Date Author Title

CRITICAL CONTROL 11

2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control

CRITICAL

2019-10-19/a>Russell EubanksWhat Assumptions Are You Making?
2019-07-25/a>Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2017-07-24/a>Russell EubanksTrends Over Time
2017-06-10/a>Russell EubanksAn Occasional Look in the Rear View Mirror
2017-05-28/a>Pasquale StirparoAnalysis of Competing Hypotheses (ACH part 1)
2017-05-02/a>Richard PorterDo you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2015-12-21/a>Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-11-04/a>Richard PorterApplication Aware and Critical Control 2
2015-05-29/a>Russell EubanksTrust But Verify
2014-04-12/a>Guy BruneauCritical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2012-08-21/a>Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2011-11-03/a>Richard PorterAn Apple, Inc. Sandbox to play in.
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-08-15/a>Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2010-04-02/a>Guy BruneauOracle Java SE and Java for Business Critical Patch Update Advisory
2009-09-05/a>Mark HofmanCritical Infrastructure and dependencies

CONTROL

2024-04-22/a>Jan KoprivaIt appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2022-05-03/a>Rob VandenBrinkFinding the Real "Last Patched" Day (Interim Version)
2021-07-08/a>Xavier MertensUsing Sudo with Python For More Security Controls
2021-05-12/a>Jan KoprivaNumber of industrial control systems on the internet is lower then in 2020...but still far from zero
2019-10-19/a>Russell EubanksWhat Assumptions Are You Making?
2019-07-25/a>Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18/a>Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2017-07-24/a>Russell EubanksTrends Over Time
2017-06-10/a>Russell EubanksAn Occasional Look in the Rear View Mirror
2016-11-23/a>Tom WebbMapping Attack Methodology to Controls
2016-10-08/a>Russell EubanksUnauthorized Change Detected!
2016-07-26/a>Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2015-12-21/a>Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-11-04/a>Richard PorterApplication Aware and Critical Control 2
2015-05-29/a>Russell EubanksTrust But Verify
2014-10-13/a>Lorna HutchesonFor or Against: Port Security for Network Access Control
2014-08-17/a>Rick WannerPart 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-07-28/a>Guy BruneauManagement and Control of Mobile Device Security
2014-06-11/a>Daniel WesemannHelp your pilot fly!
2014-02-10/a>Rob VandenBrinkA Tale of Two Admins (and no Change Control)
2013-09-02/a>Guy BruneauMultiple Cisco Security Notice
2013-03-13/a>Mark BaggettWipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2012-12-31/a>Manuel Humberto Santander PelaezHow to determine which NAC solutions fits best to your needs
2012-11-23/a>Rob VandenBrinkWhat's in Your Change Control Form?
2011-11-03/a>Richard PorterAn Apple, Inc. Sandbox to play in.
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2010-08-22/a>Rick WannerFailure of controls...Spanair crash caused by a Trojan
2010-08-19/a>Rob VandenBrinkChange is Good. Change is Bad. Change is Life.
2010-08-05/a>Rob VandenBrinkAccess Controls for Network Infrastructure
2010-06-14/a>Manuel Humberto Santander PelaezPython on a microcontroller?
2010-06-07/a>Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus

11

2023-07-12/a>Brad DuncanLoader activity for Formbook "QM18"
2023-06-17/a>Brad DuncanFormbook from Possible ModiLoader (DBatLoader)
2023-03-22/a>Didier StevensWindows 11 Snipping Tool Privacy Bug: Inspecting PNG Files
2021-07-09/a>Brad DuncanHancitor tries XLL as initial malware file
2021-06-30/a>Johannes UllrichCVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-02-24/a>Brad DuncanMalspam pushes GuLoader for Remcos RAT
2019-11-06/a>Brad DuncanMore malspam pushing Formbook
2015-08-12/a>Rob VandenBrinkWireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html
2015-06-16/a>John BambenekCVE-2014-4114 and an Interesting AV Bypass Technique
2014-02-07/a>Rob VandenBrinkNew ISO Standards on Vulnerability Handling and Disclosure
2012-05-07/a>Guy BruneauiOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-19/a>Kevin ShorttOpenSSL Security Advisory - CVE-2012-2110
2012-01-12/a>Rob VandenBrinkPHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28/a>Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13/a>Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12/a>Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11/a>Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10/a>Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07/a>Mark HofmanCritical Control 5 - Boundary Defence
2011-10-06/a>Rob VandenBrinkApache HTTP Server mod_proxy reverse proxy issue
2011-10-04/a>Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04/a>Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03/a>Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-03/a>Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03/a>Mark BaggettWhat are the 20 Critical Controls?
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-21/a>Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-08-11/a>Johannes UllrichAs part of this weeks patch tuesday, microsoft also re-release MS11-043 to address stability issues.
2011-04-15/a>Kevin ListonMS11-020 (KB2508429) Upgrading from Critical to PATCH NOW
2011-02-23/a>Manuel Humberto Santander PelaezBind DOS vulnerability (CVE-2011-0414)
2011-01-03/a>Johannes UllrichWhat Will Matter in 2011
2010-08-15/a>Manuel Humberto Santander PelaezOpensolaris project cancelled, replaced by Solaris 11 express
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2009-08-28/a>Adrien de BeaupreWPA with TKIP done
2000-01-01/a>Manuel Humberto Santander PelaezHappy New Year 2011!!!