A Review of the Best News of the Week on Cyber Threats & Defense

Equifax blames giant breach on vendor software flaw (New York Post, Sep 11 2017)
“Equifax on Friday blamed a flaw in the software [Apache Struts] running its online databases for allowing hackers to steal the personal information of as many as 143 million Americans…”

Apache Struts Statement on Equifax Security Breach (Apache Foundation, Sep 09 2017)
“However, the security breach was already detected in July, which means that the attackers either used an earlier announced vulnerability on an unpatched Equifax server or exploited a vulnerability not known at this point in time –a so-called Zero-Day-Exploit.”

Equifax Breach Response Turns Dumpster Fire (Krebs on Security, Sep 08 2017)
“I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax…”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Abbott recall signals new era in medical-device cybersecurity (Crain’s Chicago Business, Sep 05 2017)
“The FDA’s recall of 465,000 Abbott Laboratories pacemakers earlier this week alerted medical-device makers that they increasingly need to be prepared to issue security updates and take cybersecurity issues more seriously…”

DDoS explained: How denial of service attacks are evolving (CSO Online, Sep 07 2017)
“They have also gotten bigger over the years. In the mid-1990s an attack may have consisted of 150 requests per second – and it would have been enough to bring down many systems. Today they can exceed 1,000 Gbps. This has largely been fueled by the sheer size of modern botnets.”

Office 365 Phishing – A quick look at a recent example (CSO Online Salted Hash, Sep 07 2017)
“The form simply asks for a password. That’s it. There is an option to sign in, or click a forgotten password link…When the forgotten password link is used, the victim is forwarded to a legitimate Office 365 login page.”

Security Analytics: Platform First or Content First? (Gartner Blog Network, Sep 06 2017)
“For the majority of organizations, BOTH “scalable platform” AND “smart detection content” are too hard. However, lately I’ve seen too many enlightened organizations that managed to succeed with the scalable platform part to then fail with detection logic.”

Unsecured databases are (still) the low-hanging fruit of the internet (Naked Security – Sophos, Sep 07 2017)
“A ransom attack that wiped more than 27,000 poorly configured MongoDB databases in January sounded like it would be a pretty loud wake-up call for better open-source NoSQL security. Apparently, not so much.”

Where are the “Actionable Defense” talks? (from Black Hat) (ShackF00, Sep 04 2017)
“But if I am your employer, and you ask me to send you to something that I am paying for, what do I get out of it? What can you come back to work and actually DO? Can we be honest for a minute? Most of ya’ll aren’t pen testers. You’re not exploit writers.”

“Breaking Bad Security” – Tutorial 2 – Remote Access (Carbon Black, Sep 07 2017)
“In this video, Tristan shows how to establish a remote connection using the open-source platform QuasarRAT. He’ll walk through installation and setup, how to configure the Release and Remote clients, and offers some suggestions for how to distribute Remote client to test endpoint defenses.”

A Basic Model to Measure SIEM Maturity (Security Intelligence, Sep 08 2017)
“But how can security professionals validate that their SIEM systems are properly configured and aligned with the organization’s security requirements? Is there any kind of evaluation system — in other words, a maturity model — to check these solutions against security best practices?”