October 1, 2014 | Garrett Gross

Bourne Again: Helping you see the light through the Shellshock exploit

A recently discovered hole in the security of the Bourne-Again Shell (bash) has the majority of Unix/Linux (including OS X) admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts with environment variables (this can include network equipment, industrial devices, etc.) Jaime Blasco, AlienVault…

September 24, 2014 | Kate Brew

My Favorite Color is “Five” Now

Six years ago I wrote a blog “My Favorite Color is Three.” It’s kind of sad - the situation with online applications using security questions for resetting your passwords, or Self Service Password Reset (SSPR) is still a horrific mess – really not that much better than it was six years ago. It’s just…

Get the latest security news in your inbox.

Subscribe via Email

September 18, 2014 | Kate Brew

Information Security in Higher Education: SANS Survey with Interesting Findings

SANS conducted a survey in June, Higher Education: Open and Secure?, where they surveyed almost 300 IT professionals in Higher Education. Based on the results, Higher Ed institutions clearly have information security concerns and priorities that are a bit different from those of the typical enterprise. You really can't "lock down" Higher Ed: the whole premise of higher education involves…

September 5, 2014 | Garrett Gross

Brute Force Attacks & How They’ve Been Used to Access Nude Celebrity Photos

Thanks to recent events involving certain celebrities’ stolen pictures, “brute-force attack” is now one of the hot buzz words making its rounds on the intertubez. However, if you asked most people, they probably couldn’t even hazard a guess as to what is actually involved in a brute force attack. As an IT professional - do…

August 27, 2014 | Garrett Gross

Close Encounters of the Nerd Kind - SQL Injection Attack Examples

Hi folks – thanks for checking out the first in a blog series I’m doing - ‘Close Encounters of the Nerd Kind”, which focuses on information security, hacking, and current threats out in the wild. The title was probably too easy of a joke, but “Dr. Botnet or: How to Learn to Stop Worrying and…

August 21, 2014 | Lauren Barraco

Defend like an attacker: Applying the cyber kill chain

Understanding the cyber kill chain gives you an advantage With the constantly evolving nature of most threats, it can be difficult to address every incident and alert that occurs in your environment. Effective incident response requires effective methods of prioritization: Deciding which alerts to focus on and in which order. In general, we’ve relied on a few standard…

August 15, 2014 | Jimmy Vo

Security Incident Handling and SIEM

It was 9:00 a.m. on a Wednesday morning and I was sitting in front of a testing computer. Laid across my small work area were five SANS 504 (Hacker Techniques, Exploits, and Incident Handling) books which were accessorized with colorful sticky tabs. As I answered questions regarding the security incident handling phases outlined by SANS my mind started wandering off, as…

August 11, 2014 | Fabrizio Siciliano

BadUSB: How To Do USB Device Detection with OSSEC HIDS and AlienVault USM

In a talk last week at Black Hat, a new form of malware that operates inside USB devices and can cause full system compromise with a self-replicating USB virus was discussed. With this type of evil associated with USBs, I thought to share a small how-to on detecting and alerting in AlienVault’s USM platform whenever a USB device …

July 23, 2014 | Kate Brew

Karl Hart, Security Analyst and AlienVault User

To get more of a practitioner’s view of AlienVault, I recently reached out to Karl Hart, IT Security Analyst and AlienVault user. Karl works at a privately-held financial institution in Ohio, and he is involved in every aspect of IT security. This includes incident response, vulnerability assessment, policies, procedures, and penetration testing. Since his company is privately held,…

July 8, 2014 | Branden Williams

PCI DSS Logging Requirements

When it comes to PCI DSS Logging Requirements, sometimes the most challenging requirements to meet are the ones that can be the easiest technically to achieve. In dealing with logging, every single system around has the capability to meet PCI DSS, but managing those logs and ensuring they are continually being generated can be challenging. The common problem that companies…

June 24, 2014 | Jimmy Vo

SANS Top 20 Critical Security Controls and Security Monitoring (SIEM)

While resources such as the SANS 20 Critical Controls are helpful, businesses of all sizes face similar struggles with building and maintaining their security programs and determining their critical security controls. This can be disastrous because motivated attackers may target organizations found to lack basic security controls. The deficiency in security controls is often attributed to: Lack of internal talent Lack…

June 19, 2014 | Xavier Mertens

Tracking Patient Zero

In medical science, the patient zero is defined as "the initial patient in the population of an epidemiological investigation” (Source: Wikipedia). Information security has many links with medical science, after all, the term “virus” is used in both worlds. Wikipedia defines virus as "a small infectious agent that replicates only inside the living cells of other organisms.…

Watch a Demo ›
Get Price Free Trial