IR is More Than IOCs - It's About Inventory Too

If you work IR, you know how frustrating the whole process can be, especially when a customer wants to fly the "mission accomplished" banner prematurely. Of course I understand the desire to bring it all to and end. The long hours start to wear on people. Questions of cost start to come in. "How much more time will this take?"

Bidding for Breaches, Redefining Targeted Attacks

A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of “targeted attacks.” These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.

EMV: Countdown to the Fraud Shift

The fraud shift as a result of the migration to EMV chip payments in the U.S. will extend beyond card-not-present payments, experts said last week at Information Security Media Group's Fraud Summit San Francisco.

First-party or new account fraud and business email compromise attacks are likely to increase, too, as EMV shores up the security of card transactions at the point of sale.

Countdown to an Execution in Oklahoma

At 3 p.m. on Wednesday, the State of Oklahoma plans to execute Richard Glossip in the face of mounting evidence that he is innocent, as he has argued all along.

FBI: Deal With Your Own Internet-of-Things Security

The FBI has a rather interesting opinion on how users should approach IoT devices and their security. The takeaway? If you want to use it, you'd better know what you're doing — and keep it off the Internet.

Digging Into Windows Prefetch: Device Profiling

It wasn’t that long ago that every report I read containing Windows prefetch artifacts included only the basics: executable name, first and last time executed (now eight timestamps in Win8), and number of executions. There is much more information stored in prefetch files, but until recently there were few tools to easily parse and provide it to the examiner.

A Scout's Guide to Incident Response

Driven by a rapidly developing threat landscape, effective incident response is now a mainstay of rigorous cyber security programs — although it remains an area that even many seasoned information security specialists struggle to come to grips with.


Subscribe to RSS - Blog