that each lasted a few hours. There is no news being reported that […]

Read More 0 Comments

The Problem With Attribution

Wired Magazine’s “Danger Room” blog published a post titled, Bank Hackers Deny They’re Agents of Iran, that brought into question who was actually the force behind a series of recent high-profile denial-of-service attacks on major US banks. While some US officials were quick to blame the Iranian government for the attacks, it was actually an independent […]

Read More 0 Comments

Chinese Cyber Threat in the Open

When people are discussing nation-state cyber threats against the U.S. in public, they often do so in whispers, assuming that all information is classified. However, it may come as a surprise to many the amount of information that currently exists in the public domain. One example of this can be found in a compelling report […]

Read More 0 Comments

DHS ICSJWG Fall 2012 Slides Posted

DHS has posted a number of the slide decks from this fall’s ICSJWG conference. Overall, the set of presentations posted (not all are available at this time) generally fall into the category of “basic things you should already be doing.” Specific tool usage, such as presentations around Microsoft’s EMET and Attack Surface Analyzer, is covered […]

Read More 0 Comments

IOCExtractor: A Tool Worth Watching

The Verizon Risk Team published a blog post earlier this week discussing a tool they developed called IOCExtractor. The product helps automate the time-consuming and error prone process of removing indicators of compromise (IOCs) from shared documents or other files into which they’ve been implanted. The extractor essentially uses a Python script to scan documents for items […]

Read More 1 Comment

Federal Government Musings: Cyber Reserve

Yesterday, CNBC issued a short report saying “The U.S. Department of Homeland Security is considering setting up a ‘Cyber Reserve’ of computer security experts who could be called upon in the event of a crippling cyber attack.” The nature of what this cyber reserve would be is unclear at this point, but DHS S2 (DHS […]

Read More 2 Comments

Focused on Power Grid Security

This week, NESCO’s Tactical Analysis Center (TAC) is represented at the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Industry Workshop at the University of Illinois in Urbana-Champaign. Co-funded by the U.S. Department of Energy and the U.S. Department of Homeland Security,  TCIPG attempts to address the “challenge of how to protect the nation’s power grid by […]

Read More 0 Comments

More Tools For PLC Security Testing

Researchers from DigitalBond have published a blog post describing the release of two Python-based tools designed to manipulate PLCs based on the CoDeSys runtime. This manipulation is accomplished without using any authentication and these tools allow full command-line access to the PLC as well as full filesystem access. This results in the capability to read or […]

Read More 0 Comments