Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC Stormcast For Tuesday, May 3rd 2016 http://isc.sans.edu/podcastdetail.html?id=4979
Reminder: OpenSSL releases later today!

Lean Threat Intelligence

Published: 2016-05-02
Last Updated: 2016-05-02 17:26:39 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Zach Allen over at Fastly has published a couple of posts on Lean Threat Intelligence.  

Part 1 describes a methodology for Threat Intelligence planning and design that can be reused virtually anywhere.  It focuses on the problem to be solved, not the technology to solve it.

I love how this posts boils Threat Intelligence down to a business problem to be solved, not a technology to be deployed.  Too often we deploy expensive and costly to manage technology products without understanding the specific problem that is to be solved, then the product winds up underutilized or is unsuitable.  As a security industry we need to spend more effort on the problem to be solved,considering the impact on people and processes, before evaluating a technology product. A lot of times an expensive technology is not necessary to solve the problem.

Part 2 is more technical.  It gets into the implementation of a Threat Intelligence system using only open source products.

Definitely a good read if you are interested in deploying Threat Intelligence on the cheap.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

0 comment(s)

Fake Chrome update for Android

Published: 2016-05-02
Last Updated: 2016-05-02 14:40:08 UTC
by Rick Wanner (Version: 1)
0 comment(s)

There have been numerous reports of a fake update for Chrome for Android.  A fake update for Android is not in itself very unusual or interesting, but this particular bit of malware is somewhat more insidious than most. The update, titled "Update_chrome.apk" requests administrative access to the device and then takes a page out of Zeus and other credential stealing malware and captures banking and personal information.  When the user makes a purchase in the Google Play store the malware uses a very realistic looking payment page that captures a screenshot of any credit card information entered and sends it to Russian.  The malware prevents its removal.  At this point the only way to remove the malware is by returning the device to factory defaults, causing all user data to be lost.

More information on this malware can be found over at the zScaler website.

This reiterates the usual methodology for software management on these devices.  Always get your updates from reputable sources such as Google Play, and if you do need to install updates from a third party developer you need to validate the update before installation.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: Android malware
0 comment(s)
ISC Stormcast For Monday, May 2nd 2016 http://isc.sans.edu/podcastdetail.html?id=4977

If you have more information or corrections regarding our diary, please share.

Recent Diaries

New release of PCI DSS (version 3.2) is available
3 days ago by Mark (1 comment)

DNS and DHCP Recon using Powershell
5 days ago by Rob VandenBrink (3 comments)

Kippos Cousin Cowrie
6 days ago by Tom (0 comments)

An Introduction to Mac memory forensics
6 days ago by Basil (0 comments)

View All Diaries →

Latest Discussions

Issue wit RSS Feed?
created 1 week ago by Matt M. (0 replies)

Privesc on Windows Server 2008 R2 Datacenter x64
created 2 weeks ago by Shaf (4 replies)

Government access to hosted data.
created 2 weeks ago by Anonymous (0 replies)

Cyber Hunt - Hawaii
created 2 weeks ago by MGiese (0 replies)

Top ten rising ports
created 3 weeks ago by Kim (1 reply)

View All Forums →

Latest News

View All News →

Top Diaries

Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
2 months ago by Dr. J. (24 comments)

CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo
2 months ago by Dr. J. (9 comments)

March 2016 Microsoft Patch Tuesday
1 month ago by Alex Stanford (22 comments)

Getting Ready for Badlock
1 month ago by Dr. J. (5 comments)

What to watch with your FIM?
1 month ago by Xme (4 comments)