Newsletter |
|||||||
July 27th, 2017 | |||||||
Server Hardening Policy- Examples & Tips |
|||||||
Every organization should have a hardened Windows build standard, a hardened Linux build standard, a hardened SQL Server / Oracle database build standard, a hardened firewall standard etc. However, determining what is an appropriate server hardening policy for your environment will require detailed research of hardening checklists and then an understanding of how this should be applied to your operating systems and applications.
|
|||||||
Botnet turns active directory domain controllers to c2 serversResearchers at the Australian security company, Threat Intelligence Pty Ltd., have created a possibly devastating botnet that exploits infected victims Active Directory Domain Controllers, resulting in internally hosted command and control servers. Active Directory is a Microsoft directory service for Windows that domain networks & stores information on network components, automates network management of user data, and authenticates and authorizes users while enforcing security policies. The attack method can use the AD as a central connecting point for any infected node or endpoint in the system, allowing the attacker to enable two-way communication with each other even when segmented into separate security zones. |
Cinema Chain Suffers Possible 2 year POS BreachThe Missouri-based cinema chain, B&B Theaters, is under investigation for a possible two-year breach of credit card credentials following a tip-off from a banking partner. UK Government to Invest 21 Million in NHS Cybersecurity The UK government has announced they will invest £21 million to beef up cybersecurity within the UK’s National Health Service (NHS). This news comes in the wake of the recent WannaCry ransomware attack that hit the NHS, locking staff out of their computers and leaving patients without the care they need.
|
Eternalblue exploit used in Wannacry ransomware attackThe leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry ransomware attack that started on May 12, 2017. This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.
The problem with running outdated software
|
|||||
2.2 Million Dow Jones Customers Impacted by exposed dataDow Jones & Company has accidentally leaked the personal details and financial information of at least 2.2 million of its customers, but security experts believe this number is said to increase.
The leak was revealed on May 30 and the database was secured by June 6, however, Dow Jones made little to no effort to notify customers of the incident, aside from an article published in the Journal on July 16 covering the leak. |
|||||||
|