StealthWatch Labs Blog
POSTED BY Brandon Tansey on 10.15.2014
A few short weeks ago, the details of the Shellshock vulnerability were made public. Since the bug was published, we’ve seen all kinds of scanning activity on the Internet. Some of these scans were benign scans by researchers, but others were distributing malware. We were immediately curious about...
POSTED BY Brandon Tansey on 09.25.2014
On Wednesday afternoon, the details behind CVE-2014-6271 were published to the OSS-Sec mailing list. Shortly after that, the bug that is now being called “Shellshock” took off. Troy Hunt put together another write-up worth reading (the comments have some good information as well), but in short:...
POSTED BY Tom Cross on 09.17.2014
One of the concerns that has been raised about the Heartbleed vulnerability is that it was introduced into the OpenSSL code base several years ago, and it’s possible that some attackers were aware of it and launching attacks before it was publicly disclosed this week. Unfortunately, the attack,...
POSTED BY Tom Cross on 09.05.2014
In the last several installments of this blog post series, we spent some time talking about 1) the different types of insider threats, 2) how to combat each one, and 3) how network logs can play a vital role in thwarting all of the various insider threat actors. Below is a Top 10 List recapping...
CATEGORIES: 
POSTED BY Tom Cross on 08.21.2014
In Part 2 of this blog series, we discussed various security tools that can be used to detect and subvert the different classes of insider threats. While each type of insider threat requires different security measures, one technique that can help tremendously across the board is the monitoring of...
POSTED BY Tom Cross on 08.05.2014
Last year Edward Snowden revealed that the NSA is collecting the telephony metadata of millions of Americans. This revelation has sparked a debate about the power of metadata. Supporters of the program have attempted to reassure the public that their privacy is not being violated because the...
POSTED BY Tom Cross on 08.04.2014
Part 1 of this blog post series explained the various types of insider threats lurking on enterprise networks. Due to their variant characteristics, each type requires a separate set of security controls. In this post we outline the different defensive measures that can be put into place to address...
POSTED BY Tom Cross on 07.28.2014
In a recent survey conducted by Lancope , the insider threat was a major concern for respondents, with 40 percent citing it as a top risk to their organization. Recent news events such as the WikiLeaks disclosures have also brought the insider threat into focus. But what do people really mean when...
POSTED BY Brandon Tansey on 06.12.2014
Earlier this month, the U.S. Department of Justice issued a press release announcing a criminal complaint against “a leader of a tightly knit gang of cyber criminals based in Russia and Ukraine that is responsible for the development and operation of both the Gameover Zeus and CryptoLocker schemes...
POSTED BY on 05.16.2014
Using IOCs to uncover advanced attacks This week, FireEye produced a report on “Operation Saffron Rose,” a cyber espionage campaign launched by an Iranian hacking group known as the Ajax Security Team. In the report, FireEye notes that Iranian hackers are quickly transitioning from hacktivism in...
CATEGORIES: 

Pages