Comments
-
Hey all - some of you have mentioned you have been, or know of victims, of ransomware. The FBI is putting out a call for info on actual attacks. Collecting information about an incident is worthwhile even if doesn't get you (or your colleague) personally any help. By collecting incident information agencies can built…
-
rschroeder and everyone else - re: cloud data - so Symantec says new forms or ransomware are hopping our connected drives and encrypting the cloud data. I know how to back up a local hard driver or server (and restore if ransomware hits) but how do you restore on the cloud?? And anyone have a solution for mac users on…
-
To Richard Phillips 's point - if you haven't seen the blogs from Brian Kreb's on using all these consumer IoT devices to build massive botnet, you should take a look. Fascinating story and how do these take overs start?? Default passwords of course. www.krebsonsecurity.com but this is the relevant post: Who Makes the IoT…
-
One of the concerns I've heard with IPSEC VPNs has to do with whether your users are protected from malware that you can get via drive by download or off unsecured wifi. Of course higher security systems backhaul all traffic to the corp net via IPSEC tunnel, but many of us don't use that approach because of latency.…
-
Hey everyone - just saw this article on a new technique to help mitigate (Not Solve) ransomware issues. Also including a link to the technical paper - comments?? Researchers Unleash Ransomware Annihilation - BankInfoSecurity Here's the research paper http://www.cise.ufl.edu/~traynor/papers/scaife-icdcs16.pdf
-
UPDATE: TESLACRYPT Apparently Eset convinced the tesla crypt ransomware team to release the private key. http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/
-
Continuing on the subject of Out-of-Bank authentication, just before RSA Salesforce acquired its own OOB solution Toopher - from Austin Tx. Toopher uses the mobile phone for OOB auth, but allows you to use proximity - the location of the phone - for low risk transactions. For higher risk transactions you still need the…
-
Btw - NIST has a standard for secure BIOS, I worked with the firmware teams at Dell a few years ago on implementation. You can check it out here and ask your vendors if they are supporting it. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-147.pdf
-
Hi Clubjuggle - Personally I'm a huge fan of a particular kind of 2-factor, specifically Out-of-Band authentication. For example, if you are logging onto a computer and you have a soft token on your phone that give you a challenge response. It's important that the second factor is comes from a different channel. Other…
-
New portal - to help with RANSOMWARE The No More Ransom Project I don't know anything about this project but it looks promising. Anyone willing to vet them?
-
@stephen.black love your idea about unmapping drives by default. Doing a longer post on ransomware, can I attribute this tip to you?
-
And in more ransomware news - Researchers have discovered a new "prisoners dilemma" type version. Called Popcorn Time, this new version of ransomware is tapping into social distribution. If you become infected you can either * pay up * infect your friends (or enemies) Either way the bad guys win. Please make others aware…
