• Zero Trust and Entra ID Conditional Access, (Sun, Jan 19th)

    Updated: 2025-01-19 02:48:18
    Microsoft Entra ID (Formerly Azure AD) Conditional Access (CA) policies are the key components to a Zero Trust strategy, as it provides the ability to function as the front door for users and devices. CA policies use attributes, or signals, of various components as variables to be used to enforce specific access controls. Attributes include user and device attributes, such as location and device risk. By defining and controlling the conditions in which access is granted, we can reduce risk and enhance security.

  • New tool: immutable.py, (Sat, Jan 18th)

    Updated: 2025-01-18 04:51:13
    : Internet Storm Center Sign In Sign Up Handler on Duty : Jim Clausing Threat Level : green previous My next : class LINUX Incident Response and Threat Hunting Baltimore Mar 3rd Mar 8th 2025 New tool : immutable.py Published 2025-01-18. Last Updated 2025-01-18 04:51:13 UTC by Tools Version : 1 0 comment(s When performing triage on a Linux system you suspect might be compromised , there are many aspects of the system that you may want to look at . In SANS FOR577 we talk about some existing tools and even writing your own bash script to collect triage data . In a case I worked a year or so ago , the attacker installed an LD_PRELOAD rootkit , which was itself pretty interesting , but one aspect that was a little unusual in this case was that they also set the immutable bit on etc

  • Leveraging Honeypot Data for Offensive Security Operations [Guest Diary], (Fri, Jan 17th)

    Updated: 2025-01-17 02:56:33
    [This is a Guest Diary by Alex Sanders, an ISC intern as part of the SANS.edu BACS program]

  • ISC Stormcast For Friday, January 17th, 2025 https://isc.sans.edu/podcastdetail/9284, (Fri, Jan 17th)

    Updated: 2025-01-17 00:39:29
    [This is a Guest Diary by Alex Sanders, an ISC intern as part of the SANS.edu BACS program]

  • Drata’s Matt Hillary on AI’s Role in Compliance and Governance

    Updated: 2025-01-16 21:43:20
    Matt Hillary, VP of Security and CISO at Drata, details problems and solutions as AI plays an expanding role in governance, risk, and compliance (GRC). Watch the video: The post Drata’s Matt Hillary on AI’s Role in Compliance and Governance appeared first on eWEEK.

  • Cribl’s Nick Heudecker on LLM and Data Security

    Updated: 2025-01-16 21:35:44
    Nick Heudecker, Sr. Director, Market Strategy and Competitive Intelligence at Cribl, discussed how to address cyber risks in LLMs and data harvesting, and also made predictions about the future of cybersecurity in the age of AI. Watch the video: The post Cribl’s Nick Heudecker on LLM and Data Security appeared first on eWEEK.

  • Microsoft January 2025 Patch Tuesday, (Tue, Jan 14th)

    Updated: 2025-01-14 18:40:40
    This month&#;x26;#;39;s Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days. The updates span various components, with significant attention required for vulnerabilities that could lead to privilege escalation and remote code execution. Users and administrators are strongly advised to prioritize the application of these patches to safeguard against potential threats and maintain system integrity.

  • ISC Stormcast For Tuesday, January 14th, 2025 https://isc.sans.edu/podcastdetail/9278, (Mon, Jan 13th)

    Updated: 2025-01-13 22:59:28
    This month&#;x26;#;39;s Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days. The updates span various components, with significant attention required for vulnerabilities that could lead to privilege escalation and remote code execution. Users and administrators are strongly advised to prioritize the application of these patches to safeguard against potential threats and maintain system integrity.

  • Hikvision Password Reset Brute Forcing, (Mon, Jan 13th)

    Updated: 2025-01-13 20:41:00
    One common pattern in password resets is sending a one-time password to the user to enable them to reset their password. The flow usually looks like:

  • ISC Stormcast For Monday, January 13th, 2025 https://isc.sans.edu/podcastdetail/9276, (Mon, Jan 13th)

    Updated: 2025-01-13 01:42:35
    One common pattern in password resets is sending a one-time password to the user to enable them to reset their password. The flow usually looks like:

Previous Months Items

Dec 2024 | Nov 2024 | Oct 2024 | Sep 2024 | Aug 2024 | Jul 2024