Web
April 14, 2020

Playbook for SQL injection

A SQL injection attack exploits vulnerabilities in input validation to run arbitrary commands in the database. It can occur when your application uses input to construct dynamic SQL statements to access the database. It can also occur if your code uses stored procedures that are passed strings that contain unfiltered user input. Using the SQL injection attack, the attacker can execute arbitrary commands in the […]

web-carding
Web
April 12, 2020

Playbook for Web Carding

Multiple payment authorization attempts used to verify the validity of bulk stolen payment card data.

web_ad
Cloud General
April 12, 2020

Playbook for Web Ad Fraud

False clicks and fraudulent display of web-placed advertisements Description Lists of full credit and/or debit card data are tested against a merchant’s payment processes to identify valid card details. The quality of stolen data is often unknown, and Carding is used to identify good data of higher value. Payment cardholder data may have been stolen from another application, stolen from a different payment channel, or […]

fairfax_school_video_cyber_incident
General
April 12, 2020

Playbooks for video conferencing app attacks

With the rush for Working From Home, organizations are overwhelmed with employees using video conferencing technologies, from Slack, Skype and Discord to GoToMeeting, Zoom and Webex. What are your security teams supposed to do when incidents like Fairfax school strike? Do they have the basic steps and planned approach to handle the events?. In this page we cover the top tips to analyze and mitigate/contain/remediate […]

General
April 12, 2020

Playbook for social engineering

Social engineering is one of the hardest form of attack to defend against because hardware and software alone can’t stop it. How to we mitigate these attacks?

malicious-traffic
Network Operations
April 9, 2020

Playbook for Malicious Network Behavior: Malicious Traffic

Alerts are generated when something suspicious is seen by one of the Network monitoring devices. Network Security Tools:IDS (Intrusion Detection System)IPS (Intrusion Prevention System)DLP (Data Loss Prevention)SIEM (Security Incident and Event Management)NBAD (Network Behavior Anomaly Detection) Playbook Mitigation https://cert.societegenerale.com/resources/files/IRM-5-Malicious-Network-Behaviour.pdf References

General
April 9, 2020

Playbook for Insider Threat

Insider threats are growing and are very complex to handle as it needs to be worked outvery closely with a lot of stakeholders including the human resource department.

Cloud General Network Operations SCADA Uncategorized
April 9, 2020

Playbook for Failed SSH login

Brute-force and dictionary attacks against remote services such as SSH, are one of the Top-20 most common forms of attack on the Internet that compromise servers. In particular, Unix-based and Mac OS X servers that run an SSH service to allow administrators secure remote connections are at risk. Playbook Mitigation Disable root access – It is a good security practice to disable logins via SSH […]

Web
April 9, 2020

Playbook for website defacement

Government websites hacked and vandalized is a very common observed threat. The defacement can happen for any website. What are the best practices to remediate when under attack?.