Russian State-Sponsored Cyber Actors Targeting Network Infrastructure november 8, 2018/in Security blog /door johan_kanYesterday, US-CERT posted a bulletin about Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices ( https://www.us-cert.gov/ncas/alerts/TA18-106A ). Our take on this is that this is something one must always assume to be happening, and if the bulletin is accurate then it’s not something Russia is alone in doing: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ https://www.engadget.com/2016/08/21/nsa-technique-for-cisco-spying/ It is vital to have critical controls in place to protect against these types of attacks, and to be prepared to take action based on concrete Indicators of Compromise provided in alerts and threat intelligence. Basefarm is a member of FIRST.org, TF-CSIRT and Swedish CERT-Forum, which helps us gather intelligence such as this in a timely manner. (Blogpost image by Erik Mandre, “Karu-Ursus arctos-Erik Mandre.jpg“, Creative Commons Attribution-Share Alike) https://basefarm.nl/wp-content/uploads/2018/04/Brown-bear-Erik_Mandre.jpg 640 960 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:42:292018-11-08 08:42:29Russian State-Sponsored Cyber Actors Targeting Network Infrastructure
Are you prepared for social engineering and the Next Corporate hack? november 8, 2018/in Security blog /door johan_kanHave you opened the front door for anyone who came knocking or made way for an unknown contractor? If so, you might have been victim of social manipulation-based hacking. Training, exercise and countermeasures can help, and this also applies to the Next Big Corporate hack which surely can strike even you. Lees meer https://basefarm.nl/wp-content/uploads/2018/04/social-engineering-e1524570732579.jpeg 1333 2000 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:42:122018-11-08 08:42:12Are you prepared for social engineering and the Next Corporate hack?
Are you prepared for DDoS attacks? november 8, 2018/in IT security, Security blog /door johan_kanHow can you protect yourself from hackers and more specifically, DDOS attacks? Lees meer https://basefarm.nl/wp-content/uploads/2018/08/ddos1.1-1030x329.jpg 329 1030 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:35:432018-11-08 08:35:43Are you prepared for DDoS attacks?
Malware is so 2017: five security trends to watch out for november 8, 2018/in IT security, Security blog /door johan_kanRemember when several massive ransomware attacks went global and hit many big businesses? Fredrik Svantes, Senior Information Security Manager at Basefarm, discussed with us the latest developments that keep the cybersecurity community busy. Lees meer https://basefarm.nl/wp-content/uploads/2018/10/pexels-photo-193349-687x1030.jpeg 1030 687 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:34:042018-11-08 08:34:04Malware is so 2017: five security trends to watch out for
TLS 1.3 – Internet Security Gets a Boost november 8, 2018/in IT security, Security blog /door johan_kanTLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance. 10. august marks the formal publication of an overhaul of the Transport Layer Security (TLS) protocol. TLS is an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world. Often indicated by the small green padlock in a web browser’s address bar1, TLS is used in financial transactions, by medical institutions, and to ensure secure connections in a wide variety of other applications. We believe the new version of this protocol, TLS 1.3, published as RFC 8446, is a significant step forward towards an Internet that is safer and more trusted. TLS 1.3 represents a significant security win for the Internet and its users. We look forward to using it and tracking its adoption on the Internet. An Overview of TLS 1.3 – Faster and More Secure Top 5 Security links Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered Google Tracks Android, iPhone Users Even With ‘Location History’ Turned Off The Norwegian National Security Authority (NSM) establishes the National Cyber Security Center Google Chrome Bug Opens Access to Private Facebook Information Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup https://basefarm.nl/wp-content/uploads/2018/10/TLS1.3-Badge-1030x443.png 443 1030 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:31:212018-11-08 08:31:21TLS 1.3 – Internet Security Gets a Boost
Security is Not a One-Person Job november 8, 2018/in IT security, Security blog /door johan_kanSecurity is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company. “Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people. Read more.. Top 5 Security links New Apache Struts Vulnerability Leaves Major Websites Exposed Vulnerability in OpenSSH “for two decades” (no, the sky isn’t falling!) Intel rips up microcode security fix license that banned benchmarking $1.1M is Lost to Cybercrime Every Minute of Every Day Evolution of Android Security Updates https://basefarm.nl/wp-content/uploads/2018/10/achievement-agreement-arms-1068523-1030x674.jpg 674 1030 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:30:112018-11-08 08:30:11Security is Not a One-Person Job
What we learned from DEF CON 26 november 8, 2018/in IT security, Security blog /door johan_kanCyber security is increasingly important to companies. We went to DEF CON to see what the hackers were doing. Lees meer https://basefarm.nl/wp-content/uploads/2018/06/outline-2.jpg 525 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:30:082018-11-08 08:30:08What we learned from DEF CON 26
Check for the Security-First Mindset Across All Teams november 8, 2018/in IT security, Security blog /door johan_kanCheck for the Security-First Mindset Across All Teams “Embedding security as a way of life is not a one-time event. It requires ongoing education through a variety of channels. Setting the tone from executive leadership is key, but this must be reinforced by direct management and across peer groups.” Read more.. Top 5 Security links Chinese hotel chain warns of massive customer data theft Instagram’s New Security Tools are a Welcome Step, But Not Enough Cryptocurrency Scams Replacing Ransomware as Attackers’ Fave Android system broadcasts enable user tracking Active Exploitation of New Apache Struts Vulnerability CVE-2018-11776 Deploys Cryptocurrency Miner https://basefarm.nl/wp-content/uploads/2018/06/pci-dss.jpg 1667 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:29:582018-11-08 08:29:58Check for the Security-First Mindset Across All Teams
Blocking cyber attacks; Why you should understand adversary playbooks november 8, 2018/in IT security, Security blog /door johan_kanThis blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). It’s time to get off the treadmill: Why you should understand adversary playbooks “Flipping the equation on known adversaries by developing and deploying controls at locations on the intrusion kill chain designed specifically for these known playbooks will increase a company’s ability to block an attack. The cybersecurity industry must collaborate to identify all know adversary playbooks and share this knowledge with each other and the public.” Read more.. Top 5 Security links Scrappy ‘Silence’ Cybercrime Gang Refines Its Bank Attacks USB Drives shipped with Schneider Solar Products were infected with malware Spyware Company Exposed ‘281 Gigabytes’ of Children’s Photos Online Mikrotik routers pwned en masse, send network data to mysterious box Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy https://basefarm.nl/wp-content/uploads/2018/10/joel-fulgencio-715381-unsplash-1030x587.jpg 587 1030 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:29:542018-11-08 08:29:54Blocking cyber attacks; Why you should understand adversary playbooks
5 tips for better cloud security november 8, 2018/in IT security, Security blog /door johan_kanThis blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Lees meer https://basefarm.nl/wp-content/uploads/2018/10/internet-3629639-1030x687.jpg 687 1030 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:25:192018-11-08 08:25:195 tips for better cloud security
