Addressing the Challenges Cybercrime-as-a-Service Serves Up. Software-as-a-Service. Infrastructure-as-a-Service. Platform-as-a-Service. You name it and it seems like you can get it as a service. For hackers it’s Cybercrime-as-a-Service. The phrase might come across as the latest marketing buzzword, but it’s actually an evolution in the Industrialization of Hacking and it’s compounding the challenges IT security professionals face in combatting attacks.
The Industrialization of Hacking has created a faster, more effective, and more efficient sector profiting from attacks to our IT infrastructure. By monetizing malware with cryptocurrency these professional, entrepreneurial, and resourceful hackers have created cybercriminal business models that share many similarities with legitimate businesses. With these tried and true business practices they’re creating and selling effective cybercrime tools and, in the process, closing the gap between sophisticated and unsophisticated attackers. So what are we doing about it? Previous Columns by Marc Solomon: Bienvenue sur My Kaspersky ! Discover Server Health and Hacking Attempts in Web Server error_log Files. In this third and final edition in my series on web server logs, I'll explain what an error_log is and the important information you can find within. My previous two Nuggets explaining your web server's access_log can be found here and here.
In those previous two Nuggets I showed examples of the information that is recorded in your access_log file every time someone visits your website. All of that information is useful for helping you determine how to improve your site. On the other hand, the error_log file is where server problems are saved. These problems include misconfigurations, missing files, hacking attempts, server errors, and denial of service (DOS) attacks. The error_log file is usually saved in the same directory on your web server as your access_log file. For security reasons this directory should not be visible to the public and it should be password protected or simply not accessible through a web browser at all. Here's a sample error log entry: Missing favicon.ico Errors.
The CERT Division | SEI | CMU. SANS Information Security Training | Cyber Certifications | Research. Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources. Why CipherCloud | Enterprise Cloud Data Protection | CipherCloud. Mobile Device Management - Award Winning MDM Solution - MaaS360 | MaaS360 by Fiberlink. Trust, company culture and BYOD security.
January 20, 2015 Trust, company culture and BYOD security In a recent survey of senior security decision makers 38 percent cited device security as one of the top worries they have when it comes to mobile device use. For such organisations BYOD can be a daunting prospect. The idea of allowing employees to use their personal devices at work is still revolutionary for many, and as with any revolutionary idea, it will take some time to become accepted fully. The issue is that all too often devices, and device security, are being used as a scapegoat for regressive and counterproductive IT policies. It also misses the point: employees are already using their own devices at work, regardless of their businesses' official policies on BYOD.
Organisations therefore have a clear choice: address the security challenge of BYOD and enjoy the benefits; or keep delaying until such a time as it may become too late. In business trust is never given freely, it is always earned. This poses problems. Top Ten Steps for Apache Webserver Hardening. Introduction This Howto describes the most typical webserver hardening steps to improve security. In focus are Linux servers running the Apache web server.
Example settings have been evaluated on OpenSuse 12.1. 1. Configure the Linux Firewall On the operating system level, we configure the Linux iptables firewall to allow only the ports for the services we intent to be accessed over the network. For a web server, these are typically: TCP port 22 (SSH) TCP port 80 (HTTP) TCP port 443 (HTTPS) UDP port 161 (SNMP) The list above is only an example, please select only the ports that are really being used. 2. . - run and listen only on the HTTP/S port 443 per Apache configuration - run the actual website only on dedicated IP's localhost (for monitoring) and service IP. Susie114:~ # vi /etc/apache2/listen.conf # Listen: Allows you to bind Apache to specific IP addresses and/or # ports. 3. Apache can be configured to run under a non-privileged user account. 4. 5. 6. 7. 8. 9. 10. Additional Measures.
Discover Server Health and Hacking Attempts in Web Server error_log Files. Untitled. Fireeye-poison-ivy-report.pdf. Poison Ivy RAT becoming the AK-47 of cyber-espionage attacks. The Poison Ivy Remote Access Tool (RAT) - often considered a tool for novice "script kiddies" - has become a ubiquitous feature of cyber-espionage campaigns, according to experts. Research by malware protection firm FireEye has revealed that the tool served as lynchpin of many sophisticated cyber attacks, including the compromise of RSA SecurID data in 2011 and the "Nitro" assault against chemical makers, government offices, defence firms and human-rights groups last year. A Peeping Tom webcam sextortionist has been jailed for six years in the US after targeting several young women in attacks that relied on a modified version of Poison Ivy, an incident which shows that the tool has malign uses beyond cyber-espionage.
Poison Ivy remains popular and effective eight years after its original release. FireEye has compiled a list of nation state-type attackers making use of the utility. Poison Ivy is the preferred RAT of several threat actors located in China. How to hack a bank (theoretically) One service that some security consultancies provide is called 'red teaming'. This simply means trying to infiltrate a client's IT systems through any means possible, in order to highlight security vulnerabilities they may not have identified. UK security firm Context Information Security has been commissioned by a number of major financial institutions to attack their systems. Last week, it presented some of the techniques it has used successfully - and how the targets could have thwarted them. The general plan of attack for infiltrating a bank's IT systems is to mimic the so-called 'advanced persistent threat', understood to be the Chinese army's preferred method of cyber attack.
This means using a previously undiscovered or 'zero day' software vulnerability to create targeted malware; using social engineering to inject that malware into an organisation's IT infrastructure; using that malware to gain remote access to the company's network; and finally extracting the desired information. University of Oxford Single Sign-On Login. Setting Up a Pentest Lab with pfSense in VirtualBox. Introduction Penetration testing requirements often force penetration testers to do both external as well as internal assessments. This article covers the concepts that are required to setup a pentest lab in VirtualBox, which looks like a real network for a small-scale organization. This can be used as a base for setting up more advanced labs to practice penetration testing concepts in a legal environment. Before proceeding further, here is a quick note about licensing. Windows Operating Systems that we use in this article must be purchased from Microsoft or you can go with trial versions available.
Ethical Hacking Training – Resources (InfoSec) Let’s begin Following is the network we are going to setup in this article. I am using Mac as host machine (192.168.1.103) and am connected to a wireless router (192.168.1.1). Required Software: VirtualBoxKali LinuxWindows Server 2003pfSenseWindows 7 VirtualBox Install VirtualBox in your host machine. Kali Linux Install Kali Linux in VirtualBox. PfSense. Daniel Miessler : Technology | Philosophy | Politics. Malware - How do I safely inspect a suspicious email attachment? I received a pretty blatantly spammy email to my Gmail account.
I'm not really sure how it made it through the spam filters, since it has all of the telltale signs. The FROM field is spoofed as email@example.com, but the headers reveal the sender's IP as 18.104.22.168... which points back to an ISP in Kazakhstan. Anyway, attached to the email is a supposed HTML file. My first hunch was that it was probably one of the following: A nasty executable file masquerading as a simple HTML file, orAn actual HTML file meant to be opened in a browser in a phishing attack (edit: Or one of the others mentioned by @Adnan) My guess is that it really is an HTML file, since Gmail claims the attachment is only 1K in size.
I know I should probably just mark this as spam and get on with my life, but my curiosity is getting the best of me... I'm thinking a LiveCD or a VM would be a safe environment... Any suggestions? Update: I was probably over thinking this. Phishing emails and bogus contact: HM Revenue and Customs examples. Network Security Trumps Server Security in the Enterprise.
There is a historical conundrum in cybersecurity about where to concentrate security skills, controls, and oversight. Hackers penetrate networks in order to compromise hosts and steal data. Given this obvious workflow, should CISOs focus security resources on networks, hosts, or a balanced combination of both? ESG recently posed this question to 395 security professionals working at midmarket (i.e., 100 to 999 employees) and enterprise (i.e., more than 1,000 employees) organizations. The results are extremely interesting: Somewhat surprisingly, there is a clear imbalance in most cases. Why? The ESG data also indicates that this behavior is changing. There are several market implications here: Network security vendors remain in the cat-bird seat. The ESG data indicates that most enterprises still think of their networks as a security hub. Information Security for the Admin Team - Google Slides.
Governance Policy & Theory. Cloud security. Malware. Tools. Hacking / Pen testing.