The use cases are critical to identifying any of the early, middle, and end-stage operations of the adversary. A small abnormal event can be a clue to a larger attack. There also needs to be a Playbook on how to respond. What are Use Cases A use case can be technical rules or condition applied on logs which are ingested into the SIEM. Eg – […]
Be prepared with communication templates – There is no time when handling an incident.
Common Malware scenarios – Infected USB flash drives, Notebook computers used for maintenance, Project files or executable applications containing malicious code. What are the best practices to handle these incidents?
Attacks related to Industrial Control Systems are complex. There is an urgent need to share information, get support for incident analysis and mitigation, and coordinate messaging for incidents that require communication with customers and the public.
Please take a backup and upgrade to 5.4.2 having few security issues fixed. See the release notes. How do we contain wordpress attacks?
Remote Desktop Protocol (RDP) provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Microsoft RDP includes the following features and capabilities: Encryption, Bandwidth reduction features, Roaming disconnect, Clipboard mapping, Print redirection, Virtual channels, Remote control, Network load balancing. Technical Details […]
Nov3, 2020 – New vulnerabilities revealed. The fixed versions include 3002.1, 3001.3, and 3000.5 depending on what branch of Salt you are using. The company has also made patches available for older versions, such as 2019.x. https://www.bleepingcomputer.com/news/security/saltstack-reveals-new-critical-vulnerabilities-patch-now/ Older vulnerabilities – The hackers use CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over Salt master server Mitigations Below are for older bug fixes related […]
1 in 4 retailers cite fraud losses from their e-commerce business as “highly significant”. Misuse of discounts, coupons & vouchers are most common. How do we mitigate these attacks?
A typical incident could have multiple lines of investigation to get a clear understanding and scope of the attack. It is important to capture each of these train of thoughts or hypothesis. Zero day attacks are typical scenarios where multiple approaches with independent short teams need to be run in parallel. Standardized processes are not enough for responding to every security alert. Apart from running […]
Incident response is a complex process and needs handling in well defined phases.
Need help in building a Playbook?.