One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 984743 |
| Date de publication | 2019-01-10 14:00:00 (vue: 2019-01-10 15:04:50) |
| Titre | Top 12 Blogs of 2018 |
| Texte |
Time to look back on the top AlienVault blogs of 2018! Here we go:
A North Korean Monero Cryptocurrency Miner by Chris Doman
Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions. Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies. The Installer we’ve analysed above may be the most recent product of their endeavours.
VLAN Hopping and Mitigation by Pam
This type of exploit allows an attacker to bypass any layer 2 restrictions built to divide hosts. With proper switch port configuration, an attacker would have to go through a router and any other layer 3 devices to access their target. However, many networks either have poor VLAN implementation or have misconfigurations which will allow for attackers to perform said exploit. In this article, I will go through the two primary methods of VLAN hopping, known as 'switched spoofing', and 'double tagging'. I will then discuss mitigation techniques.
DNS Poisoning and How To Prevent It by Jeff Thompson
The first thing to understand about DNS 'poisoning' is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are "cached", or stored, into a database which can be queried in almost real-time to point names like 'hotmail.com' or 'google.com' to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER - if that's your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of '255' within each octet.]
4 SIEM Use Cases That Will Dramatically Improve Your Enterprise Security by Stephen Roe
Companies both large and small must plan to protect their data. Failing to do so puts you at risk for financial trouble, legal liability, and loss of goodwill.
Make sure to deploy SIEMs to prevent such misfortunes befalling your business. If you know how to put them to use, SIEMs provide value out of the box. Here’s a quick recap on how SIEMs can benefit you with a few clicks.
Prevent SQL injection attacks by keeping an eye on the health of your systems. This will keep you ready if and when attacks do happen.
For handling watering hole intruders, SIEMs make it easy to monitor suspicious communication hinting at an attack in progress.
If you’re worried about malware infection, commun |
| Envoyé | Oui |
| Condensat | “i’ve “they ‘collateral 000 2018 2019 509 : web about about $150 access across actions advances adversary against also analysis: we analyzed any plausible attack attackers attacks attempting attention authentication: available based because been been estimated in before being below biggest billions blogs brute but can care caused centralized chris cloud collateral collected communication community compromised computing conflates consideration contextually control could crackable: parties cracked cracking crypto cryptography currency cy: risk cyber damage damage by damage’ decrypting deniability of destructive details different disclose discovery doesn’t dollars doman dprk dprk’s drafts dragnet draw encrypted encryption enough equipment especially espionage even evidence linking exchange exchange: to excuse executable expensive exploits family famous first forces from future generate globally got group guess hackers hacking hard harder has have help hide” hide”: people hosted how human hypothetically ids: an impersonation impractical increasing incredibly information infosec insecurely internet: invalid investigative/discovery is strong isn’t itself key keys know known korea korean lazarus leadership length leverages likely local long look made malware manner many massminer matching may message messages messaging microsoft mining more most must network networking networks new non north not nothing number once one only operating originating out overexposure: using overhead: dns participate party perhaps pgp plaintext possible privacy private privately propagate public publicly purposes quantum reportedly repudiation required right rsa sacrifice safe scale securely sender’s servers servers by services shared short shortened sign signed signing simply single size spread spreads spy sql stands start storage: drafts store stored surprised surveillance surveilled targeted targeting technical technology term termed third thought three through thus tools top total transferred trends trust two usage use used using variety wannacry want we’ve web well whilst wider will within without work workflow: group worm worthy writing your |
| Tags | Malware Guideline |
| Stories | Wannacry APT 38 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.