August 28, 2014 | Jaime Blasco

Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks

A few days ago we detected a watering hole campaign in a website owned by one big industrial company. The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing. The attackers were able to compromise the website and include code that loaded a…

August 27, 2014 | Garrett Gross

Close Encounters of the Nerd Kind - SQL Injection Attack Examples

Hi folks – thanks for checking out the first in a blog series I’m doing - ‘Close Encounters of the Nerd Kind”, which focuses on information security, hacking, and current threats out in the wild. The title was probably too easy of a joke, but “Dr. Botnet or: How to Learn to Stop Worrying and…

Get the latest security news in your inbox.

Subscribe via Email

August 21, 2014 | Lauren Barraco

Defend like an attacker: Applying the cyber kill chain

Understanding the cyber kill chain gives you an advantage With the constantly evolving nature of most threats, it can be difficult to address every incident and alert that occurs in your environment. Effective incident response requires effective methods of prioritization: Deciding which alerts to focus on and in which order. In general, we’ve relied on a few standard…

August 15, 2014 | Jimmy Vo

Security Incident Handling and SIEM

It was 9:00 a.m. on a Wednesday morning and I was sitting in front of a testing computer. Laid across my small work area were five SANS 504 (Hacker Techniques, Exploits, and Incident Handling) books which were accessorized with colorful sticky tabs. As I answered questions regarding the security incident handling phases outlined by SANS my mind started wandering off, as…

August 11, 2014 | Fabrizio Siciliano

BadUSB: How To Do USB Device Detection with OSSEC HIDS and AlienVault USM

In a talk last week at Black Hat, a new form of malware that operates inside USB devices and can cause full system compromise with a self-replicating USB virus was discussed. With this type of evil associated with USBs, I thought to share a small how-to on detecting and alerting in AlienVault’s USM platform whenever a USB device …

August 6, 2014 | Kate Brew

Black Hat 2014 - AlienVault Booth Action

Day 1 starts out with Shanel Vandergriff getting a fairly #AwkwardHug from Jayson Street early in the morning in the booth. Jayson hacked his way into Black Hat before opening time to administer the hug. His tactic: approach the conference guard and engage in conversation, reducing the suspicion that he was hacking in. Score one Jayson. We had many visitors who…

July 29, 2014 | Russ Spitler

BYOD – shedding the last illusion of control

Many years ago, organizations relied solely on perimeter-based devices to provide their basic security control. Poorly designed business services (mainframe/internal websites/email/etc.) were 'protected' by perimeter-based systems that restricted access. We used firewalls of one form or another to make sure only ‘authorized’ users accessed the systems. This was in a large part possible by the…

July 25, 2014 | Jaime Blasco

Attackers abusing Internet Explorer to enumerate software and detect security products

During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim’s system using Internet Explorer. In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for…

July 23, 2014 | Kate Brew

Karl Hart, Security Analyst and AlienVault User

To get more of a practitioner’s view of AlienVault, I recently reached out to Karl Hart, IT Security Analyst and AlienVault user. Karl works at a privately-held financial institution in Ohio, and he is involved in every aspect of IT security. This includes incident response, vulnerability assessment, policies, procedures, and penetration testing. Since his company is privately held,…

July 8, 2014 | Branden Williams

PCI DSS Logging Requirements

When it comes to PCI DSS Logging Requirements, sometimes the most challenging requirements to meet are the ones that can be the easiest technically to achieve. In dealing with logging, every single system around has the capability to meet PCI DSS, but managing those logs and ensuring they are continually being generated can be challenging. The common problem that companies…

July 2, 2014 | Patrick Bedwell

Internet of Things – It’s Not About Your Fridge

(This is the first in an occasional series of blogs on IoT. Over the next few months I’ll cover various topics, such as how your network will look different in an IoT world, how to get started preparing for IoT, where in your network the devices most likely show up first (if they’re not already there),…

June 30, 2014 | Barmak Meftah

The CFO’s IT security checklist: How to invest wisely in protecting your organization

When I think about all of the people involved in managing risk and making security decisions in an organization these days, the guy who may now have the toughest role is the CFO. For the rest of us, investing in security technology looks like it should be a relatively easy decision: “Yes, we must have it.” But the…

Watch a Demo ›
Get Price Free Trial