Blog

By Ken Phelan, Posted in Security

I’m fresh back from RSA this week, which means that in the last 10 days I’ve seen approximately one billion new cyber security applications. Many of them make claims regarding AI and its value to their platform. It’s my job to make some judgement about the reality of that claim. Here’s what’s going on in the back of my head when someone tells me about their great AI. First of all, when people talk about AI in this context, what they generally mean is machine learning. Machine... read more.

  • March 20, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/11 Windows malware: Slub taps Slack, GitHub to steal your info The malware also exploits an even older Windows bug, CVE-2015-1705, a win32k.sys local elevation of privilege flaw that was found to be useful by targeted attackers because it could be used to bypass a Windows application's sandbox. Once a machine has been fully compromised, the backdoor uses a private Slack channel to check commands taken from 'gist' snippets hosted on GitHub, and then sends the commands to a private Slack channel co... read more.

  • March 15, 2019

By Eric Corcoran, Posted in Technology Week in Review

Tuesday 3/5 Attack Campaign Targets Organizations Worldwide with New Qbot Banking Malware Variant The campaign consists of phishing emails that come with an attached ZIP file using a .doc.vbs extension. Upon execution, the VBS script extracts information about the target machine’s operating system and attempts to check for strings associated with well-known antivirus software. It then uses the BITSAdmin tool to run a malware loader. https://ibm.co/2XEb6xF Ivanti Brings Together Leading Patch Manag... read more.

  • March 08, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 2/25 Phishing campaign attempts to spread a new brand of snooping malware A series of spear-phishing attacks using fake emails with malicious attachments attempts to deliver a new family of malware, which researchers at Palo Alto Networks have identified and dubbed BabyShark. The campaign started in November and remained active at least into the new year. https://zd.net/2U4F3Vq Cisco HyperFlex Software Command Injection Vulnerability A vulnerability in the cluster service manager of Cisco HyperF... read more.

  • March 05, 2019

By Tom Stanley, Posted in Infrastructure

Splunk allows the transformation of dashboards into forms, which present controls for users to enter search criteria. This allows you to have text boxes, pulldown lists, checkboxes, radio buttons, and other controls at the top of the form. The user’s selections from these input controls are stored in tokens that you can use in your queries or to control various aspects of the form. You can also add these input controls to specific panels on your form, not just at the top of the page. This makes it... read more.

  • March 01, 2019

By Tom Stanley, Posted in Infrastructure

When extracting fields from events in Splunk, typically each field has a single value. For instance, in a firewall packet event there is a src_ip, src_port, dest_ip, dest_port, action, etc., each with a single value. But there are occasionally fields which have more than one value. One common field type that often has multiple values is an e-mail address field, such as from or to. Splunk deals with these values by allowing fields to hold multiple values, which it refers to as simply a “multivalue fiel... read more.

  • March 01, 2019

By Nancy Rand, Posted in Security

NIST Privacy Framework working drafts have been published for input. The Privacy Framework group has posted an outline of the NIST Privacy Framework, along with a summary analysis of the comments received on their Request for Information. The group developed the outline in response to what was heard from stakeholders, and are looking forward to feedback. A comments spreadsheet has also been posted. A list of standards guidance referenced is available. The NIST Privacy Framework Group is hosting a live webi... read more.

  • March 01, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 2/18 Symantec Improves Email Security With Fraud Protection Jane Wong, vice president of Engineering and Product Management, explained that Symantec Email Security protects customers from email attacks by blocking threats such as phishing, malware, spam and BEC; Email Fraud Protection helps customers automate implementation of sender authentication standards such as DMARC, DKIM and SPF.  http://bit.ly/2EhPmQK Detected Cryptojacking Prompts Microsoft to Remove Eight Free Apps from Micros... read more.

  • February 22, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 2/11 Microsoft: Improved Security features are delaying hackers form attacking Windows users New features have made it much harder for mundane cybercrime operations to come up with zero-days or reliable exploits for newly patched Microsoft bugs, reducing the number of vulnerabilities exploited at scale. https://zd.net/2WVMQXq Citrix Cloud comes to Cisco HyperFlex Customers who want to take advantage of the benefits of moving the Citrix control plane to the cloud and have Citrix manage the enviro... read more.

  • February 15, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 2/4 Google Yanks 29 Malicious Photo Apps From Play Store, But Not Before Millions of Downloads Google yanked some 29 photo apps from the Play Store this week after they were discovered to have malicious code that pushes full-screen ads, steals information from users by tricking them into believing they have won a contest, and in some cases even lifted photos from devices to send to the malware designers behind the apps. http://bit.ly/2WIdwuz This password-stealing phishing attack comes disguised... read more.

  • February 08, 2019