We Need Better Classification of Threat Intelligence
he threat intelligence landscape has vastly changed over the years. While the term was originally used to refer to malware Indicators of Compromise (IOC) – lists of known malware signatures and the servers those malware communicate with, a method to identify infected devices within corporate networks – as time went by vendors have broadly expanded…
How to optimize Windows event logging to better investigate attacks
After a compromise, the first thing investigators will do is review the log files. The default logging on Windows machines, however, does not capture enough information to identify forensic artifacts. You can adjust your logging settings to get enough information to investigate attacks. First, download and install Sysmon on outward-facing machines. Sysmon remains resident across…
Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers
A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations. About the vulnerabilities The…
(ISC)² research: Why cybersecurity is a great choice for an exciting career
Cybersecurity is becoming increasingly important as more businesses collect, share, and use more data as part of their practice. But you do not need to be a cybersecurity expert to understand that this is a booming industry. As breach after breach hits the headlines, it is clear to everyone that organizations need more professionals focused…