7 min
Verizon DBIR
2017 Verizon Data Breach Report (DBIR): Key Takeaways
The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been
released (Updated here: https://www.verizon.com/business/resources/reports/dbir/
), once again providing a data-driven snapshot into what topped the cybercrime
charts in 2016. There are just under seventy-five information-rich pages to go
through, with topics ranging from distributed denial-of-service (DDoS)
to ransomware,
prompting us to spin a reprise ed
2 min
3 Simple Ways to Approach Content Security Policy
In the 2 previous posts about Content Security Policy, we talked about the main
reasons why you need to get started with CSP and the common problems that you
will run into. In this post, we will dive deeper into the 3 types of CSP
solutions.
Phased Approach
Because reports of violations can be overwhelming for both analysis and
performance reasons tCell recommends starting with the most critical directives
first (such as script-src and object-src which help prevent XSS) and a very
permissive s
5 min
Komand
Translating and Detecting Unicode Phishing Domains with Komand's Security Orchestration Platform
I don't know about you, but in the past few weeks, my news feed has been abuzz
with unicode domain names as phishing
URLs. The use of unicode
domain names is a version of a homograph attack applied using International
Domain Names (IDN).
The underlying problem is that it’s difficult to visually distinguish some
unicode characters from ASCII ones. Luckily, Chrome and Firefox have stopped
converting domain names
2 min
Komand
Asia Cybersecurity Event Calendar [Free Shared Google Calendar]
Cybersecurity events and conferences are ways for the infosec community to
connect and share their knowledge. We’ve provided an extensive calendar of
events for US cybersecurity events
,
and now we are pleased to present the latest and upcoming events in other
regions of the world. This time though, we’re taking it international with an
Asia cybersecurity events list and shared calendar!
The Asian continent is home to
11 min
Komand
A Privacy Stack for Protecting Your Data
Over the years, there have been a number of incidents that have raised my
security-guy neck hairs. Every time something crops up, I get a bit more worried
about where my data lives, and who is privy to it that I don’t know about.
Most recently, we have the dismantling of privacy rules that protect our
information from being wantonly sold off by our ISPs, even more in depth
searching at US borders, large scale sweeping up of people and associated
electronic devices at occurrences of civil unrest
3 min
Vulnerability Disclosure
R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)
Summary
Due to a reliance on cleartext communications and the use of a hard-coded
decryption password, two outdated versions of Hyundai Blue Link application
software, 3.9.4 and 3.9.5 potentially expose sensitive information about
registered users and their vehicles, including application usernames, passwords,
and PINs via a log transmission feature. This feature was introduced in version
3.9.4 on December 8, 2016, and removed by Hyundai on March 6, 2017 with the
release of version 3.9.6.
Affec
5 min
Microsoft
Actionable Vulnerability Remediation Projects in InsightVM
Security practitioners and the remediating teams they collaborate with are
increasingly asked to do more with less. They simply cannot remediate
everything; it has never been more important to prioritize and drive
remediations from start to finish.
The Remediation Workflow capability in InsightVM
was designed to drive more
effective remediation efforts by allowing users to project manage efforts both
large and small. Remediation Workflow is designed
4 min
CIS Controls
The CIS Critical Security Controls Explained - Control 6: Maintenance, Monitoring and Analysis of Audit Logs
In your organizational environment, Audit Logs are your best friend. Seriously.
This is the sixth blog of the series based on the CIS Critical Security Controls
. I'll be
taking you through Control 6: Maintenance, Monitoring and Analysis of Audit
Logs, in helping you to understand the need to nurture this friendship and how
it can bring your information security program to a higher level of maturity
while helping gain visibilit
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - the ISO Standard on Incident Handling
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
and later in this article
I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Planning for and Detection of Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
and later in this article
I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Assessment and Responding to Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
and later in this article
I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
and later in this article
I
start
3 min
Content Security Policy: Newer CSP Directives & Common Problems
Content-Security-Policy (CSP) Versions 2.0 & 3.0
Content Security Policy is still
very dynamic in its definitions. Reporting is handled differently and new
directives are being added, some are being renamed, and others the definition is
being refined.
Some notable additions to the original:
Frame-Src & Child-Src – In CSP v1 frame-src defined what domains your site is
allowed to frame. This is to prevent an attacker from creating an iframe which
r
3 min
Metasploit
Metasploit Wrapup: 4/20/17
Editor's Note: While this edition of the Metasploit Wrapup is a little late (my
fault, sorry), we're super excited that it's our first ever Metasploit Wrapup to
be authored by an non-Rapid7 contributor. We'd like to thank claudijd
-long-time Metasploit contributor, Mozilla
security wrangler, and overall nice guy - for writing this post. If other
Metasploit contributors want to get involved with spreading the word, we want to
hear from you!
We should be back on trac
2 min
Endpoint Security
Live Vulnerability Monitoring with Agents for Linux
A few months ago, I shared news of the release of the macOS Insight Agent.
Today, I'm pleased to announce the availability of the the Linux Agent within
Rapid7's vulnerability management solutions
. The arrival of the
Linux Agent completes the trilogy that Windows and macOS began in late 2016. For
Rapid7 customers, all that really matters is you've got new capabilities to add
to your kit.
Introducing Linux Agents
Take advantage of the