Anton on Security

JANUARY 12, 2022

but more on this a bit later… So let’s talk about what’s to the left and to the right of SIEM. But, yes, if the inputs are dirty and/or the outputs drop on the floor, SIEM cannot succeed, no matter what the SIEM vendor says or does. Ultimately, I believe that success with SIEM means succeeding with what’s left and what’s right.

Data collection 243

Data collection Architecture Software Media 243

Daniel Miessler

SEPTEMBER 12, 2021

Right, so with that out of the way, here’s what struck me with this list, along with some comments on building lists like this in general. Right, so with that out of the way, here’s what struck me with this list, along with some comments on building lists like this in general. Or are we just saying we should generally log?

Software 364

Software Information Security 364

Troy Hunt

FEBRUARY 19, 2023

So, what's happening? When an invoice is paid, the callback looks something like this: HIBP has received this call and updated it's own DB such that for a new customer, they can now retrieve an API key or for an existing customer whose subscription has renewed, the API key validity period has been extended. suboptimal: Dammit!

Firewall 336

Firewall Internet Internet Risk 336

Anton on Security

SEPTEMBER 21, 2023

Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Contrary to what some may think, a detection and response (D&R) success is more about the processes and people than about the SIEM. This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.

Engineering 221

Engineering Threat Detection Marketing Internet 221

Duo's Security Blog

MAY 9, 2024

Challenge with sessions When a user logs in to a new application, the website sends a cookie that is stored in the browser. But over time, that trust might degrade as users move locations, devices become infected with malware, or new signals show that the current user is not the same one that initially logged in.

Risk 142

Risk Passwords Accountability Malware 142

The Last Watchdog

FEBRUARY 5, 2024

Exchange server ordeal Take what recently happened to iConnect Consulting , a San Francisco-based supplier of Laboratory Information Management System ( LIMs ) consulting services. Exhaustive data recovery attempts using logs, databases and Exchange shell prompts proved futile. Related: The need for robust data recovery policies.

Risk 264

Risk Backups Software Education 264

The Last Watchdog

OCTOBER 23, 2023

And now, early adopters of security data lakes like Snowflake are saving more than two-thirds of what they were paying for their Splunk license. For detection engineers to efficiently identify and thwart potential threat actors, the data logging and analytics layers need to be decoupled.

Architecture 261

Architecture Threat Detection Engineering Data collection 261

Anton on Security

MARCH 7, 2024

And, gods, please, no AI-DR… At the same time, you can send Zeek data into a SIEM (“poor person’s NDR”), you can send sysmon there too (“poor person’s EDR”), you can load up on cloud logs to recreate some form of CDR too. We needed EDR because endpoint detection and response cannot be reduced to logs. Pondering ?DR but I digress).

Threat Detection 130

Threat Detection Technology IoT Marketing 130

Anton on Security

JANUARY 20, 2022

API-based log collection seemed new and weird back in the day ( “why can’t they do UDP 514 syslog like normal people?” Do the SIEM operators today feel they got what was promised? If you are curious, what did people care about those days? With this post, I wanted to briefly reflect on this ominous anniversary. Where do we begin?

Technology 211

Technology Engineering Data collection Firewall 211

Schneier on Security

OCTOBER 21, 2021

But there is a good chance that IT, when implementinthe new push-based MFA, instructed them as to what they needed to do to successfully log in, but failed to mention what they needed to do when they were not logging in if the same message arrived. His organization had been hit by ransomware to the tune of $10M.

Authentication 336

Authentication Ransomware Social Engineering Engineering 336

Anton on Security

SEPTEMBER 3, 2021

What if we don’t look at XDR from either EDR or SIEM angle, but we look at it from first principles? Namely, what kind of detection and response toolset would you like to have in your life ? I did tend to treat every technology that analyzes log files and perhaps other similar telemetry as a SIEM. 1990s… What then?

Technology 214

Technology Threat Detection Marketing Cybersecurity 214

The Last Watchdog

JANUARY 30, 2024

That initial broadcast or beaconing message is often a simple one, announcing the equivalent of “I’ve been installed successfully, what’s the next step? That initial broadcast or beaconing message is often a simple one, announcing the equivalent of “I’ve been installed successfully, what’s the next step?”

Malware 140

Malware Threat Detection Technology Media 140

Krebs on Security

FEBRUARY 9, 2024

George discovered that after logging in with a regular customer account, Juniper’s support website allowed him to list detailed information about virtually any Juniper device purchased by other customers. Sunnyvale, Calif. Logan George is a 17-year-old intern working for an organization that uses Juniper products.

Artificial Intelligence 281

Artificial Intelligence Healthcare Accountability Banking 281

Troy Hunt

FEBRUARY 4, 2024

Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API. Yep, that's exactly what it is : The Spoutible API enabled any user to retrieve the bcrypt hash of any other user's password. Is that genuinely a bcrypt hash of my own password?

Passwords 363

Passwords Accountability Backups Data breaches 363

Troy Hunt

JANUARY 20, 2024

" The answer is easy: because that's what the vast majority of people want me to do: If I have a MASSIVE spam list full of personal data being sold to spammers, should I load it into @haveibeenpwned ? References Sponsored by: Report URI: Guarding you from rogue JavaScript!

Data breaches 239

Data breaches Passwords 239

Anton on Security

JULY 7, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ). Now, go and read the report! Now, go and read the report!

Cybersecurity 246

Cybersecurity Cryptocurrency Ransomware Education 246

Schneier on Security

MARCH 30, 2021

It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it will inventory the rest of the apps on your phone, for instance).

Malware 291

Malware Manufacturing Encryption Government 291

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Some of the many notifications Patel says he received from Apple all at once. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space.

Passwords 346

Passwords Accountability Engineering Phishing 346

The Last Watchdog

OCTOBER 17, 2023

Here’s the exchange, edited for clarity and length: LW: What are tech giants like Microsoft, Google and now Cisco doing in the SIEM space? What was behind the emergence of these advances? Related: Will Cisco flub Splunk? Last Watchdog engaged Gurucul CEO Saryu K. Nayyar in a discussion about the wider implications of this deal.

Marketing 306

Marketing Cloud Migration Threat Detection Firewall 306

Google Security

APRIL 30, 2024

Where it is not possible to prevent the theft of credentials and cookies by malware, the next best thing is making the attack more observable by antivirus, endpoint detection agents, or enterprise administrators with basic log analysis tools. Export the event logs to your backend system. against theft.

Passwords 90

Passwords Malware Encryption System Administration 90

Pen Test Partners

APRIL 30, 2024

It was when we attempted this that we hit a roadblock: it wanted us to use MFA: Figure 1: MFA required for SSO Step 1: Bypass the MFA Our first port of call was a classic MFA bypass that regularly works against Azure if you make Azure think that you’re logging in from Linux then it won’t always require MFA. Safari/537.36

Authentication 145

Authentication Passwords Accountability Engineering 145

Troy Hunt

MARCH 31, 2021

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. I stood up a website and just logged requests. Every request resulted in a 404, but every request also went into a standard Azure App Service log.

Technology 363

Technology Mobile Internet Internet 363

Troy Hunt

AUGUST 11, 2023

This was an awesome idea and I can't wait to show you what they've built with them. Stay tuned for that one, what he's done with this looks so cool 😎 References Sponsored by: Secure your assets, identity and online accounts with our award-winning ID theft protection. So about those domain searches.

Education 167

Education Accountability 167

Anton on Security

APRIL 28, 2022

What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). Q: When do you think the industry will understand what XDR entails? Q: When do you think the industry will understand what XDR entails? Q: How do you define ‘XDR’ and what role does SIEM play here?

Threat Detection 189

Threat Detection Technology VPN Architecture 189

Anton on Security

MARCH 28, 2023

I used to say SIEM and SOAR, then I said SIEM/SOAR, and now I just say SIEM, but really mean an SIEM/SOAR combination , because ultimately this is what a vast majority of organizations are buying today. OK, let’s start our analysis using this mini-framework I just created: What problems have you solved with SIEM historically?

Threat Detection 100

Threat Detection Banking Technology Risk 100

Anton on Security

MAY 19, 2022

To start, let’s remind our audience what we mean by threat detection and detection and response. However, new and rich sources of telemetry may be available ( Cloud Audit Logs are a great example here). Pervasive encryption hampers layer 7 traffic analysis, while public APIs rewrite the rules on what a perimeter is.

Threat Detection 299

Threat Detection Technology Backups Data breaches 299

Adam Levin

DECEMBER 17, 2021

Here’s a quick breakdown of what it means for internet users. What is Log4J? Log4J is an open-source software tool used to log activity on internet-based services and software. What can the average internet user do? The post Log4J: What You Need to Know appeared first on Adam Levin. Is the vulnerability patched?

Internet 208

Internet Internet System Administration Software 208

Anton on Security

DECEMBER 15, 2022

Q: If not called SOC, would you like to share what you have named the team? What can you propose to find skilled people for these roles faster? What you do is start to select, train and motivate your analysts to explore outside of passing the alerts around. More details on this are provided in the original ASO paper.

Engineering 312

Engineering Risk Technology Information Security 312

The Last Watchdog

APRIL 8, 2024

And to some extent, they don’t always deal with the reality of what the situation really is. What they fail to realize is that the Board does not truly understand the risk of the situation and since nothing has happened up until that point, why would it happen now? Here’s that exchange, edited for clarity and length.

CISO 210

CISO Risk Cybersecurity Insurance 210

The Last Watchdog

SEPTEMBER 20, 2021

Back in the day, people would look externally to try to figure out what was going on internally,” Gerchow told me. And now you’ve got to somehow get at the root of code, within code, using tools to help define what you’re looking at. An array of promising security trends is in motion. Related: 5 Top SIEM myths. Fast forward to 2021.

Cloud Migration 205

Cloud Migration Software Architecture Engineering 205

Anton on Security

MAY 27, 2021

A SOC Tried To Detect Threats in the Cloud … Your Won’t Believe What Happened Next Now, we all agree that various cloud technologies such as SaaS SIEM help your Security Operations Center (SOC). Egress costs are there sometimes , especially if you want to move the logs from one cloud to another for analysis. Thought so!

Cloud Migration 170

Cloud Migration Architecture Technology Government 170

Malwarebytes

SEPTEMBER 10, 2023

A mishap has resulted in security feeds and camera logs from home cameras being temporarily visible online. It does not go into more detail than what’s already been revealed above: This was a web caching issue and is now resolved. It didn’t take long before other people started reporting the same thing.

Marketing 124

Marketing Risk Cybersecurity Network Security 124

Malwarebytes

MARCH 26, 2024

Of those users that weren’t logged in when they watched those videos between January 1 and 8, 2023, the authorities asked for the IP addresses. But asking for data of that many viewers, many of which we can assume to be innocent bystanders, goes against what privacy experts believe to be reasonable.

VPN 145

VPN Surveillance Mobile Accountability 145

eSecurity Planet

NOVEMBER 10, 2023

Log monitoring is the process of analyzing log file data produced by applications, systems and devices to look for anomalous events that could signal cybersecurity, performance or other problems. Customer Loyalty and Trust: Effective log monitoring promotes an uninterrupted user experience, helping to ensure customer trust and loyalty.

Risk 111

Risk Threat Detection Firewall Network Security 111

CyberSecurity Insiders

JULY 19, 2021

Many MSSP’s use SIEMs and other log management/aggregation/analysis solutions for cybersecurity visibility, but is log analysis enough? Let’s take a quick look at what we get from logs, and what we don’t get from logs. Logs by their very nature are a view into the past.

Cybersecurity 139

Cybersecurity Ransomware 139

SecureList

MAY 27, 2024

What’s more, in scam 2.0 Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we’ve seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. This is known as scam 2.0

Scams 90

Scams Phishing Accountability Banking 90

Approachable Cyber Threats

FEBRUARY 12, 2024

What exactly is SOC 2?” This is what your customers and partners likely care about when deciding whether to use your product. So what should I do?” Centralized Logging You’ve locked down your access and made sure any changes pushed to your environment are tested and approved - now you need to monitor those controls.

Mobile 106

Mobile Cybersecurity Risk Accountability 106