Rapid Detection – CVE-2014-4114, “Sandworm”

Phil Hagen

This week, iSight Partners and Microsoft announced CVE-2014-4114 – “Sandworm”. While Microsoft has released a patch, exploit activity has already been identified in the wild. Red Canary customers will be pleased to know that within 24 hours of the CVE-2014-4114/Sandworm vulnerability’s announcement, we were successfully detecting the threat on their systems. Our team quickly identified the endpoint observations that indicate exploitation has occurred due … Read More

People as the Weak Link in Cybersecurity: Deep Dive Edition

Red Canary

People, it is often said, are the weak link in computer security. Its people falling victim to myriad social engineering techniques that help evil doers overcome technical defenses that lead to data breaches. Yes and no. It is true that stupid human tricks lead to a disturbing number of system compromises, but as Veracode points out in their annual State … Read More

Point of Sale Compromises: Security at the Speed of Business

Phil Hagen

Getting your credit card data pilfered at a point-of-sale system (e.g. cash register) is something that happens to someone else. YOU don’t go to dingy restaurants staffed with shifty wait staff and dodgy card-swipe machines; you go to reputable establishments that use systems built by people who know what they’re doing, right?  Consider this: A remote-access attack on a point-of-sale vendor may … Read More

Endpoint security, or lack thereof

Red Canary

Increasingly you’re hearing more and more folks say this out loud:  Infosec Professionals Don’t Trust Endpoint Security When it comes to endpoint protection, the overwhelming majority of information security professionals believe that their existing security solutions are unable to prevent all endpoint infections, and that anti-virus solutions are ineffective against advanced targeted attacks. Overall, end-users are their biggest security concern. … Read More

Hate the (Incident Response) Game

Red Canary

How much have you invested in computer security technology? How many vendor boxes are in your server rooms or data centers? How many bloated agents sit on your end-points? All that tech that promised to stop “advanced” threats and 0-days… …how much was that last bill from the incident response company? The invoice for that breach that ran roughshod over … Read More

Is cyberinsurance the answer? Don’t count on it

Red Canary

The issue of cyberattack insurance was recently covered in the New York Times. It’s a great read on a number of levels, not the least of which is what a disaster the market is going to be as long as people keep adhering to the status quo. Insurance works because premiums paid by the insured are always greater than payments … Read More

Slandering Andre Maginot

Red Canary

FireEye recently came out with a new report: Cybersecurity’s Maginot Line. It is an excellent report that documents findings from over 1,600 FireEye customers. Some key findings: Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture. More than a fourth of all organizations experienced events known to be … Read More