Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-05-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Lean Threat Intelligence

Published: 2016-05-02
Last Updated: 2016-05-02 17:26:39 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Zach Allen over at Fastly has published a couple of posts on Lean Threat Intelligence.  

Part 1 describes a methodology for Threat Intelligence planning and design that can be reused virtually anywhere.  It focuses on the problem to be solved, not the technology to solve it.

I love how this posts boils Threat Intelligence down to a business problem to be solved, not a technology to be deployed.  Too often we deploy expensive and costly to manage technology products without understanding the specific problem that is to be solved, then the product winds up underutilized or is unsuitable.  As a security industry we need to spend more effort on the problem to be solved,considering the impact on people and processes, before evaluating a technology product. A lot of times an expensive technology is not necessary to solve the problem.

Part 2 is more technical.  It gets into the implementation of a Threat Intelligence system using only open source products.

Definitely a good read if you are interested in deploying Threat Intelligence on the cheap.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

0 comment(s)

Fake Chrome update for Android

Published: 2016-05-02
Last Updated: 2016-05-02 14:40:08 UTC
by Rick Wanner (Version: 1)
0 comment(s)

There have been numerous reports of a fake update for Chrome for Android.  A fake update for Android is not in itself very unusual or interesting, but this particular bit of malware is somewhat more insidious than most. The update, titled "Update_chrome.apk" requests administrative access to the device and then takes a page out of Zeus and other credential stealing malware and captures banking and personal information.  When the user makes a purchase in the Google Play store the malware uses a very realistic looking payment page that captures a screenshot of any credit card information entered and sends it to Russian.  The malware prevents its removal.  At this point the only way to remove the malware is by returning the device to factory defaults, causing all user data to be lost.

More information on this malware can be found over at the zScaler website.

This reiterates the usual methodology for software management on these devices.  Always get your updates from reputable sources such as Google Play, and if you do need to install updates from a third party developer you need to validate the update before installation.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: Android malware
0 comment(s)
ISC Stormcast For Monday, May 2nd 2016 http://isc.sans.edu/podcastdetail.html?id=4977
Diary Archives