Category: General

salstack-Unauthorized-Access
Cloud General
May 8, 2020

Playbook for attack on Salt servers

Nov3, 2020 – New vulnerabilities revealed. The fixed versions include 3002.1, 3001.3, and 3000.5 depending on what branch of Salt you are using. The company has also made patches available for older versions, such as 2019.x.  https://www.bleepingcomputer.com/news/security/saltstack-reveals-new-critical-vulnerabilities-patch-now/ Older vulnerabilities – The hackers use CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over Salt master server Mitigations Below are for older bug fixes related […]

maze-ransomware
General
April 24, 2020

Playbook for Maze Ransomware

You need to quickly contain the problem considering which part of kill chain your adversary is in. You to need contain and neutralize the impact of the incident by possibly shutting down specific services/servers/segments.

web_ad
Cloud General
April 12, 2020

Playbook for Web Ad Fraud

False clicks and fraudulent display of web-placed advertisements Description Lists of full credit and/or debit card data are tested against a merchant’s payment processes to identify valid card details. The quality of stolen data is often unknown, and Carding is used to identify good data of higher value. Payment cardholder data may have been stolen from another application, stolen from a different payment channel, or […]

fairfax_school_video_cyber_incident
General
April 12, 2020

Playbooks for video conferencing app attacks

With the rush for Working From Home, organizations are overwhelmed with employees using video conferencing technologies, from Slack, Skype and Discord to GoToMeeting, Zoom and Webex. What are your security teams supposed to do when incidents like Fairfax school strike? Do they have the basic steps and planned approach to handle the events?. In this page we cover the top tips to analyze and mitigate/contain/remediate […]

General
April 12, 2020

Playbook for social engineering

Social engineering is one of the hardest form of attack to defend against because hardware and software alone can’t stop it. How to we mitigate these attacks?

General
April 9, 2020

Playbook for Insider Threat

Insider threats are growing and are very complex to handle as it needs to be worked outvery closely with a lot of stakeholders including the human resource department.

Cloud General Network Operations SCADA Uncategorized
April 9, 2020

Playbook for Failed SSH login

Brute-force and dictionary attacks against remote services such as SSH, are one of the Top-20 most common forms of attack on the Internet that compromise servers. In particular, Unix-based and Mac OS X servers that run an SSH service to allow administrators secure remote connections are at risk. Playbook Mitigation Disable root access – It is a good security practice to disable logins via SSH […]

General Incident Response
April 6, 2020

Playbook for Phishing

If short on time directly jump to the playbooks section. Summary Any attempt to compromise a system and/or steal information by tricking a user into responding to a malicious message. The most common phishing attacks involve emails armed with malware hidden in attachments or links to infected websites, although phishing can be conducted via other methods such as voicemail, text messages, and social media, too. […]