Collaborate Disseminate
At their core, information security and compliance seem like topics that should go hand in hand: InfoSec deals with the daily functions of identifying and responding to threats, while compliance includes responsibilities of implementing IT security con… Continue reading Integrating SIEM Within Compliance Programs
On 9 May 21, the Federal Bureau of Investigation (FBI) issued a statement regarding a network disruption at Colonial Pipeline, one of the largest fuel pipelines servicing the eastern United States. Following immediate operational shutdowns and further … Continue reading Ransomware Detection and Mitigation Strategies in OT/ICS Environments
TL;DR First and foremost, apply patches to the Exchange infrastructure. Assume compromise. It’s been reported that the attackers launched a massive compromise attack against 60,000+ Exchange Servers before patches became available, and many other attac… Continue reading A Guide to Detecting Microsoft Exchange Zero-Day Exploits
TL/DR Methods to detect when a certificate is exported from a Windows system are discussed in detail below using the audit log “Certificate Services Lifecycle Notifications” and collecting the log messages with “MS Windows Event Logging XML – Generic” … Continue reading Windows Certificate Export: Detections Inspired by the SolarWinds Compromise
Attacks made against telcos and internet service providers (ISPs) have steadily risen. Distributed denial of service (DDoS) attackers launched an 11-day attack against a Chinese telco in 2017 — breaking the DDoS record that year. That same year, Kasper… Continue reading Telecommunication Security Use Cases