Prioritize & Execute
Rapidly and aggressively apply the Microsoft patch for the MS17-010 SMB vulnerability @ 14Mar2017 Disable SMBv1 Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update. Email Gateways Modify your spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing. Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users. Verify anti-malware is running the latest update.
66% of malware is installed from users clicking things in emails
61% of companies that are breached, have less than 1000 employees
81% are weak or stolen passwords
Usually, no where near enough...
Gingsoft Security Research
<<< I am making frequent updates to this post an information flows in. >>> Overview There is an exploit called ETERNALBLUE (CVE-2017-0145), which is believed to have been developed by the NSA (U.S. National Security Agency). ETERNALBLUE was leaked by the Shadow Brokers hacker group on 14 April 2017. Is used as part of the WannaCry ransomware attack that Read more about Blue Team Reactions to WannaCry[…]
Normal Racing Days Frequency License Type Tone Alpha Tag Description Mode Tag 858.78750 WNYP413 250.3 PL C DOWNS 2 Churchill Downs (Repeater 2) FM Business 859.78750 WNYP413 C DOWNS Churchill Downs FM Business 860.78750 WNYP413 C DOWNS Churchill Downs FM Business 451.87500 BM 036 DPL UNTD TOTE United Tote Company FM Business Derby Museum Frequency Read more about Derby Radio Freqs[…]
Symantec has mis-issued at least 30,000 certificates over the past few years. This is a huge deal, since a Certificate Authority’s ONLY job is to be TRUSTED. If you can’t trust them, then they have no purpose to exist. Frankly Google has to be nice in the grand scheme of things. I’m taking a more hostile approach by Read more about Symantec Lands on the Never Trust List[…]
Yesterday, I received this email notification (below) notifying me that lynda.com’s database had been breached. For those of you who don’t know or use lynda.com, it’s really good resource for learning almost anything in IT related via online videos. The cost is around $20 to 35 per month or you can pay for the year in Read more about Lynda.com Breach Affects 55,000 users[…]
A cyber war is coming, our adversaries are preparing for battle by flooding the United States consumer electronics market with devices that they can control and gather intelligence from (digital spies). TheUnited States is the most power country in the world when it comes to air superiority, logistics, and technological advantages in most areas of operation. Read more about The USA has a Mothership[…]
Blacklists Part of a defense in depth strategy for cyber security is having the hostile attacker deal with multiple obstacles before reaching the his objective. You can thwart many script kiddies with a just a couple layers. However, a determined attacker, won’t stop after encountering your firewall and anti-virus. Do yourself a favor and add another Read more about Blacklists[…]
Yahoo accounts for at least 500 million users was stolen apparently from back in 2014. The information may have included usernames, email addresses, phone numbers, birthdates, security questions and answers, Yahoo said.
When creating web applications these days security must come first. Building the application without security and then attempting to retrofit it with security after the fact is a fruitless exercise. There will always be an excuse from upper management that it isn’t a high enough priority to secure it properly, “just fix the worst vulnerabilities and quickly Read more about My Application Security Notes[…]
Go to https://www.npmjs.com/ to get npm. npm -l npm adduser npm bin npm bin -g npm config set <key> <value> npm config get [<key>] npm config delete <key> npm config list npm config ls -l npm config edit npm set <key> <value> npm get [<key>] npm dedupe [pkg pkg…] npm deprecate <pkg>[@<version>] <message> npm docs Read more about Command Examples with npm[…]
Palo Alto Networks released an update to PAN-OS yesterday, which patches five vulnerabilities: Critical – Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface (PAN-SA-2016-0005). High – Unauthenticated Command Injection in Management Web Interface (PAN-SA-2016-0003). Medium – Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface (PAN-SA-2016-0004). Medium – ESM Console XSS vulnerability (PAN-SA-2016-0001). Low – Command Injection in Command Line Interface Read more about 5 New Palo Alto Networks PAN-OS Vulnerabilities[…]