{"id":2509,"date":"2019-10-28T00:00:00","date_gmt":"2019-10-28T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2019\/10\/28\/incident-response-newsalert-27-oct-2019\/"},"modified":"2021-12-30T11:41:29","modified_gmt":"2021-12-30T11:41:29","slug":"incident-response-newsalert-27-oct-2019","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2019\/10\/28\/incident-response-newsalert-27-oct-2019\/","title":{"rendered":"Incident Response Newsalert &#8211; 27-Oct-2019"},"content":{"rendered":"<ul>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">OWASP Top 10 Vulnerabilities List \u2014 You\u2019re Probably Using It Wrong&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">4 steps to RPA success&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">JSON tools you don\u2019t want to miss&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Slack rolls out new Salesforce integrations, launches Workflow Builder&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Windows 10 security: Microsoft reveals &#8216;Secured-core&#8217; to block firmware attacks&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">STEALTHY TOOL DETECTS MALWARE IN JAVASCRIPT&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">ACSC warns of Windows malware Emotet spreading in Australia Featured&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Microsoft Office Bug Remains Top Malware Delivery Vector&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Cisco Networking Trends Report: \u2018Intent-Based Networking Is Coming\u2019&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Nasty PHP7 remote code execution bug exploited in the wild&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Huawei: Banned and Permitted In Which Countries? List and FAQ&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Heed 5 security operations center best practices before outsourcing&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">SOC Operations: 6 Vital Lessons &amp; Pitfalls&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Secureworks Welcomes Steve Hardy as Chief Marketing Officer&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">The Secret To 5G Security? Turn The Network Into A Sensor&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">inSOC Unveils Start-Up SOC Service for MSPs&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">CYFIRMA Announces Its Separation From Antuit Group and Consolidates Its Intelligence Driven Product Offering&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Delta Risk\u2019s New ActiveEye 2.0 Reduces 95 Percent of False Positives to Find and Resolve Cyber Threats Faster&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Managing Non-Security Incidents with Security Tools and Policies&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">ALTR Hires Cylance Veteran Brian Stoner for Data Security Partner Push&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Beachhead Solutions Adds Encryption-as-a-Service for MSPs&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Trial Before the Fire: How to Test Your Incident Response Plan to Ensure Consistency and Repeatability&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Splunk\u2019s Mission Control sends security operations center into new orbit&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Recorded Future Teams Up With ServiceNow on Integrated Security Intelligence Offering for Reducing Organizational Risk&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Nuspire upgrades its Managed Endpoint service that leverages SentinelOne\u2019s endpoint technology&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Splunk enhances its Security Operations Suite to modernize and unify the SOC&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">AttackIQ and The Chertoff Group help enterprise customers build and sustain security programs&nbsp;<\/font><\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\"><font color=\"darkblue\">Kaspersky Allows Privileged Access to Curated Features of its Threat Intelligence Portal&nbsp;<\/font><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/content.cdntwrk.com\/files\/aHViPTcyNTE0JmNtZD1mYXZpY29uJnZlcnNpb249MTU3MDM0MDM4NyZleHQ9cG5nJnNpemU9MTk1JnNpZz1hOTExYTZiMzQ2M2MxYzkzNGQxMDgxZDkyOTZlODg2MQ%253D%253D\/favicon.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>OWASP Top 10 Vulnerabilities List \u2014 You\u2019re Probably Using It Wrong<\/strong><br \/>\n<em>Gabriel Avner<\/em>&nbsp;<br \/>\n<em>White Source<\/em>&nbsp;<br \/>\nGabriel AvnerFirst issued in 2004 by the Open Web Application Security Project, the now-famous OWASP Top 10 Vulnerabilities list (included at the bottom of the article) is probably the closest that the development community has ever come to a set of commandments on how to keep their products secure.<br \/>\nUnfortunately, as the OWASP Top 10 Vulnerabilities list has reached a wider audience, its real intentions as a guide have been misinterpreted, hurting developers instead of helping.<br \/>\nSo how should we understand the purpose of this list and actually encourage developers to code more securely? &nbsp;&nbsp;<br \/>\nIn a recent interview, OWASP\u2019s chairman Martin Knobloch voiced his disappointment at the list being used as a sort of checklist for a final run through before a release, serving more as a validation mechanism than a guide.<br \/>\nThe OWASP Top 10 is not set up to resolve every attack in the book, but to help teams avoid the common mistakes which are far more likely to get their applications breached.<br \/>\nA determined attacker can find many avenues to breach their target.<br \/>\nHowever, the smart risk management advisories do not focus on the minority of cases but instead seek to address the issues facing the widest audience.<br \/>\nSecurity teams that do not engage with their developers, making the effort to understand how they can empower them to have security be an inherent element of their workflow, will quickly find themselves sidelined.<br \/>\nIf you want to stay relevant, become an enabler, and use the OWASP Top 10 list as a way to start conversations, not to threaten.<br \/>\nIn the end, you might find that you catch more (O)WASPS with honey than vinegar.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/resources.whitesourcesoftware.com\/blog-whitesource\/owasp-top-10-vulnerabilities?utm_medium=email&amp;utm_source=topic%20optin&amp;utm_campaign=awareness&amp;utm_content=20191026%20prog%20nl&amp;mkt_tok=eyJpIj\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/resources.whitesourcesoftware.com\/blog-whitesource\/owasp-top-10-vulnerabilities?utm_medium=email&amp;utm_source=topic%20optin&amp;utm_campaign=awareness&amp;utm_content=20191026%20prog%20nl&amp;mkt_tok=eyJpIj<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2019\/10\/23\/e8d3d064-ab1d-48c7-95d3-5f296f7a4bb8\/thumbnail\/770x578\/a8ff7400e9da118e4584db01b04059d7\/cpdos.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites<\/strong><br \/>\n<em>Catalin Cimpanu<\/em>&nbsp;<br \/>\n<em>ZD Net<\/em>&nbsp;<br \/>\nTwo academics from the Technical University of Cologne (TH Koln) have disclosed this week a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.<br \/>\nThe new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks).<br \/>\nAccording to the research team, three variants of the CPDoS attack exist, depending on how attackers decide to structure the malformed header.<br \/>\nThe names are self-explanatory, with using oversized header fields, meta characters that trigger errors, or instructions that override normal server responses.<br \/>\nMitigations against CPDoS attacks, fortunately, exist.<br \/>\nThe simplest solution is that website owners configure their CDN service to not cache HTTP error pages by default.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/cpdos-attack-can-poison-cdns-to-deliver-error-pages-instead-of-legitimate-sites\/\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.zdnet.com\/article\/cpdos-attack-can-poison-cdns-to-deliver-error-pages-instead-of-legitimate-sites\/<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/alt.idgesg.net\/images\/furniture\/insiderpro\/favicon_package\/IP-favicon-144x144.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>4 steps to RPA success<\/strong><br \/>\n<em>Eth Stackpole<\/em>&nbsp;<br \/>\n<em>insider Pro<\/em>&nbsp;<br \/>\nAmidst the hype and promise of artificial intelligence (AI) and machine learning (ML), their less-familiar counterpart, RPA, is starting to gain traction, especially among banks, insurance companies, telecommunications firms and utilities.<br \/>\nThe technology employs AI and ML to handle rules-driven, high-volume and repeatable business tasks such as queries, calculations and copying and pasting data across systems without any coding requirement.<br \/>\nAccording to Gartner, RPA software revenue spiked 63.1 percent in 2018 to $846 million with projections calling for $1.3 billion in sales this year.<br \/>\nBy the end of 2022, Gartner expects 85 percent of large and very large organizations will have deployed some form of RPA, fueling a $2.4 billion market.<br \/>\nWhile initial RPA use cases are aimed at automating back-office functions such as reconciliations and accounts receivable and payables, experts in the field say it\u2019s only a matter of time before RPA is deployed to automate middle office and front-office activities, including customer call centers where there is a lot of behind-the-scenes manual work to share data between multiple systems.<br \/>\nAs companies move beyond limited RPA pilots to full-blown implementations, there are four practices to keep in mind to ensure things stay on track:<br \/>\n1) Don\u2019t rush to automate<br \/>\n2) Governance is key, but don\u2019t let it grind things to a halt<br \/>\n3) Align business and IT<br \/>\n4) Embrace change management<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.idginsiderpro.com\/article\/3446657\/4-steps-to-rpa-success.html?utm_source=Adestra&amp;utm_medium=email&amp;utm_content=Title%3A%204%20steps%20to%20RPA%20success&amp;utm_campaign=CIO%20Daily&amp;utm_term=Ed\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.idginsiderpro.com\/article\/3446657\/4-steps-to-rpa-success.html?utm_source=Adestra&amp;utm_medium=email&amp;utm_content=Title%3A%204%20steps%20to%20RPA%20success&amp;utm_campaign=CIO%20Daily&amp;utm_term=Ed<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"http:\/\/blank.ico\/\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>JSON tools you don\u2019t want to miss<\/strong><br \/>\n<em>Paul Krill<\/em>&nbsp;<br \/>\n<em>infoworld, from IDG<\/em>&nbsp;<\/p>\n<ul>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">JSONLint<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">JSONCompare<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">jtc&nbsp;&nbsp;<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">ijson<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">JSON Formatter and Validator<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">Altova XMLSpy JSON and XML Editor<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">Code Beautify JSON Tools<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">Visual Studio Code<\/li>\n<li style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;\">Eclipse JSON Editor Plugin<\/li>\n<\/ul>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.infoworld.com\/article\/3446216\/json-tools-you-dont-want-to-miss.html?utm_source=Adestra&amp;utm_medium=email&amp;utm_content=Title%3A%20JSON%20tools%20you%20don%E2%80%99t%20want%20to%20miss&amp;utm_campaign=ID\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.infoworld.com\/article\/3446216\/json-tools-you-dont-want-to-miss.html?utm_source=Adestra&amp;utm_medium=email&amp;utm_content=Title%3A%20JSON%20tools%20you%20don\u2019t%20want%20to%20miss&amp;utm_campaign=ID<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/idge.staticworld.net\/ctw\/computerworld-logo300x300.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Slack rolls out new Salesforce integrations, launches Workflow Builder<\/strong><br \/>\n<em>Matthew Finnegan<\/em>&nbsp;<br \/>\n<em>Computerworld<\/em>&nbsp;<br \/>\nSlack has added new integrations with Salesforce\u2019s customer relationship management (CRM) and customer service apps, part of its ongoing push to bolster connections with other \u201cbest of breed\u201d cloud apps.<br \/>\nSlack now lets users search and preview Salesforce Sales Cloud and Service Cloud records such as accounts and opportunities in app by using a slash command to pull up details.&nbsp;&nbsp;<br \/>\nOther features include the ability to send Salesforce records relating to an account or case directly to an individual Slack user or a channel, such as #customer-support, for instance.<br \/>\nIn addition, sales and service reps using Salesforce will be able to see Slack conversations related to a Salesforce record.<br \/>\nAlso this week, Slack announced that its Workflow Builder tool is now generally available.<br \/>\nThe feature lets all users automate routine processes; they can, for instance, create messages sent to new members of a channel, set up their own automations or select a pre-built template from Slack.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.computerworld.com\/article\/3446881\/slack-rolls-out-new-salesforce-integrations-launches-workflow-builder.html?utm_source=Adestra&amp;utm_medium=email&amp;utm_content=Title%3A%20Slack%20rolls%20out%\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.computerworld.com\/article\/3446881\/slack-rolls-out-new-salesforce-integrations-launches-workflow-builder.html?utm_source=Adestra&amp;utm_medium=email&amp;utm_content=Title%3A%20Slack%20rolls%20out%<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/r\/2019\/10\/21\/394cfc4f-78ce-42df-b929-e357f673cf65\/thumbnail\/770x578\/b51162ce37ec28b88c05a18e52691cca\/programmeristock-912501574.jpg\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Windows 10 security: Microsoft reveals &#8216;Secured-core&#8217; to block firmware attacks<\/strong><br \/>\n<em>Liam Tung<\/em>&nbsp;<br \/>\n<em>ZD Net<\/em>&nbsp;<br \/>\nThe new layer of security is for high-end PCs and the first Windows 10 &#8216;Secured-core&#8217; PC is the Arm-powered Surface Pro X.<br \/>\nAt its heart, the new firmware protection comes from a Windows Defender feature called System Guard.<br \/>\nThat feature is intended to protect Windows 10 PCs from new attacks used by the likes of state-sponsored hacking group APT28 or Fancy Bear, which was caught late last year using a novel Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs.&nbsp; &nbsp;<br \/>\n&#8220;It&#8217;s pretty similar to what other manufacturers might be doing with a specific security chip, but we are doing this across all different manners of CPU architectures and OEMs, so we can bring this to a much broader audience, and they can select the form factor or product that matches them but with the same security guarantees as if Microsoft created it.&#8221;&nbsp;<br \/>\nMicrosoft already has Secure Boot.<br \/>\nHowever, that feature assumes the firmware is trusted to verify bootloaders, meaning attackers can exploit trusted firmware.<br \/>\nAPT28&#8217;s rootkit was not properly signed, which meant Windows PCs with Windows Secure Boot enabled were not vulnerable because the system only permits signed firmware to load.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/windows-10-security-microsoft-reveals-secured-core-to-block-firmware-attacks\/\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.zdnet.com\/article\/windows-10-security-microsoft-reveals-secured-core-to-block-firmware-attacks\/<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/www.futurity.org\/wp\/wp-content\/uploads\/2018\/08\/futurity_ico.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>STEALTHY TOOL DETECTS MALWARE IN JAVASCRIPT<\/strong><br \/>\n<em>Matt Shipman<\/em>&nbsp;<br \/>\n<em>Futurity<\/em>&nbsp;<br \/>\nA new open-source tool called VisibleV8 allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs.<br \/>\nThe tool runs in the Chrome browser and is designed to detect malicious programs that are capable of evading existing malware detection systems.<br \/>\nVisibleV8 saves all of the data on how a site is using JavaScript, creating a \u201cbehavior profile\u201d for the site.<br \/>\nResearchers can then use that profile, and all of the supporting data, to identify both malicious websites and the various ways that JavaScript can compromise web browsers and user information.<br \/>\nYou can download VisibleV8 from Kapravelos\u2019 site.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.futurity.org\/malware-in-javascript-visiblev8-2190792\/\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.futurity.org\/malware-in-javascript-visiblev8-2190792\/<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/themes\/cyberdelia\/assets\/icons\/favicon-194x194.png?v=1571995373\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>ACSC warns of Windows malware Emotet spreading in Australia Featured<\/strong><br \/>\n<em>Sam Varghese<\/em>&nbsp;<br \/>\n<em>IT Wire<\/em>&nbsp;<br \/>\nAn infection of Windows systems by the Emotet malware was the precursor to the recent ransomware attack on Victorian hospitals, the Australian Cyber Security Centre says, as part of a warning that Emotet, which has been around since 2014, is being spread in Australia by malicious emails.<br \/>\nThe ACSC named the ransomware as being Ryuk.<br \/>\nAccording to the Israeli firm Check Point, Ryuk is used only for tailored attacks.<br \/>\nIn a statement, the ACSC said it had received numerous reports of confirmed Emotet infections from different industries, including critical infrastructure providers and government agencies.<br \/>\nThe ACSC has asked anyone who requires assistance to contact ASD.Assist@defence.gov.au.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.itwire.com\/security\/acsc-warns-of-windows-malware-emotet-spreading-in-australia.html\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.itwire.com\/security\/acsc-warns-of-windows-malware-emotet-spreading-in-australia.html<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/www.darkreading.com\/default.asp\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Microsoft Office Bug Remains Top Malware Delivery Vector<\/strong><br \/>\n<em>Kelly Sheridan<\/em>&nbsp;<br \/>\n<em>Dark Reading<\/em>&nbsp;<br \/>\nCVE-2017-11882 has been attackers&#8217; favorite malware delivery mechanism throughout the second and third quarters of 2019.<\/p>\n<p>The third quarter of 2019 brought the rise of keylogger Agent Tesla, the decline of phishing-delivered ransomware-as-a-service (RaaS), and attackers&#8217; continued preference for exploiting the CVE-2017-11882 Microsoft Office vulnerablity to deliver phishing campaigns.<br \/>\nThroughout the second and third quarters, researchers saw little change in the significant delivery mechanisms used to spread malware.<br \/>\nThe most common method, as seen in more than 600 incidents, is Microsoft Office vulnerability CVE-2017-11882, which remains a &#8220;prolific technique&#8221; for attackers to spread malware through phishing attacks, researchers report.<br \/>\nFollowing CVE-2017-11882, the other two most common delivery mechanisms were Office macros and Windows Script Component (WSC) downloaders.<br \/>\nAttackers&#8217; consistent use of the same delivery mechanisms could change as the holidays approach and Emotet reemerges, driving innovation among cybercriminals who may start using new variants and tactics.<br \/>\nAnother notable trend third quarter was the drop in RaaS, which has decreased as attackers swap large-scale campaigns for narrowly focused ones.<br \/>\nGandCrab was taken offline; Sodinokibi, the ransomware that shares some of its code base, has seen a low rate of dissemination.<br \/>\nTargeted attacks let cybercriminals keep a lower profile and benefit from a higher return ratio.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.darkreading.com\/operations\/microsoft-office-bug-remains-top-malware-delivery-vector\/d\/d-id\/1336182\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.darkreading.com\/operations\/microsoft-office-bug-remains-top-malware-delivery-vector\/d\/d-id\/1336182<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/www.sdxcentral.com\/wp-content\/themes\/genesis-sdx\/build\/images\/favicon-192.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Cisco Networking Trends Report: \u2018Intent-Based Networking Is Coming\u2019<\/strong><br \/>\n<em>Sydney Sawaya<\/em>&nbsp;<br \/>\n<em>sdX Central<\/em>&nbsp;<br \/>\nWinter is coming, and according to Cisco\u2019s 2020 Global Networking Trends Report, so is intent-based networking (IBN).<br \/>\nCisco conducted a web-based survey of 505 IT leaders and 1,566 network strategists across 13 countries about the current state of their networks, their network aspirations over the next two years, and their network operational and talent readiness.&nbsp;<br \/>\nThe survey found maximizing business value to be IT\u2019s No. 1 priority with 40% of respondents naming it their top concern.<br \/>\nBut seeing the top of the mountain is one thing, and getting up there is another.<br \/>\nIn order to maximize business value, IT teams will require greater insight into data along with the right tools.<br \/>\nStill, Cisco\u2019s findings suggest IBN will be the next \u201cIT girl\u201d of networking in the coming years \u2014 essentially the second phase of SDN.<br \/>\nSome 41% of those surveyed claim to have at least one instance of SDN in at least one of their network domains.<br \/>\nSDN has given network operators a way to design, build, and operate their networks through a centralized view.&nbsp;<br \/>\nHowever, only 28% of respondents indicated having reached SDN or IBN on Cisco\u2019s Digital Network Readiness Model, yet 78% expect to their networks to move beyond SDN or IBN within the next two years.<br \/>\nLikewise, only 4% indicated that their currently deployed networks are intent-based, and 35% plan to be within two years.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.sdxcentral.com\/articles\/news\/cisco-networking-trends-report-intent-based-networking-is-coming\/2019\/10\/\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.sdxcentral.com\/articles\/news\/cisco-networking-trends-report-intent-based-networking-is-coming\/2019\/10\/<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2018\/10\/14\/8cb090a5-da9d-47c8-b769-e1a9692a5c62\/thumbnail\/770x578\/849c80cda3b52bf3fbbaec0c39f0c8db\/php.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Nasty PHP7 remote code execution bug exploited in the wild<\/strong><br \/>\n<em>Catalin Cimpanu<\/em>&nbsp;<br \/>\n<em>ZD Net<\/em>&nbsp;<br \/>\nExploiting the bug is trivial, and public proof-of-concept exploit code has been published on GitHub earlier this week.<br \/>\n&#8220;The PoC script included in the GitHub repository can query a target web server to identify whether or not it is vulnerable by sending specially crafted requests,&#8221; says Satnam Narang, Senior Security Response Manager at Tenable. &#8220;Once a vulnerable target has been identified, attackers can send specially crafted requests by appending &#8216;?a=&#8217; in the URL to a vulnerable web server.&#8221;<br \/>\nFortunately, not all PHP-capable web servers are impacted.<br \/>\nOnly NGINX servers with PHP-FPM enabled are vulnerable.<br \/>\nPHP-FPM, or FastCGI Process Manager, is an alternative PHP FastCGI implementation with some additional features.<br \/>\nThis blog post from Wallarm, the company that found the PHP7 RCE, includes instructions on how webmasters can use the standard mod_security firewall utility to block %0a (newline) bytes in website URLs, and prevent any incoming attacks.<br \/>\nDue to the availability of public PoC code and the simplicity of exploiting this bug, website owners are advised to check server settings and update PHP as soon as possible if they run the vulnerable configuration.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/nasty-php7-remote-code-execution-bug-exploited-in-the-wild\/\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.zdnet.com\/article\/nasty-php7-remote-code-execution-bug-exploited-in-the-wild\/<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/www.channele2e.com\/wp-content\/uploads\/2018\/12\/huawei.jpg\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Huawei: Banned and Permitted In Which Countries? List and FAQ<\/strong><br \/>\n<em>Joe Panettieri<\/em>&nbsp;<br \/>\n<em>CHANNEL e2e<\/em>&nbsp;<br \/>\nHere\u2019s an FAQ explaining the Huawei controversy, along with a list of countries, organizations and technology companies, and their current business status with the China-based technology giant.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.channele2e.com\/business\/enterprise\/huawei-banned-in-which-countries\/?utm_medium=email&amp;utm_source=sendpress&amp;utm_campaign\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.channele2e.com\/business\/enterprise\/huawei-banned-in-which-countries\/?utm_medium=email&amp;utm_source=sendpress&amp;utm_campaign<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/searchsecurity.techtarget.com\/apple-touch-icon-144x144-precomposed.png\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Heed 5 security operations center best practices before outsourcing<\/strong><br \/>\n<em>Johna Till Johnson<\/em>&nbsp;<br \/>\n<em>Tech Target &#8211; Security<\/em>&nbsp;<br \/>\nResearch showed highly successful cybersecurity organizations, as measured by mean total time to contain, are 52% more likely to have deployed an SOC than their less successful peers.&nbsp;&nbsp;<br \/>\nIn fact, merely deploying a SOC can improve an organization&#8217;s mean time to contain a breach by almost half.&nbsp;&nbsp;<br \/>\nBut, as always, the devil is in the details in terms of assessing security operations center best practices: Should cybersecurity pros outsource the SOC function or develop one in-house.<br \/>\nAnd, if they outsource, what should the selection criteria be?<br \/>\nFirst is the operational model: Is the SOC provider primarily focused on event notification, or does it work in a team extension mode and proactively take steps to respond to events?&nbsp;&nbsp;<br \/>\nSecond is the SOC run book itself.<br \/>\nRegardless of who executes it &#8212; the internal team or the SOC provider &#8212; how is the run book developed.<br \/>\nDoes the SOC provider have a standardized run book that can be customized to each client, or should the client plan to develop it?&nbsp;&nbsp;<br \/>\nThe third step to ensure security operations center best practices is to examine the portfolio of services the SOC provider offers.&nbsp;&nbsp;<br \/>\nFourth is the set of tools and technologies the SOC provider relies on.&nbsp;&nbsp;<br \/>\nFinally, as counterintuitive as it sounds, there&#8217;s the question of how the relationship will be terminated.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/searchsecurity.techtarget.com\/tip\/Heed-5-security-operations-center-best-practices-before-outsourcing\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/searchsecurity.techtarget.com\/tip\/Heed-5-security-operations-center-best-practices-before-outsourcing<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/www.darkreading.com\/default.asp\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>SOC Operations: 6 Vital Lessons &amp; Pitfalls<\/strong><br \/>\n<em>Todd Thiemann<\/em>&nbsp;<br \/>\n<em>Dark Reading<\/em>&nbsp;<br \/>\nLesson #1: Locate and Retain High-Quality SOC Talent<br \/>\nLesson #2: Improve Your SOC Incrementally<br \/>\nLesson #3: Coordinate SOC and Network Operations<br \/>\nLesson #4: Realistic Goals<br \/>\nLesson #5: Staffing Delusions<br \/>\nLesson #6: The &#8220;AI Cure-All&#8221; Fallacy<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.darkreading.com\/operations\/soc-operations-6-vital-lessons-and-pitfalls-\/a\/d-id\/1336076\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.darkreading.com\/operations\/soc-operations-6-vital-lessons-and-pitfalls-\/a\/d-id\/1336076<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/www.darkreading.com\/default.asp\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period<\/strong><br \/>\n<em>Cision PR Newswire<\/em>&nbsp;<br \/>\nNEW YORK, Oct. 21, 2019 \/PRNewswire\/ &#8212;&nbsp;The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period.<br \/>\nMarket growth is influenced by factors like growing cyber-attacks, absence of staff availability, strict laws and compliance, absence of centralized views on threats, and a large amount of false alerts that contribute significantly to the SOAR ecosystem.<br \/>\nMarket players are taking step-by-step approaches to leverage market possibilities.<br \/>\nCompanies focus on innovative market-space competitive strategies.<br \/>\nFor instance, in August 2019, Splunk integrated with Deloitte in order to provide automated security monitoring and response capabilities which helps in driving higher fidelity and greater consistency into security workflows and outputs for organizations.<br \/>\nThe same month, FireEye launched FireEye\u00ae Network Security 8.3 and FireEye Endpoint Security 4.8; are used for enhanced detection and investigation related to advanced attacks.<br \/>\nSimilarly, Tufin collaborated with Cisco in order to launch Tufin Orchestration Suite R19-2 for helping the customers to increase the mitigation process to Cisco ACI.<br \/>\n<font color=\"blue\"><strong>Link:<\/strong><\/font>&nbsp;<a href=\"https:\/\/www.prnewswire.com\/news-releases\/the-global-security-orchestration-automation-and-response-soar-market-size-is-expected-to-reach-2-3-billion-by-2025--rising-at-a-market-growth-of-16-3-cagr-dur\" style=\"-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-weight: normal;text-decoration: underline;\">https:\/\/www.prnewswire.com\/news-releases\/the-global-security-orchestration-automation-and-response-soar-market-size-is-expected-to-reach-2-3-billion-by-2025&#8211;rising-at-a-market-growth-of-16-3-cagr-dur<\/a><\/p>\n<p style=\"margin: 1em 0;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #202020;font-family: Helvetica;font-size: 15px;line-height: 150%;text-align: left;\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/s.yimg.com\/cv\/apiv2\/default\/fp\/20180826\/icons\/favicon_y19_32x32.ico\" width=\"16\" style=\"border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto !important;\">&nbsp;<strong>Secureworks Welcomes Steve Hardy as Chief Marketing Officer<\/strong><br \/>\n<em>Business Wire<\/em>&nbsp;<br \/>\n<em>Yahoo &#8211; Finance<\/em>&nbsp;<br \/>\nSecureworks\u00ae (SCWX), a leading global cybersecurity company that protects organizations in a digitally connected world, announced the appointment of Steve Hardy as its new Chief Marketing Officer, effective today.<br \/>\nAs CMO, Steve will lead Secureworks\u2019 global marketing strategy, including product marketing, demand generation, corporate communications and field marketing.<br \/>\nHe will report direc<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2509","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2509"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2509\/revisions"}],"predecessor-version":[{"id":4996,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2509\/revisions\/4996"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}