Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How I Would Hack Your Network (If I Woke Up Evil)
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
1/31/2017 | 1:00:42 PM
Re: %
@Dr.T: Perhaps the thinking was "Well, the link says not to click, but it's clearly from my own organization, so it can't be *truly* bad."

The better way to do this is to send fake phishing emails (without letting the users know what they are), and then those who click are brought to a page where they are alerted that they fell for a phishing scam -- and their computer is locked up until they complete a 5-minute InfoSec training so they don't fall for it again.  This technique has been shown to reduce successful email phishing attacks by up to 75%.
ClarenceR927
50%
50%
ClarenceR927,
User Rank: Strategist
1/31/2017 | 11:24:00 AM
Re: Source of attacks
In the case of the DNC attack the evidence is very clear that the work was done by Russian speaking agents using Russian systems for C&C. This is not in dispute dispite what the author implies.

 

The theory that AV companies write all the best viruses is as old as AV software and has been demonstrated false any time it has been investigated.
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
1/30/2017 | 3:06:55 PM
Reconnaissance, infiltration, exploitation, exfiltration: the 4 phases of a data breach
While the reconnaissance phase can take months even years, the exfiltration will take days.  So i agree strongly UBA is critical to flag anything abnormal.  Identity governance is another critical tool to mitigate data breach, especially from insiders , of whom government agencies have seen their share.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2017 | 12:56:34 PM
UBA
"user behavioral analytics (UBA)"

I agree, this may be a good starting point, at the end of the day everything starts with the user behavior.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2017 | 12:54:28 PM
security fundamentals
" old security fundamentals aren't effective"

This is a good point, industry has change, there is no more firewall to sell because everybody has it, they needs to sell something new.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2017 | 12:51:58 PM
passwords
"I will password-spray your Web interfaces,"

I see the points in the article, however I think making password compels is not a solution, they are not really cracking the passwords, that is too much unnecessary work, they are getting it from the users.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2017 | 12:48:51 PM
AV vs. DDOD or social engineering
Agree with the article, AV is an outdated strategy, nobody spends time to write a virus, there is more exciting ways of doing impact such as DDOD and social engineering.

 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2017 | 12:48:24 PM
Re: %
"I wanted to see what would happen."

I see their reasoning. There should be second level protection. I should be able to click the link and still be protected.
Dr.T
0%
100%
Dr.T,
User Rank: Ninja
1/30/2017 | 12:47:23 PM
Source of attacks
Now that security attacks created a new industry I suspect that lots of security firms are behind of lots of those attacks to sell their products. I do not have a proof for it, it is just my guess. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2017 | 12:47:05 PM
Re: %
"Do not click on this link" -- and found that 10% of the recipients STILL clicked the link. "

I wonder, the reason they would click because of the question in their mind: "why would I get a link not to click?"
<<   <   Page 2 / 3   >   >>


US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
A Lawyer's Guide to Cyber Insurance: 4 Basic Tips
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  7/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13951
PUBLISHED: 2019-07-18
The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.
CVE-2019-13952
PUBLISHED: 2019-07-18
The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.
CVE-2019-10100
PUBLISHED: 2019-07-18
The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack v...
CVE-2019-10102
PUBLISHED: 2019-07-18
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt (https://github.com/saltstack/salt/blob/devel...
CVE-2019-10102
PUBLISHED: 2019-07-18
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically ...