Firepower Indications of Compromise

Several days ago I wrote an article about Firepower Sinkhole rules. While I was confirming this in a lab, I temporarily created a custom DNS sinkhole rule. That rule classified requests for temp.packetu.com as Command and Control and returned an IP address of 1.1.1.1. What I later noticed is that this caused my laptop to be classified with an IOC.

Indications of Compromise (IOCs) can be thought of as reasons why Firepower Management Console believes a host cannot be trusted or is otherwise affected by malware. These can be found in multiple places in the UI. I find the Context Explorer to be a good middle ground for most SecOps team members and a good place to notice whether current IOC’s exist.

My network is rather simple and I only currently have one IOC. In any case, I can use the Context Explorer to launch the host information for the impacted host.

IOC Context Explorer

Once the Host Profile screen is launched, I can get a little more about information about the activity that causes Firepower to believe that this is a compromised host.

IOC Host Profile

Also notice that there is a garbage can icon to the right of the Indication of Compromise that was Continue reading

General – Network Engineering vs Coding

Introduction

There has been a lot of talking about the future of the network engineer for the last couple of years. Many articles have declared that we MUST learn to program or we will be banished from the world by the programming overlords! I definitely do not agree with this bold statement but lately I have started to learn Python. Why?

Why Learn Programming?

As a network architect I probably won’t ever write a line of code or at least very rarely so. So why bother learning?

I didn’t learn a lot of programming back in my days of school. I fiddled around a bit with Basic, some Pascal and then at the university I tried some C# and C++. I never felt connected with programming. I never felt that I was good at it. This surprised me a bit because I’ve always been good at learning things. I’m good at analyzing things, troubleshooting things and I have a strong background in maths and science in general. I had all the skills that good programmers normally have so why couldn’t I learn programming? Because I struggled I didn’t enjoy doing it so I never pushed through until it “clicked”.

Later Continue reading

Sideloaders beware: a Pokemon Go knock-off contains malware

The new smash-hit game "Pokemon Go" could become bait for hackers wanting to take over your phone.Researchers at security firm Proofpoint have already found an Android version of the game containing malware. Once installed, it uses a remote access tool called DroidJack that can give a hacker full access to the phone, Proofpoint said Thursday.The company hasn’t yet seen the infected game in the wild, but it shows that hackers are already hard at work targeting it. Proofpoint discovered the software in a malicious online file repository.To read this article in full or to leave a comment, please click here

Sideloaders beware: a Pokemon Go knock-off contains malware

The new smash-hit game "Pokemon Go" could become bait for hackers wanting to take over your phone.Researchers at security firm Proofpoint have already found an Android version of the game containing malware. Once installed, it uses a remote access tool called DroidJack that can give a hacker full access to the phone, Proofpoint said Thursday.The company hasn’t yet seen the infected game in the wild, but it shows that hackers are already hard at work targeting it. Proofpoint discovered the software in a malicious online file repository.To read this article in full or to leave a comment, please click here

Gaming desktops with AMD’s Radeon RX 480 are on sale for under $800

Desktops with AMD's $199 Radeon RX 480 graphics card have started to go on sale a month after the GPU was announced.Some of the desktops are priced under $800, which is very affordable by gaming PC standards. That's largely because of the GPU's low price, but the RX 480 is no slouch: it's capable of 4K gaming and makes desktops VR-ready.It's the first GPU based on AMD's new Polaris architecture, but you can expect even faster, higher-priced Polaris cards later this year.Best Buy is selling the CyberPowerPC Desktop with an eight-core AMD FX 8320 CPU and RX 480 for $849.99. It has a 2TB hard drive, eight USB 3.0 ports, Gigabit Ethernet and 16GB DDR3 RAM (not the speedier DDR4 in some gaming systems).To read this article in full or to leave a comment, please click here

Cybersecurity firms step up intel sharing despite issues of trust

The war against cybercriminals won’t be won alone. To keep hackers at bay, security vendors are establishing more ways for their customers to cooperate and share data about the latest threats -- even as it sparks concerns about trust and competition.“We have to win this war together,” said Ben Johnson, chief security strategist of Carbon Black.The company is the latest to help pool together security expertise with a new platform called the Detection eXchange.Carbon Black protects the networks of thousands of companies, and it's now opening a line of communication between them. More than a virus signature or an IP address, the exchange aims to foster the sharing of "patterns of attack," which identify behaviors and tactics employed by malicious hackers.To read this article in full or to leave a comment, please click here

Cybersecurity firms step up intel sharing despite issues of trust

The war against cybercriminals won’t be won alone. To keep hackers at bay, security vendors are establishing more ways for their customers to cooperate and share data about the latest threats -- even as it sparks concerns about trust and competition.“We have to win this war together,” said Ben Johnson, chief security strategist of Carbon Black.The company is the latest to help pool together security expertise with a new platform called the Detection eXchange.Carbon Black protects the networks of thousands of companies, and it's now opening a line of communication between them. More than a virus signature or an IP address, the exchange aims to foster the sharing of "patterns of attack," which identify behaviors and tactics employed by malicious hackers.To read this article in full or to leave a comment, please click here

Stuxnet the movie: The U.S. has pwned Iran

The new documentary about Stuxnet, ‘Zero Days’, says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country’s infrastructure and could be used as a weapon in any future war.Quoting unnamed sources from inside the NSA and CIA, the movie says the Nitro Zeus program has infiltrated the systems controlling communications, power grids, transportation and financial systems, and is still ready to “disrupt, degrade and destroy” that infrastructure if a war should break out with Iran.The multi-million dollar program was run from within the NSA during the same time Stuxnet was active, and was put in place should the U.S. be drawn into a war there because Israel launched an attack against Iran, according the film by academy award winning director Alex Gibney. The movie opened in U.S. theaters today.To read this article in full or to leave a comment, please click here

Stuxnet the movie: The U.S. has pwned Iran

The new documentary about Stuxnet, ‘Zero Days’, says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country’s infrastructure and could be used as a weapon in any future war.Quoting unnamed sources from inside the NSA and CIA, the movie says the Nitro Zeus program has infiltrated the systems controlling communications, power grids, transportation and financial systems, and is still ready to “disrupt, degrade and destroy” that infrastructure if a war should break out with Iran.The multi-million dollar program was run from within the NSA during the same time Stuxnet was active, and was put in place should the U.S. be drawn into a war there because Israel launched an attack against Iran, according the film by academy award winning director Alex Gibney. The movie opened in U.S. theaters today.To read this article in full or to leave a comment, please click here

Show 296: Never Free From Vendor Lock-In

Todays Weekly Show is a free-wheeling discussion on a variety of topics, including network disaggregation, whether open networking actually means freedom from vendor lock-in (probably not), the rise of 25Gig switching, the end of outsourcing, and more. The post Show 296: Never Free From Vendor Lock-In appeared first on Packet Pushers.

Businesses struggle to hire workers with cloud skills

Cloud services are becoming the cornerstone of an enterprise's IT infrastructure. However, IT leaders are finding it difficult to not only plan for and implement cloud technology, but also to hire qualified candidates. And part of that struggle, according to a recent study from Softchoice of 250 line of business managers and 250 IT decision makers, is a lack of qualified candidates as well as a general misunderstanding of how to create a successful cloud strategy.“There’s incredible opportunity for businesses if they move to the cloud, but with a lack of skilled resources they are not able to realize those benefits as quickly. At best, this impacts revenue and profit potential in isolation. At worst, competitiveness and market relevance suffer,” says Craig McQueen, director of Microsoft Practice at Softchoice.To read this article in full or to leave a comment, please click here

Worth Reading: The lizard brain of lizardstresser

LizardStresser is a botnet originally written by the infamous Lizard Squad DDoS group. The source code was released publicly in early 2015, an act that encouraged aspiring DDoS actors to build their own botnets. Arbor Networks’ ASERT group has been tracking LizardStresser activity and observed two disturbing trends… Utilizing the cumulative bandwidth available to these IOT devices, one group of threat actors has been able to launch attacks as large as 400Gbps targeting gaming sites world-wide, Brazilian financial institutions, ISPs, and government institutions. -Arbor Networks

LinkedInTwitterGoogle+Facebook

The post Worth Reading: The lizard brain of lizardstresser appeared first on 'net work.

68% off Carllte Omnidirectional Condenser Lapel Microphone – Deal Alert

The Carllte Omnidirectional lapel mic has an extra long 59-inch cable and TRRS 3.5mm Jack, making it compatible with most phones, tablets and computers and suitable for a wide range of applications from live-streaming to kareoke. It is made from professional grade polished and protected steel, and captures crystal clear audio without batteries or external power. It averages 4 out of 5 stars from over 100 reviewers (read reviews). Amazon indicates that its $40 list price has been reduced by 68% to just $13.To read this article in full or to leave a comment, please click here

How to secure your router and home network

Many computer users don't realize it, but for most people their internet router is the most important electronic device in their home. It links most of their other devices together and to the world, so it has a highly privileged position that hackers can exploit.Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Some of these problems can't be fixed by users, but there are many actions that can be taken to at least protect these devices from large-scale, automated attacks.Don't let your router be a low-hanging fruit for hackers.To read this article in full or to leave a comment, please click here

1 2,829 2,830 2,831 2,832 2,833 3,836