Securitybeat

Community service to promote awareness of emerging security threats and best practices.

Tag: Heartbeat

Normal SLA for situational awareness.

  • Crowdstrike Learns Application Security Lessons Learned

    tqgthmmy

    Crowstrike has published the much-anticipated technical postmortem regarding the global outage on July 19th caused by the faulty Falcon EDR running on Microsoft Windows. The report highlighted six lessons learned. Immediate next step is to engage two independent third-party software security vendors. In a nutshell, the solution relies on parameters which were not properly validated.… Read more

  • SnakeKeylogger Infection Spreading

    tqgthmmy

    ,

    The Register highlighted an alert from Fortinet’s FortiGuard Labs this month regarding increased detections of SnakeKeylogger, a keyboard logger. SnakeKeylogger, aka KrakenKeylogger, is a Microsoft .NET-based stealer already known for credential theft and keylogging capabilities.  Read more

  • SLUBStick New Linux Kernal Cross-Cache Attack

    tqgthmmy

    ,

    A hypothetical attack to a kernel vulnerability is worth monitoring. As SecureWeek suggests, a new demonstrated Linux Kernal Cross-Cache Attack raises the threat level to dangerous. According to researchers from Graz University of Technology, tests prove the attack to be successful 99% of time – up from 40% of other known heap attacks. No solution… Read more

  • Microsoft DDoS Protection Pours Fuel on the DDoS Fire

    tqgthmmy

    ,

    According to Bleeping Computer, a nine-hour global outage in Microsoft services was attributed to a distributed denial of service attack and an implementation flaw in their DDoS Protection services. A Microsoft report on ID KTV1-HWS states that the Azure Front Door (AFD) and Azure Content Delivery Network (CDN) first detected the availability issue. Unfortunately, error… Read more

  • Legislation to Fund Cybersecurity Apprentices

    tqgthmmy

    Cyberscoop highlighted legislative developments in the US Senate on the Cyber Ready Workforce Act to award grants to organizations that support the creation, implementation, and expansion of registered cybersecurity apprenticeship programs. Apprenticeship programs are to build on the NICE Framework, created to build a Cyber ready workforce. Read more

  • Data Breach Cost Jumps

    tqgthmmy

    ,

    Help Net Security recently discussed the findings from IBM, raising the average cost of a data breach to $4.88 million. The majority (70%) of surveyed organizations reported significant to very significant impact. While the root cause for the impact certainly varies, a big concern is staffing. Many believe the innovative automation, such as the application… Read more

  • Phish Swim through Misconfigured Email Relays

    tqgthmmy

    The Register reports of a successful attack on Proofpoint’s email filtering systems using spoofed emails of Proofpoint’s largest, most well-known customers. Proofpoint later clarified the nature of the vulnerability. Read more