According to the Congressional report on Equifax, a root cause of the breach was that Equifax moved the IT security team out from under IT due to “fundamental disagreements.” Although this is highlighted as a shortcoming in the report, in my opinion, this is misguided. In the vast majority of organizations, infosec shouldn’t be under […]
Archive by Author
Super Micro Hardware Backdoors
Hardware Backdoors Network Monitoring Supply Chain Security Threat ModelToday, Bloomberg published an article claiming that at least some Super Micro motherboards contained hardware backdoors. While we don’t have any inside information, we’ve been fielding several calls from clients about actions they should take and wanted to expand our thoughts on this outside our existing customer base. To begin, it’s important to note that […]
Facebook Breach Webcast
UncategorizedToday Rendition Infosec presented a webcast on the Facebook API breach. We covered what we know and what we don’t about the breach up to this point. Note: the audio has a few issues. I apologize for some audio problems we had due to a user interface issue with our webcast provider. We’ve fixed it […]
Wegmans Suffers From A Supply Chain Attack
SCREATH Supply Chain SecurityThe grocery chain Wegmans is suing one of its suppliers (Invermar) for a supply chain breach. Though all the details aren’t yet available, Wegmans claims that Invermar was compromised and that the compromise allowed attackers to reroute payments. Wegmans’ total losses aren’t known, though the suit asks for $900,000 in damages. When we talk about […]
Threat Hunting Your Supply Chain
SCREATH Supply Chain Security Threat HuntingFrom the NotPetya attacks last year to the recent hijack of the MEGA browser plugin, it’s obvious that supply chain compromise isn’t just a theoretical risk anymore. But how do you threat hunt in an environment that isn’t your own? This is a difficult task, but we really focus on looking for the few indicators […]
Introducing SCREATH (Supply Chain Risk Framework)
SCREATH Supply Chain SecurityToday, I gave a talk at the SANS Threat Hunting Summit on Supply Chain Threat Hunting. I’ll publish slides later, but I wanted to post our supply chain threat hunting framework worksheet. I want to thank Brandon McCrillis (Rendition Infosec CEO) for freeing me up for the time to work on this (he also gave […]
SEC504 CTF Networking Troubeshooting
SANS SEC504I teach SANS SEC504 occasionally and have noted that over the last few years, students are having increasing numbers of issues getting set up for the CTF. If you’re having trouble getting connected, my first piece of advice is “calm down and don’t blame the instructor for connection issues.” This class is run a LOT. […]
Russia/DNC indictment introduces new legal theories
Cyber Influence Cyber Policy / Law RussiaThere appear to be two new legal theories being tested in the indictment of the GRU military officers charged with hacking the DNC/DCCC. First there are allegations that the use of hacked DNC email accounts amounts to aggravated identity theft. This is interesting because it’s a clear departure from what we normally think of in […]
It’s 10pm, do you know where your API keys are?
UncategorizedYesterday, the social media archival service Timehop announced that they had suffered a breach. The service allows users to look back through their social media feeds to see what was happening last year for instance. In order to facilitate this, Timehop stores API keys for users’ social media accounts. Timehop did a great job disabling […]
ICE Subpoenas Information About Infosec Researcher
UncategorizedYesterday, Zack Whittaker from ZDNet published a story about ICE attempting to gain information about a Twitter user who publishes information about data left exposed on the Internet. This is likely about export control regulations, but even if so, it is precedent setting. In this post, I share some thoughts on how this may change […]