Collaborate Disseminate
If some security measure serves only to add an extremely small barrier to an attack, are there generally accepted principles for deciding whether that measure should be retained?
Does defence in depth advocate that any hurdle (no matter ho… Continue reading Security in depth vs security theatre
Documents such as driving license, financial statements etc. with a lot of PII, how big is the risk of storing such type of documents on the shared external storage on android?
Assumptions:
Android device is encrypted but the individual f… Continue reading What are the security risks of storing sensitive documents on your android devices’s external storage?
The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense Assistance Imperative Lessons from Ukraine.”
Its conclusion:
Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others. But this is not the end of the road—the ability to provide cyber defense assistance will be important in the future. As a result, it is timely to assess how to provide organized, effective cyber defense assistance to safeguard the post-war order from potential aggressors…
Since there are quite a few exploits of Intel ME firmware in the CPU (same applies to AMD), I would like to know what SIEM solutions are there for detecting these kinds of attacks.
To be more exact, I would like to know how to detect known… Continue reading How do you detect attacks on Intel ME firmware and the AMD equivalent?
https://lolbas-project.github.io/
Realistically, do we still need to block cmd.exe or certutil.exe in Windows firewall, on latest version of Windows? Lolbins are for Linux too but my question is only for Windows.
There are Attack Surface R… Continue reading Is it still recommended to block Living Off The Land Binaries (LOLBins) in Firewall?
We’re managing a shared hosting environment of Wordpress websites on a web server.
Each site has its own database password and FTP password, both are randomly generated and stored in AWS ParameterStore (not secrets manager for cost reasons… Continue reading Reuse credentials if same data in same security environment
I would like to monitor some COM object/interfaces to identify if a program is using them.
I only managed to monitor the associated DLL loading (with Microsoft-Windows-Kernel-Process) but I can’t go any further. I used python but I also di… Continue reading Is it possible to monitor COM class/interface by using ETW
With a focus on complex electronic crimes, attacks, and intrusions at the national, state, and local levels, the Digital Forensics for National Security Symposium facilitates discussions among defense, intelligence, government, industry, nonprofit, and… Continue reading Preparing for an Advanced Cyber Battlefield: The Digital Forensics for National Security Symposium
A technical problem has arisen, and the vendor’s first suggested solution is to exclude the program’s folders from our antivirus. There are multiple reasons I am hesitant to do so:
Primarily: If a malicious file finds its way into those f… Continue reading Is it acceptable to exclude folders in antivirus?
In a web-based SaaS product, one of the configuration pages allows users to set credentials for system-wide integrations with other products. These include usernames, passwords, and API secrets.
The sensitive fields are set as type="p… Continue reading Normative reference for a web application disclosing existing values of integration secrets to users