jos1264, 27 days ago to PaloAltoNetworks

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls https://www.securityweek.com/palo-alto-networks-shares-remediation-advice-for-hacked-firewalls/ #IncidentResponse #PaloAltoNetworks #exploited

appassionato, 2 months ago to books

Digital Forensics and Incident Response: Incident Response Tools and Techniques for Effective Cyber Threat Response, 3rd Edition by Gerard Johansen

Build your organization's cyber defense system by effectively applying digital forensics, incident management, and investigation techniques to real-world cyber threats.

@bookstodon
#books
#nonfiction
#DigitalForensics
#IncidentResponse

jos1264, 3 months ago to random

UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion https://apnews.com/article/un-experts-north-korea-cyberattacks-nuclear-sanctions-8e84703049dfb4fda011829115777c9e?&web_view=true #IncidentResponse #Learnings

jos1264, 3 months ago to random

US Charges Two More Suspects With DraftKings Account Hacks https://www.bleepingcomputer.com/news/security/us-charges-two-more-suspects-with-draftking-account-hacks/?&web_view=true #IncidentResponse #Learnings

PogoWasRight, 3 months ago (edited 3 months ago) to random

"The Wall Street Journal recently reported that #23andMe once had a market cap of $6 billion. That has dropped to $350 million. "

Here we go again: how do we figure out how much of 23andMe's woes is due to a #databreach and their pretty deplorable #incidentresponse that blamed their users, and how much is due to other financial issues involving their investments?

23andMe Destroyed by Hackers and Losses: https://247wallst.com/business/2024/02/01/23andme-destroyed-by-hackers-and-losses/

infosystir, 3 months ago to random

Walk through a customer incident with me!

What happens when attackers can SEO their fake application to the first page of search results, alerts fire along the way, and you have a customer and secops team that are top notch!

https://www.blumira.com/masked-application-attack-incident-report/

#incidentresponse #malware #dfir #smbsecurity #lolbas #bankingindustry #creditunions

PogoWasRight, 3 months ago to random

"Based on 481 ransomware attacks from the Dutch police and a Dutch incident response party, we arrive at a number of key insights: Insurance led to a 2.8x higher ransom amount paid, without affecting the frequency of payments. Data exfiltration led to a 5.5 times higher ransom amount paid, without affecting the frequency of payments. Organizations with recoverable backups were 27.4 times less likely to pay the ransom compared to victims without recoverable backups.

Press release: https://www.utwente.nl/nieuws/2024/1/1318314/ut-brengt-besluitvormingsproces-slachtoffers-ransomware-in-kaart#belangrijke-inzichten

Full article by Tom Meurs and colleagues: https://ris.utwente.nl/ws/portalfiles/portal/324702475/Ecrime2023vPREPRINT.pdf

h/t, #politieNL

@allan @brett @lawrenceabrams @ecrime_ch @GossiTheDog

#databreach #ransomware #cyberinsurance #backup #incidentresponse #risk #dataprotection #analyses

PogoWasRight, 3 months ago to Cybersecurity

Cybercriminals stole thousands of UW records, but system leaders didn’t tell the public. Why?

https://www.dailycardinal.com/article/2024/01/cybercriminals-stole-thousands-of-uw-records-but-system-leaders-didnt-tell-the-public-why?

@douglevin @funnymonkey @brett @michaelfklein

#databreach #EduSec #NSC #cybersecurity #incidentresponse #infosec #EdTech

ljrk, 4 months ago to infosec

So, und nu auch mal für meine Bubble

#InfoSec #Cybersecurity #IncidentResponse

Walker, 4 months ago to random

Once again Atlassian is keeping incident responders busy.

#Atlassian #Confluence #RCE #vulnerability #activeexploitation #eitw #CVE202334048 #CVE202322527 #incidentresponse

douglevin, 4 months ago to ukteachers

Letters sent out to former students, employees of school districts about a data breach (that happened last year, natch) https://www.wdio.com/front-page/top-stories/letters-sent-out-to-former-students-employees-of-school-districts-about-a-data-breach/ #edtech #edusec #databreach @PogoWasRight @brett @funnymonkey

jos1264, 4 months ago to random

US Court Docs Expose Fake Antivirus Renewal Phishing Tactics https://www.bleepingcomputer.com/news/security/us-court-docs-expose-fake-antivirus-renewal-phishing-tactics/?&web_view=true #IncidentResponse #Learnings

PogoWasRight, 4 months ago to random

As incident response and public relations go, blaming victims for your breach is generally not an impressive strategy. Michael Edgar reports that 23andMe seems to be doing exactly that. Read more at https://www.digit.fyi/23andme-says-breach-victims-are-to-blame-legal-action-is-futile/ or you may want to first read 23andMe's letter in which they claim that no breach occurred, but if it occurred, it's been remediated, and 23andMe didn't violate CMIA or GIPA either:
https://www.documentcloud.org/documents/24252535-response-letter-to-tycko-zavareei-llp

#incidentresponse #databreach #accountability

@brett

BishopFox, 4 months ago to security

Take a look into what sets the Bishop Fox approach to tabletop exercises in #RedTeaming apart. Senior Red Team Consultant @alethe shares how our team focuses on these highly beneficial exercises as building blocks for stronger #security programs versus mandatory compliance tasks. https://bfx.social/3H7Ech2

#incidentresponse #IR #offensivesecurity

PogoWasRight, 4 months ago to Cybersecurity

Parathon by JDA e-Health: what we still don’t know about their July ransomware incident:
https://www.databreaches.net/parathon-by-jda-e-health-what-we-still-dont-know-about-their-july-ransomware-incident/

#ransomware #Akira #incidentresponse #transparency #businessassociate #vendor #HIPAA #HITECH #HealthSec #cybersecurity

@brett @jgreig @BleepingComputer @amvinfe

j9t, 4 months ago to random

Incident, Mitigate, Learn:

We can’t just pick two.

https://meiert.com/en/blog/mitigate-and-learn/

#incidents #incidentresponse

PogoWasRight, 4 months ago to Cybersecurity

BlackSuit has listed Blaine County School District in Idaho on their leak site today, but they provide no details and no proof of claim. The district did acknowledge discovering an attack on November 20, but says that seemed to affect employee data only. Recent news coverage here: https://www.mtexpress.com/news/blaine_county/bcsd-among-idaho-agencies-hit-by-cyberattacks/article_20784726-9f97-11ee-8254-abcb43d11f0a.html

@douglevin @brett @funnymonkey

#EduSec #databreach #incidentresponse #cybersecurity #Infosec

Discernible, 5 months ago to random

The best incident response communications are built on a foundation of strong, ongoing security communications. Here are a few tips on how to do that.

#SecurityCommunications #IncidentResponse

https://discernibleinc.com/blog/turning-incident-response-communications-into-a-sustainable-security-communications-program

PogoWasRight, 5 months ago to random

Here's DOJ's press release on the alphv variant takedown:

Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant:

https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant

#ransomware #alphv #enforcement

PogoWasRight, 5 months ago to infosec

The York Region District School Board, which covers an area stretching from Toronto in the south to Lake Simcoe in the north, with a student population of over 128,000, said in a statement this week that late on Nov. 8, the IT department became aware of a cyber incident.

https://www.itworldcanada.com/article/southern-ontario-school-board-acknowledges-cyber-incident/555322

#EduSec #infosec #cybersecurity #incidentresponse #transparency

@brett @douglevin @funnymonkey

PogoWasRight, 5 months ago to infosec

Back in October, Qlin TAs added Cardiovascular Consultants to their leak site with an alleged data dump that didn't download.

On December 1, Cardiovascular Consultants (CVCHeart) notified HHS that the September incident affected 484,000 patients and guarantors.

Some more details/background here: https://www.databreaches.net/cardiovascular-consultants-cvc-heart-allegedly-hit-by-ransomware/

#HealthSec #ransomware #infosec #incidentresponse #cybersecurity

@brett @BleepingComputer @campuscodi @ajvicens

PogoWasRight, 5 months ago to random

Petersen Health Care allegedly a victim of a cyberattack, but not much is known at this point:

https://www.databreaches.net/petersen-health-care-allegedly-a-victim-of-a-cyberattack-but-not-much-is-known-at-this-point/

This one is claimed by Cactus, but neither Petersen nor Cactus have responded to inquiries.

#databreach #HealthSec #transparency #incidentresponse #ransomware

PogoWasRight, 5 months ago to infosec

Medusa added the Hinsdale School District to their leak site with ample proof of claims and a price tag of $200k to delete all the data or buy it all. A countdown clock gives the district 10 days.

This ransomware attack was previously disclosed in the news a few days ago at https://www.reformer.com/local-news/hinsdale-schools-struck-by-ransomware-attack/article_e25830dc-95d7-11ee-aaa6-1b5fd92357f7.html

@douglevin @funnymonkey @brett

#ransomware #databreach #incidentresponse #infosec #cybersecurity #EduSec

PogoWasRight, 5 months ago to random

Did Akumin experience two cyber attacks in October and November? It has only acknowledged one.

https://www.databreaches.net/did-akumin-experience-two-cyber-attacks-in-october-and-november-it-has-only-acknowledged-one/

#databreach #ransomware #extortion #transparency #incidentresponse

h/t, @amvinfe

@brett @jgreig

firstdotorg, 5 months ago to random

Join the @firstdotorg Team & help design a collaborative #cybercapacitybuilding program with the Africa #incidentresponse community! Applications open until 4 Jan for a full-time Regional Liaison. Learn more & apply at https://www.first.org/about/jobs #AfricaCyber #CSIRT #CCB