Malicious actors operate command-and-control (C&C/C2) servers to interact with their victims’ computers. These C2 servers are intended to instruct the compromised PCs to do undesired things, such as stealing the user’s passwords, encrypting the files for ransom or attacking other computers on the network.
As a response to the growing number breaches involving CDNs, the first release of the Subresource Integrity (SRI) was published hastily in late 2015. The W3C WebAppSec Working Group decided to leave certain useful features out, in favour of an early release. Although SRI already does the job, there is some room for improvement with regards to user experience. The good news is that some of these features will be added to the next iteration of SRI.
The following article gives a brief, speculative overview of the upcoming features of Subresource Integrity.
Passwords suck, bit time. They should be unique per each website, and we are supposed to remember all of them. Password cards help to remember the myriad of passwords. Sadly, these cards are vulnerable to brute-forcing attacks and here is why.
This post introduces a tool called Munchkin, which is a wordlist generator for attacking passwords derived from password cards.
Forming a Computer Security Incident Response Team (CSIRT) is a complicated affair. It involves a certain combination of staff, processes and technologies.
Luckily, numerous incident management frameworks are available for the rescue. They all aim to provide a structured approach for establishing incident response teams in your organisation.
This post provides a general overview of the most popular incident management frameworks.
We learned from the previous article that SOCs/Incident Response teams should be looking for threats that represent high-level risks to the normal business activities.
We know the who, but how can we define what needs to be protected?
Assume your company has over a thousand business applications. They are hosted in multiple data centres as well as in the cloud. There are Windows and Linux hosts, and many of these are not patched of course. On top of that, nobody knows who owns them.
The following article cuts through this complexity and explains a simple approach.