Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica
Excellent report by Kaspersky that unmasks a breach inside their corporate infrastructure. Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks
Bsides PR 2015 – Fun with Tor : How anonymity services complicate actor attribution CompSec Direct
Hello from Puerto Rico. Here are our slides from Jose Fernandez’s talk on Tor and attribution. We are very exited to have participated in BSides PR 2015, and look forward to speaking again in the future. By the time we got to the beach, the Internet is hopefully in a slightly better state than we left [...]
Cybergeddon: Why the Internet could be the next “failed state” -ArsTechnica
Excellent article by Sean Gallagher from ArsTechnica. It truly captures the essence of how our world is likely headed into an unfortunate collision with technology. http://arstechnica.com/information-technology/2015/02/fear-in-the-digital-city-why-the-internet-has-never-been-more-dangerous/1/
How to exploit Domain Controllers with MS14-068 / From Zero 2 Hero
Hello! This is jfer from compsec direct. I would like to show you how to leverage the new Kerberos exploit against Windows domain controllers called ms14-068. This vulnerability allows a user with domain credentials to forge a Kerberos ticket and receive domain admin privileges via the forged ticket. I want to thank Sylvain Monné aka Bidord [...]
CSO – Survey shows the cost of security breaches is on the rise
Excellent post associating the attributed costs of security breaches over time.
Sans- How Not To Fail at a Pen Test
One of the best Sans webinars I have seen in a long time. Thank you Ed and John for putting together such a comprehensive presentation. Read More
IT threat evolution Q2 2014 – Kaspersky
Please take time to read this insightful publication by David Emm, Roman Unuchek, Victor Chebyshev, Maria Garnaeva and Denis Makrushin from Kaspersky Labs. The publication offers unparalleled insight and examples of current evolving threats through the info sec lens. Click to Download
Ransomware going strong, despite takedown of Gameover Zeus – ArsTechnica
Despite numerous public takedowns, cyber criminals will continue to extort users by leveraging their own data as ransom.Click Here for Original Post
Advanced Persistent Threat Awareness Study Results 2014 – ISACA
According to the study by ISACA, 15% of companies are prepared, or feel prepared to handle APT’s. Download Report Here
Dark Reading – How to Defend Your Network from Advanced Persistent Threats (APTs)
Good presentation from Bit9 on using sandboxing to potentially identify APT’s. Click Here