BlackWater Campaign Linked to MuddyWater Cyberspies

A recently discovered campaign shows that the cyber-espionage group MuddyWater has updated tactics, techniques and procedures (TTPs) to evade detection, Talos’ security researchers report.  MuddyWater was first detailed in 2017 and has been highly active throughout 2018. The cyber-spies have been focused mainly on governmental and telco targets in the Middle East (Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon) and nearby regions (Azerbaijan, Pakistan and Afghanistan). The recently observed campaign, which Talos…

May 21, 2019
Read More >>

Answering Tough Questions About Network Metadata and Zeek

We often receive questions about our decision to anchor network visibility to network metadata as well as how we choose and design the algorithmic models to further enrich it for data lakes and even security information and event management (SIEMs). The story of Goldilocks and the Three Bears offers a pretty good analogy as she stumbles across a cabin in the woods in search of creature comforts that strike her…

May 8, 2019
Read More >>

Qakbot Trojan Updates Persistence, Evasion Mechanism

The Qakbot banking Trojan has updated its persistence mechanism in recent attacks and also received changes that potentially allow it to evade detection, Talos’ security researchers say.  Also known as Qbot and Quakbot, the Trojan has been around for nearly a decade, and has received a variety of changes over time to remain a persistent threat, although its functionality remained largely unaltered.  Known for the targeting of businesses to steal…

May 6, 2019
Read More >>

Flaws in D-Link Cloud Camera Expose Video Streams

Vulnerabilities in the D-Link DCS-2132L cloud camera can be exploited by attackers to tap into video or audio streams, but could also potentially provide full access to the device.  The main issue with the camera is the fact that no encryption is used when transmitting the video stream. Specifically, both the connection between the camera and the cloud and that between the cloud and the viewing application are unencrypted, thus…

May 6, 2019
Read More >>

SOAR: Doing More with Less

Security orchestration, automation and response model has many benefits, including some that are unintended Security teams in every industry and vertical are facing a common set of challenges. Namely, defending against an endless stream of cyberattacks, having too many security tools to manage, dealing with overwhelming workloads, and having a shortage of skilled security analysts. Most enterprises try to solve these challenges the old-fashioned way — by adding more tools…

April 26, 2019
Read More >>

Gaining Control of Security and Privacy to Protect IoT Data

Internet traffic growth is unrelenting and will continue to expand exponentially, in large part, due to Internet of Things (IoT). The amount of data being generated is staggering, with 5 quintillion bytesof data produced and transmitted over the Internet, daily.   Virtually every industry is going to be impacted by IoT. The vast amounts of data that devices, apps and sensors create, collect and consume are a real challenge for…

April 24, 2019
Read More >>

How Microsegmentation Helps to Keep Your Network Security Watertight

A submarine operates in hazardous conditions: in the ocean depths, even a small breach of its hull could spell disaster for the vessel and its crew. That’s why submarine designers don’t just rely on the strength of the outer skin for protection. The interior is segmented into multiple watertight compartments, with each capable of being closed off in the event of an emergency so that the rest of the boat…

April 24, 2019
Read More >>

Through the Executive Lens: Prioritizing Application Security Vulnerabilities

It’s an old axiom in the security business that your security is only as good as your weakest link. Today, as the number of security threats and attack vectors continues to grow, so too does the number of tools security teams have at their disposal to find and block them. Also growing is the pile of data that security teams must sift through to identify where their systems might be…

March 28, 2019
Read More >>

Next Generation Firewalls are Old News in the Cloud

Having been in the security field for many years, long enough that I’ve seen the firewall be replaced with the “Next Generation Firewall.” What was special about this change was that it signaled a big milestone as we went from a model that focused on IP addresses to one that targeted applications, users and content. This major shift provided a lot more visibility and context on what was being protected….

March 27, 2019
Read More >>

Trojan Horses for the Mind, Part 2 of Building Impactful Security Awareness Messaging

In late 2018, I wrote about how we can use Trojan Horses for the mind when it comes to shaping messaging and creating an influential awareness campaigns. In other words, the way we design and deliver our messages can become a Trojan Horse that can sneak past a user’s mental defenses. Why is this important? Here’s why: the concept of “security awareness” can suffer from a fatal flaw; what I…

March 27, 2019
Read More >>