In terms of collaboration, Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) represent a revolution in the security industry. These protocols transformed the field of threat intelligence from a fragmented collection of information to a unified standard for information sharing. In this blog, I will examine this transition and how it came about.
In part one I provided a high level overview of PowerShell and the potential risk it poses to networks. Of course we can only mitigate some PowerShell attacks if we have a trace, so going forward I am assuming that you followed part 1 of this series and enabled: Module Logging, Script Block Logging, Security Process Tracking (4688/4689)
Log360 Adds Prebuilt Report, Enhanced Data Breach Detection Capabilities to Streamline Enterprise Compliance with GDPR.
Imagine someone getting the seemingly innocent ability to run a couple of commands on a machine on your network WITHOUT installing any new software, but those commands resulting in a reverse shell running on that same machine – giving the intruder a convenient outpost in your network. Now stretch your imagination even further and pretend that all of this happens without leaving any unusual traces in logs – leaving you completely in the dark.
In recent years, revelations of security holes in widely used IT hardware and software have put IT pros on edge. A few times a year, a huge cybersecurity announcement introduces chaos into the IT world, forcing network and systems administrators to scramble to secure their environments and deal with the fallout.
Reports have recently surfaced about Spectre and Meltdown vulnerabilities in most modern computer systems. These so-called side-channel attacks can allow one program (e.g. a browser) to infer and even read data used by the CPU to execute another program… even a more privileged one. These vulnerabilities affect phones, tablets, desktops, servers, and cloud computing services.
When a critical security flaw affecting hardware is identified -- such as the recently publicized chip vulnerabilities (Meltdown, Spectre) -- your cloud provider takes steps to implement the necessary patch(es) to protect its infrastructure. Updates performed by your cloud provider may require scheduled reboots for your cloud resources. For example, the security patch for Intel processors requires a machine reboot since the patch includes an update to the hypervisor kernel.
In many ways, AWS is often seen as a leader in the cloud space. This is for good reason — AWS represents a wide range of business, small and large, as well as a variety of individual users, and as such, where AWS goes in terms of trend is largely where the industry trend itself is going.
For ManageEngine, 2017 can be largely defined by one of our favorite C.S. Lewis quotes: “You are never too old to set another goal, or to dream a new dream.” We began the year with a goal; a goal to bring the numerous domains of IT management together. And we began the year with a dream; a dream to simplify IT management, a dream to help IT propel your business forward.
In Mr. Robot‘s episode 9 of season 2 (13:53), Angela Moss needs to obtain the Windows domain password of her superior, Joseph Green, in order to download sensitive documents that would potentially incriminate EvilCorp. Since her attack requires physical access to his computer, she starts with a good old-fashioned social engineering attack to get the only currently present employee in the office to leave.
