Are you in the market exploring options for security log monitoring and management? If so, I’m sure you are inundated with requests for a meeting from various SIEM (Security Information and Event Management) vendors.

A few years back I had a lunch meeting with two IT Security veterans. One remarked, “There’s been no Pearl Harbor or 9/11 in cyber security. Nobody has ever died because of hacking.” If there was, there would have been a “rallying cry” or a massive response.

A comprehensive cyber security framework consists of several components, and one of the most important among them is security log monitoring. Without an effective security log monitoring and management policy in place, a company runs the risk of non-compliance, and perhaps fines, if there is ever a data breach. In order to maintain compliance with guidelines laid out by laws like HIPAA, and frameworks such as PCI, companies need to have an effective security monitoring solution in place that can help them collect and analyze log information so they can detect and respond to cyber attacks.

What is ANGRYPUPPY?

ANGRYPUPPY is a tool for the Cobalt Strike framework (@armitagehacker), designed to automatically parse and execute BloodHound attack paths. ANGRYPUPPY was partly inspired by the GoFetch (https://github.com/GoFetchAD/GoFetch) and DeathStar (https://github.com/byt3bl33d3r/DeathStar) projects, which also automate BloodHound attack path execution. ANGRYPUPPY uses Cobalt Strike’s built-in lateral movement capabilities, and the credential-stealing capabilities of its agent, beacon.

The NotPetya ransomware, a Petya variant, attack of July 2017 is similar to the recent WannaCry attack that struck 230,000 computers globally. NotPetya utilizes the same exploit as WannaCry, Eternal Blue, to infect Windows-based computers across the network. All of the files on the victim's computer are encrypted, the master boot record is overwritten, and a message appears that demands $300 in Bitcoin. Unlike other types of ransomware, paying this fee does not give access back to the files, as the malware is designed to be unable to undo its effects on the computer.

 As global cybercrime continues to develop new methods to penetrate system defenses, the tactics used in response to threats have been forced to adapt as well. The result has been a move from simple antivirus protection to complete endpoint protection using sophisticated integrations of endpoint malware protection, threat detection and response algorithms, and, in some cases, managed security services. Endpoint threat detection has been identified by Gartner research as one of the top tools for fighting cybercrime.

Is Your Collection Agency Business Secure From a Cyberattack?

What is PCI Compliance?

Have you opened your browser only to receive a message that you've been locked out of your system? What about an email that indicates you’ve made changes to financial accounts and directs you to click a link to correct the situation if you haven’t authorized these changes? Clicking these links or opening attachments from these messages can deploy a specific type of malicious software called ransomware, and it can debilitate your business. Discover what forms ransomware can take and what you can do to secure your business data from ransomware attacks.

Key findings from Verizon DBIR report for the Healthcare Industry

As an information security professional, it can be difficult to know where to concentrate your efforts. Some threats are overly hyped, while others slide in under the radar.