As seen in the wild, criminals are remotely exploiting Kaseya to install miners for cryptocurrency. Let’s walk through the attack path.
Watch more videos on my YouTube channel.
Archive for January, 2018
Stuck in Traffic – Monero for Drive-by Downloads
Posted byCryptomining is all the rage for making money off drive-by download attacks. One often seen currency is Monero (XMR). Today, a quick overview of Monero and indicators of compromise, such as the miners XMRig and Coinhive.
Watch more videos on my YouTube channel.
Stuck in Traffic – Defining the Problem of Container Security
Posted byAbstraction is a powerful tool. Abstraction is creation. It allows builders and developers to create apps, features, and functionality. Abstraction is also destruction. It’s the difference between abstraction and implementation that allows hackers to misuse and abuse systems. And abstraction is the place to begin when defining the problem of container security, such as Docker.
Watch more videos on my YouTube channel.
Stuck in Traffic – OnePlus Hacked, Tabletop
Posted byOnePlus’s Web store was compromised and up to 40,000 consumers had credit cards stolen. Let’s take it as an example of how to turn a breach press release into an incident response tabletop exercise.
Watch more videos on my YouTube channel.
Stuck in Traffic – Spritecoin
Posted byInstalling fad software off the Web is always a surprise. Sometimes, we get in on the latest cryptocurrency. Other times, we get held up for ransom. Guess which one Spritecoin is.
Watch more videos on my YouTube channel.
Stuck in Traffic – CIS Critical Security Controls and Internal Audit
Posted bySay we have a Critical Security Control. That’s the easy part. But it gets murky quick. Are we doing some or all? Are we doing it in one system or everywhere? And how to be prove it?
Watch more videos on my YouTube channel.
Stuck in Traffic – File Inclusion Attacks
Posted byA Trend Micro report on 13 million website defacement attacks finds file inclusion to be the number one cause. What to do? And don’t just say, “run linux”.
Watch more videos on my YouTube channel.
Stuck in Traffic – Automating Vulnerability Management
Posted byThe three (no, wait, four) crucial systems we need to have in place for effective vulnerability management.
Watch more videos on my YouTube channel.
Stuck in Traffic – World of Warcraft Multi-factor Authentication
Posted byHere’s a crazy idea. What if we give people something if they’re more secure?
Watch more videos on my YouTube channel.
Stuck in Traffic – OWASP Dependency Checker
Posted by“Using Components with Known Vulnerabilities” is one of the OWASP Top 10. Of course, we all do it. There’s simply too much that goes into an app to do it all ourselves. That’s where dependency security checks come into play.
Watch more videos on my YouTube channel.