Common Malware scenarios – Infected USB flash drives, Notebook computers used for maintenance, Project files or executable applications containing malicious code. What are the best practices to handle these incidents?
Attacks related to Industrial Control Systems are complex. There is an urgent need to share information, get support for incident analysis and mitigation, and coordinate messaging for incidents that require communication with customers and the public.
Please take a backup and upgrade to 5.4.2 having few security issues fixed. See the release notes. How do we contain wordpress attacks?
Remote Desktop Protocol (RDP) provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Microsoft RDP includes the following features and capabilities: Encryption, Bandwidth reduction features, Roaming disconnect, Clipboard mapping, Print redirection, Virtual channels, Remote control, Network load balancing. Technical Details […]
Nov3, 2020 – New vulnerabilities revealed. The fixed versions include 3002.1, 3001.3, and 3000.5 depending on what branch of Salt you are using. The company has also made patches available for older versions, such as 2019.x. https://www.bleepingcomputer.com/news/security/saltstack-reveals-new-critical-vulnerabilities-patch-now/ Older vulnerabilities – The hackers use CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over Salt master server Mitigations Below are for older bug fixes related […]
1 in 4 retailers cite fraud losses from their e-commerce business as “highly significant”. Misuse of discounts, coupons & vouchers are most common. How do we mitigate these attacks?
A typical incident could have multiple lines of investigation to get a clear understanding and scope of the attack. It is important to capture each of these train of thoughts or hypothesis. Zero day attacks are typical scenarios where multiple approaches with independent short teams need to be run in parallel. Standardized processes are not enough for responding to every security alert. Apart from running […]
Incident response is a complex process and needs handling in well defined phases.
The objective is to have a set of standard and common containment and mitigation tasks that gets applied during a response. While handling an adversary it helps to know what all steps we can possibly do and then accordingly take action based on which part of the kill chain the adversary is in. Reasoning – The adversary keeps changing their tactics and techniques. They have […]
You need to quickly contain the problem considering which part of kill chain your adversary is in. You to need contain and neutralize the impact of the incident by possibly shutting down specific services/servers/segments.