In this ongoing blog series on preparing for complying with the EU’s General Data Protection Regulation (GDPR), we’ve explained the importance of having solid, foundational security practices like asset management and threat prioritization. Today, we’ll discuss how another such practice can help organizations stay on the right side of GDPR: Indication of Compromise (IOC).

In a nutshell, IOC can help customers who are dealing with unauthorized access to customer personal data by an external threat actor or adversary. This makes IOC particularly relevant to GDPR’s stringent requirements for data integrity, control, accountability and protection.

To comply with GDPR, which goes into effect on May 25, companies worldwide — not just in the EU — must know what personal data of EU residents they have, where it’s stored, with whom they’re sharing it, how they’re protecting it, and what they’re using it for.

Continue reading …

This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, File Integrity Monitoring, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows.  (Post updated 3/23 to include new FIM features for this release.)

Continue reading …

Dark Reading is reporting on a new banking trojan called ‘Silence’ that mimics techniques similar to the Carbanak hacker group targeting banks and financial institutions.  The attack vector is similar – target individuals using spear-phish emails to trick them into running a malicious attachment which will connect to download a dropper to further infect the user’s machine.  This attack does not use an exploit against a vulnerability, but rather takes advantage of social engineering to fool the user into executing the malicious payload and infecting their machine.

Silence is interesting in that the trojan’s capabilities include a screen grabber that will take multiple screenshots of the user’s active monitor and upload the real-time stream to a command and control server for monitoring by the adversary.  This technique allows the threat actor to identify which users have access to specific banking applications, systems, and accounts that they can use for financial gain.

Continue reading …

(updated: 10/26/2017 with additional file hashes and mitigations)

A new ransomware campaign has affected at least three Russian media companies in a fast-spreading malware attack. Fontanka and Interfax are among the companies affected by the Bad Rabbit ransomware named by the researchers who first discovered it. The malware is delivered as fake Flash installer, it uses the SMB protocol to check hardcoded credentials. Bad Rabbit does not employ any exploits to gain execution or elevation of privilege. The Ukrainian computer emergency agency CERT-UA has issued an alert incident and mentioned that Odessa airport and Kiev subway were also affected. It is unsure whether this alert is regarding Bad Rabbit, but they suspect that it may be the start of a new wave of cyberattacks.

Continue reading …