Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 31

Baanboard at LinkedIn

Reference Content


Security Awareness Month: How to Help Friends and Family, (Wed, Oct 4th)

SANS Internet Storm Center - October 4, 2017 - 9:03pm
For the last few years, October has been "Security Awareness Month", with various organizations using it to promote security awareness. We have done a few "themed" diaries around security awareness in past years, but for the most part, there isn't that much new to say for our core audience. Security awareness is however still a big issue for the rest of humanity, and if you are looking for advice to help friends and family become more security-aware, then the SANS Securing the Human project has a nice newsletter for you.
Categories: Security

Securing "Out of Band" Access, (Wed, Oct 4th)

SANS Internet Storm Center - October 4, 2017 - 8:58pm
How do you get to your critical systems if the network is down? There are a number of different technologies that are used in this case. Often, they involve some kind of terminal server that is connected to the system via a serial terminal (yes... there are still some of them around), or via an IP based KVM switch. The terminal server itself may be reachable via a backup network connection, or maybe someone even has a dial-in setup around for them. But no matter the exact technology you are using to implement this, a "backup connection", or "out of band connection" often bypasses a lot of security controls. This is done by design to ensure that the backup connection can be used even if these security devices do not respond. Often, these connections are also used to manage security devices.
Categories: Security

Investigating Security Incidents with Passive DNS, (Mon, Oct 2nd)

SANS Internet Storm Center - October 2, 2017 - 8:48am
Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webmasters who are just doing their job. If some servers or websites remains compromised for weeks, others are very quickly restored/patched/cleaned to get rid of the malicious content. It’s the same for domain names. Domains registered only for malicious purposes can be suspended to prevent further attacks. If the domain is not suspended, the offending DNS record is simply removed.
Categories: Security

Who's Borrowing your Resources?, (Sat, Sep 30th)

SANS Internet Storm Center - October 1, 2017 - 1:44pm
There is a buzz that started to stir in the past few days with the rise of cryptocurrency miner javascript code showing up on various websites. In particular, it seems to be Coinhive's miner javascript code.  I do want to note that Coinhive specifically states:
Categories: Security

Good Analysis = Understanding(tools + logs + normal), (Fri, Sep 29th)

SANS Internet Storm Center - September 29, 2017 - 8:40pm
We had a reader send an email in a couple of weeks ago asking about understanding the flags field when looking at data in a report.   He didn't understand what the "flags" were referring to or what the actual flags mean. "They don’t appear related to TCP header flags like I’ve normally seen...S is the most common but I occasionally see RSA, RUS and a few others."
Categories: Security

The easy way to analyze huge amounts of PCAP data, (Thu, Sep 28th)

SANS Internet Storm Center - September 28, 2017 - 8:04am
When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a quick diary[1] to explain how to implement a simple FPC or “Full Packet Capture” solution based on a Docker container. It’s nice to capture all the traffic in PCAP files but then? PCAP files are not convenient to process and they consume a lot of disk space (depending on the captured traffic of course).
Categories: Security

It is a resume - Part 3, (Sun, Sep 10th)

SANS Internet Storm Center - September 27, 2017 - 9:17am
In this short series of diary entries, I show how I try to conclude that a PDF file (a resume) is not malicious, but benign. This is the last part. Thanks to Xavier for letting me post this during his shift.
Categories: Security

Forensic use of mount --bind, (Sun, Sep 24th)

SANS Internet Storm Center - September 24, 2017 - 1:28am
In my previous diary, I mentioned a recent case that led me to write In that case, I mentioned that I needed to build a filesystem timeline and wanted to collect hashes because I suspected there were multiple copies of some possible malware scattered around the disk. The biggest issue I had was that hashing the files requires reading them which would update the access times, something I really did not want to do. So, I decided to use a trick on a live system that I had employed occasionally in the past when I got a tar file rather than a disk image of, say, a directory from a SAN or NAS. For those of you who aren't aware, on Linux, you can use the mount command to essentially link a directory to another location in the directory tree. In the screenshot below, you can see the results of df -h and mount on one of my test VMs.
Categories: Security

All times are GMT +2. The time now is 20:56.

©2001-2017 - -