Note-to-self: Regarding The Dropbox Hack, are YOU impacted?

To all who is using Dropbox… get your passprhase (yes, phrase, not word) changed and have it highly complex (eg using password manager).

Bit late maybe, but NOW is a good time.
See: https://www.troyhunt.com/the-dropbox-hack-is-real/

And another hint: subscribe to the https://haveibeenpwned.com/ website and get notified when the bad news comes.

Stay safe!

Note-to-self: free download of the 2015 Cyberthreat Defense Report from CyberEdge Group (and no registration needed)

Source (*): http://www.cyber-edge.com/2015-cdr/

CyberEdge has released the 2015 Cyberthreat Defense Report, which is a very-interesting-read for security professionals.
Among the findings: 52% of respondents expect to fall victim to a cyberattack in 2015.

Although most of these ‘free’ reports don’t cost you a penny, they are not free at all as you’ll need to pay with your personal data.
At minimum with your mail address…

Yes, we know, the registration of your email address is the refund of the marketing these companies need.
But do you want to pay that price?

And a lot of second-line security companies and/or partners of CyberEdge will do the same thing… publishing the free report after you have registered.
(Got the publication notification from Blue Coat systems…, but you can easily find more Bing it yourself.)
The downside of this is that you have no control at all what happens to that registration, despite the privacy and legal regulations (like double opt-in)…

So it’s always fun to look out for really ‘free’ (and legal) downloads… 😉

(*) In this case, stick to the source: http://www.cyber-edge.com/wp-content/uploads/2015/03/CyberEdge-2015-CDR-Report.pdf
[no guarantee how long it will stay ‘free’,…;)  ]

Enjoy!

 

 

Note-to-self: Podcast An Insider’s Look at the Security of Microsoft Azure – Assume the Breach!

Source: got this from Tom Shinder, https://twitter.com/tshinder

“Really interesting and informative podcast with David Cross, where he discusses a multitude of issues around Azure Security.

Definitely 5 stars!

An Insider’s Look at the Security of Microsoft Azure – Assume the Breach!

Note-to-self: Insider Threat report from Infosecbuddy

Source: http://www.infosecbuddy.com/thank-you-here-is-your-insider-threat-report/

(No, you don’t need to leave your precious dummy contact details…)

From the report:

“Highly publicized insider data theft, such as the recent Morgan Stanley breach or Edward Snowden incident,
highlight the increasing need for better security practices and solutions to reduce the risks posed by insider threats.

This report is the result of comprehensive crowd-based research in cooperation with the
260,000+ member Information Security Community on LinkedIn and Crowd Research Partners to gain more insight into the state
of insider threats and solutions to prevent them.”

Note-to-self: using Honeypot to detect Mimikatz Use On Your Network

Source: https://isc.sans.edu/diary/Detecting+Mimikatz+Use+On+Your+Network/19311

In short:”… Here is the idea.   You stage these fake credentials in the memory of computers you suspect might be the initial entry point on your network.   Perhaps all the computers sitting in your DMZ.    For a great deception my friend Rob Fuller (@mubix) is toying with the idea of putting this into the logon scripts to stage fake workstation administrator accounts on all the machines in your network.  Then you would setup alerts on your network that detect the use of the fake accounts.    Be sure to choose a username that an attacker will think is valid and will have high privileges on your domain. …