New Training Offering: Incident Response
We are excited to share with you details of our first training offering we are putting on locally in Grand Rapids, MI later this summer. More details below!
- Security News
- Latest Vulnerabilities
- Grand Rapids Incident Response Training
Top Security News
Elastic SIEM is Here!
Many companies have been using the ELK (or more properly, Elastic) stack as a SIEM tool for some time. The combination of Elasticsearch for storage/querying of data, and Kibana for visualization, has proven to be a powerful setup for the security analytics space. This did, however, remain more of a ‘toolkit’ for building a SIEM than a ready made product, but with the latest version shipping this week, that is changing!
New (and free) SIEM modules will make the Elastic SIEM easier to adopt. We also look forward to seeing what they do with with their recent acquisition of Endgame Security.
Florida Cities Pay Up for Ransomware
In the past week two cities in Florida, Lake City and Riviera Beach, paid ransoms to attackers after they were completely shut down by ransomware infections. In one of the cases, phishing attacks were blamed for the original infection. The ransoms that were paid totaled over $1 Million USD, most of which appears to have been paid via the cities’ insurance providers.
Raspberry Pi Breach at NASA
The NASA Jet Propulsion Lab revealed that it has been breached by hackers that planted a rogue Raspberry Pi device on the network for more than 10 months. A report released by the US Office of the Inspector General cited lack of basic security precautions such as network segmentation as reasons why the threat stayed hidden for so long. If you need to assess your org’s ability to detect a similar threat – let us know, we routinely drop Raspberry Pi’s on client networks when doing penetration testing.
FireFox MacOS 0day Hits Macs
A new FireFox 0day threat (CVE-2019-11707) has been discovered dropping malware backdoors. The 0day was discovered by Apple security company Objective-See, who make MacOS security software (used by our team!).
New Ruby on Rails Vulns
CVE-2019-5420, an insecure deserialization vulnerability discovered within Ruby on Rails, now has public metasploit module and python PoC. A patch has been supplied by the vendor, fixing this issue and CVE-2019-5418, a file content disclosure bug, and CVE-2019-5419, a denial-of-service bug.
Incident Response Training from VDA Labs
VDA Labs has been working to develop a new course offering that will be offered for the first time in Summer 2019 built around our own incident handling TTPs (Tactics, Techniques, and Procedures) for conducting incident response operations. We will be offering this course in person, in Grand Rapids Michigan.
When: August 13 and 14, 8am to 5pm
Where: Calvin College DeVos Communications Center, Room 170