1-616-951-1166 info@vdalabs.com

New Training Offering: Incident Response

We are excited to share with you details of our first training offering we are putting on locally in Grand Rapids, MI later this summer. More details below!


Contents

  • Security News
  • Latest Vulnerabilities
  • Grand Rapids Incident Response Training

Top Security News

Elastic SIEM is Here!

Many companies have been using the ELK (or more properly, Elastic) stack as a SIEM tool for some time. The combination of Elasticsearch for storage/querying of data, and Kibana for visualization, has proven to be a powerful setup for the security analytics space. This did, however, remain more of a ‘toolkit’ for building a SIEM than a ready made product, but with the latest version shipping this week, that is changing!

New (and free) SIEM modules will make the Elastic SIEM easier to adopt. We also look forward to seeing what they do with with their recent acquisition of Endgame Security.

https://www.elastic.co/blog/introducing-elastic-siem

Florida Cities Pay Up for Ransomware

In the past week two cities in Florida, Lake City and Riviera Beach, paid ransoms to attackers after they were completely shut down by ransomware infections. In one of the cases, phishing attacks were blamed for the original infection. The ransoms that were paid totaled over $1 Million USD, most of which appears to have been paid via the cities’ insurance providers.

https://www.cnet.com/news/another-florida-city-pays-hackers-over-ransomware-attack/

Raspberry Pi Breach at NASA

The NASA Jet Propulsion Lab revealed that it has been breached by hackers that planted a rogue Raspberry Pi device on the network for more than 10 months. A report released by the US Office of the Inspector General cited lack of basic security precautions such as network segmentation as reasons why the threat stayed hidden for so long. If you need to assess your org’s ability to detect a similar threat – let us know, we routinely drop Raspberry Pi’s on client networks when doing penetration testing.

https://threatpost.com/feds-hackers-mission-control-data-nasa-jpl/145842/


Recent Vulnerabilities

FireFox MacOS 0day Hits Macs

A new FireFox 0day threat (CVE-2019-11707) has been discovered dropping malware backdoors. The 0day was discovered by Apple security company Objective-See, who make MacOS security software (used by our team!).

https://exchange.xforce.ibmcloud.com/collection/9279529062749d9ff6c18fcb8154cb2f

New Ruby on Rails Vulns

CVE-2019-5420, an insecure deserialization vulnerability discovered within Ruby on Rails, now has public metasploit module and python PoC. A patch has been supplied by the vendor, fixing this issue and CVE-2019-5418, a file content disclosure bug, and CVE-2019-5419, a denial-of-service bug.

https://www.zerodayinitiative.com/blog/2019/6/20/remote-code-execution-via-ruby-on-rails-active-storage-insecure-deserialization


Incident Response Training: Tactics Techniques and Procedures

Incident Response Training from VDA Labs

VDA Labs has been working to develop a new course offering that will be offered for the first time in Summer 2019 built around our own incident handling TTPs (Tactics, Techniques, and Procedures) for conducting incident response operations. We will be offering this course in person, in Grand Rapids Michigan.

When: August 13 and 14, 8am to 5pm
Where: Calvin College DeVos Communications Center, Room 170
Cost: $1000/seat

Visit the course page for more details!