Another week, another trove of articles I read so that I could bring you only the best. Because that’s just the kind of person I am. You’re welcome.
A SOCless detection team
I can’t remember if I shared this article a few months back, and I’m too lazy to go take a look - but it’s worth revisiting.
We don’t talk about threat detection and response without mentioning a SOC in the same breath. But a SOC is just one mechanism to facilitate the desired outcome. What if we could achieve the same result, but without a SOC?
- A SOCless detection team at Netflix | Linkedin
- Threat Detection Is A Multi-Stage Process | Gartner blogs
Hey there! How much are you worth?
Have you ever stopped to think just how much your life is worth? I mean really think about it. For instance, let’s say you wanted to sell everything you have – your house, your car, your job, your private life, photos and home movies from your childhood, your accounts on various social media, your medical history and so on – how much would you ask for it all?
- Hey there! How much are you worth? | Securelist
US Cyber Command starts uploading foreign APT malware to VirusTotal
I think this is a good move, the more sharing, the better for defensive security right? Of course there are always caveats and scenarios where one would not share, but broadly speaking I hope more companies and government departments jump on board.
The Cyber National Mission Force (CNMF), a subordinate unit of US Cyber Command (USCYBERCOM), set in motion a new initiative through which the DOD would share malware samples it discovered on its networks with the broader cybersecurity community.The CNMF kicked off this new project by creating an account on VirusTotal, an online file scanning service that also doubles as an online malware repository, and by uploading two malware samples.
You're Going To Get Breached -- So How Should You Respond?
We live in an age in which the rate of technological advancement is unparalleled. But of course, with new technologies come new security vulnerabilities. The best example being the imminent arrival of 5G and the rise of connected devices, which alone already present numerous vulnerabilities. According to Ponemon Institute's 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report, 52% of organizations are not confident their current anti-virus software will protect them from ransomware.
Even with the rise of artificial intelligence in cybersecurity and enhanced defensive software capabilities, hackers have shown themselves to be consistently one step ahead. With this in mind, businesses need to stop asking, “Will I be hacked?” and instead tackle the inevitable question, “When will I be hacked?”
Destroy Logs, Hide Attacks
Apparently hacker groups are increasingly turning to log file destruction and other destructive methods as a means to hide their tracks. Nothing really new here. I remember once messing up a change as a young secops admin, and erased the logs to cover up my mistake. But that’s a story for another time.
Finding Gold in the Threat Intelligence Rush
Threat intelligence feeds, sold for hundreds of thousands of dollars per year, are marketed on a specific premise: If an entity is seen acting maliciously in one place, it can be expected in others.
But is that always true?
- Finding Gold in the Threat Intelligence Rush | Dark Reading
DJI plugs security flaws that could have enabled access to users’ data and drone images
If exploited, the vulnerability would have given an attacker full access to a user’s account and the information within it, including video footage and photos taken by their drone’s as well as flight paths, GPS locations and other confidential data, without the user being aware of any intrusion.
Alexa, what’s the best way to burn a drone?
- DJI plugs security flaws that could have enabled access to users’ data and drone images | HelpNetSecurity
Oracle’s VirtualBox vulnerability leaked by disgruntled researcher
An independent researcher who was disgruntled with traditional bug bounty methods took it upon himself to leak the details of an exploit in Oracle’s Virtual Box without first informing Oracle. Sergey Zelenyuk discovered a flaw that would allow him to escape from the virtual environment of the guest machine to reach the Ring 3 privilege layer used for running code from most user programs with the least privileges.
Other stories and articles I found interesting this week
- Retail focus is key to Alibaba’s new London datacentre | Computer Weekly
- What it takes to be a ‘Chief Data Officer’ in 2018 | IT Pro Portal
- How Amazon Makes Money: Amazon Business Model in a Nutshell | FourweekMBA