News & Publications

Title Date

AdBlocking and Adblocker Blocking

Most people are familiar with the notion of an adblocker. It's pretty much what it says on the label: a program that blocks ads from showing. They may not, however, be entirely familiar with how adblockers work or what the best kind of adblocker for their use might be.

Analysis of the GAO Report on the 2017 Equifax Breach

Cross Posted from Net Friends

The GAO report provides the most detail to date about the specifics of the breach summarized in the graphic below, such as how the attack started on the Equifax dispute portal servers, how they gained access to 51 databases and extracted data from them for over 76 days in small increments to avoid detection.

Bandura Cyber Announces Strategic Partnership with Castra Consulting to Enable Automated Threat Intelligence Protection

Collaboration Will Fuse Advanced Threat Intelligence Gateway Technology with Castra’s mSIEM Managed Service Offering

Beginner’s Guide to IDS, IPS and UTM - What’s the Difference?

White Paper

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive de nitions; so let’s take a look at IDS, IPS and UTM through that lens.

Best practice Audit Policies - Windows OS

When configuring Windows to write audit logs for your SIEM, consider the following policies as a way to improve value over volume in your logging.

Cleanrooming Legacy Systems

The WCry worm threw into sharp relief how quickly the turnaround between exploit announcement and the use of said exploit in a high-profile attack can be: a vulnerability patched in March, with a public exploit shown in April, was used worldwide in early May.

Default Credentials Considered Harmful

The use of default credentials by vendors is an outdated, dangerous throwback to 20th century practices that has no business being used in today's world. It is this specific antique practice that is directly responsible for the existence of the record-breaking denial-of-service botnet recently used to censor Brian Krebs and the similar attack on OVH - these botnets only exist because default credentials were implemented on devices, in flagrant violation of best-practices when building appliances.

Early Thoughts on Krak

The news is coming out today about a core protocol-level flaw in WPA2-PSK named "KRAK" [a forced acronym for Key Renegotiation AttacK, the method by which connections can be compromised]

Egress Filtering

Egress filtering counteracts situations when the attacker is either seeking to sniff internal traffic that may be leaking outside the gateway or to provide a block against [and potentially notification of] so-called C2 traffic generated when an attacker has succeeded in infecting a system. Once egress filtering is put in place, your network will be far safer, and a much harder target for most attackers.

Happy Patch Tuesday

In today's batch of patches from Microsoft, there are several very important vulnerabilities, but there is one that is specifically critical for users of Alienvault installations.
Prev123Next

Beginner’s Guide to IDS, IPS and UTM - What’s the Difference?

White Paper

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive de nitions; so let’s take a look at IDS, IPS and UTM through that lens.More Info