Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Mighty Fine Buckeyes, Folks. Mighty Fine.

Buckeye'd

May 08, 2019 by Marc Handelman in Espionage, Information Operations, Information Security, Information Technology, Government, Intelligence

Astounding flaws, reported by both Symantec and Ars Technica... What happended to OpSec? As importantly: The true ramifications for our country are yet unknown... Unless of course, this and other 'leaks' of the same or similar ilk - are, in fact - structured information operations of the highest caliber. Crafted to ensnare the miscreant espionage bounders wandering amongst us... You be the judge.

Key Findings

  • The Buckeye attack group was using Equation Group tools to gain persistent access to target organizations at least a year prior to the Shadow Brokers leak.
  • Variants of Equation Group tools used by Buckeye appear to be different from those released by Shadow Brokers, potentially indicating that they didn't originate from that leak.
  • Buckeye's use of Equation Group tools also involved the exploit of a previously unknown Windows zero-day vulnerability. This zero day was reported by Symantec to Microsoft in September 2018 and patched in March 2019.
  • While Buckeye appeared to cease operations in mid-2017, the Equation Group tools it used continued to be used in attacks until late 2018. It is unknown who continued to use the tools. They may have been passed to another group or Buckeye may have continued operating longer than supposed. - via Symantec Corporation's Threat Intelligence Blog
May 08, 2019 /Marc Handelman
Espionage, Information Operations, Information Security, Information Technology, Government, Intelligence

GrrCon Augusta 2018, Tomasz Bania's 'Intelligence Creating Intelligence: Leveraging What You Know To Improve Finding What You Don't ' →

September 27, 2018 by Marc Handelman in Conferences, Education, GrrCon Augusta, Information Security, Intelligence

Videography Credit: Irongeek (Adrian Crenshaw).

September 27, 2018 /Marc Handelman
Conferences, Education, GrrCon Augusta, Information Security, Intelligence

GRU'd →

March 25, 2018 by Marc Handelman in Espionage, Russia, Intelligence, Information Warfare, Information Security, Agitprop

via The Daily Beast's Spencer Ackerman and Kevin Poulsen, comes the tale of Guccifer 2.0, an officer of the GRU, Russia’s Main Intelligence Directorate (also known as, the Russian Military Intelligence Directorate); and, of course, there's this and this.. H/T

March 25, 2018 /Marc Handelman
Espionage, Russia, Intelligence, Information Warfare, Information Security, Agitprop

ENISA Releases 2017 Threat Report →

January 16, 2018 by Marc Handelman in Intelligence, Intelligence Sharing, Information Security, ENISA, European Union

The European Union Agency for Network and Information Security (ENISA) - has released it's Annual Threat Landscape 2017 Report (clicking the preceding link will download the artifact in PDF format). H/T to Jart Armin - Principle at CyberDefcon; a Netherlands based (registered in the UK) intelligence and threat analysis organization .

January 16, 2018 /Marc Handelman
Intelligence, Intelligence Sharing, Information Security, ENISA, European Union

AWS GuardDuty: Human Security Employment Will Become Moot →

November 30, 2017 by Marc Handelman in Information Security Jobs, Cybersecurity Jobs, SecDevOpps Jobs, Intelligence, Intelligence Sharing, Information Security, Cybersecurity, Analytics, Security Economics, Security Architecture, Security, Security Automation

The apparent beginning of the end for certain information and cyber security employment categories: Behold the newly minted Amazon.com, Inc. (NASDAQ: AMZN) AWS GuardDuty... H/T via the inimitable Trey Blalock of Firewall Consultants and Verification Labs.

November 30, 2017 /Marc Handelman
Information Security Jobs, Cybersecurity Jobs, SecDevOpps Jobs, Intelligence, Intelligence Sharing, Information Security, Cybersecurity, Analytics, Security Economics, Security Architecture, Security, Security Automation

BSides London 2017, Jack's 'Running Circles On Social Media - Intelligent OSINT' →

August 07, 2017 by Marc Handelman in Conferences, Education, Information Security, Intelligence, Intelligence Sharing, OSINT
August 07, 2017 /Marc Handelman
Conferences, Education, Information Security, Intelligence, Intelligence Sharing, OSINT

BSides Nashville 2017, Chris Sanders ' 'Abstract Tools for Effective Threat Hunting' →

May 08, 2017 by Marc Handelman in Threat Intelligence, Intelligence, Information Security
May 08, 2017 /Marc Handelman
Threat Intelligence, Intelligence, Information Security

SANS CTI 2017, Dave Herrald's and Ryan Kovar's 'The Threat Intel Victory Garden: Threat Intelligence Using Open Source Tools' →

April 10, 2017 by Marc Handelman in All is Information, Conferences, Education, Data Science, Data That Is Big, Intelligence, Threat Intelligence
April 10, 2017 /Marc Handelman
All is Information, Conferences, Education, Data Science, Data That Is Big, Intelligence, Threat Intelligence

SANS CTI 2017, Elias Fox's 'Integrating Cyber Threat Intelligence using Classic Intel Technique' →

April 07, 2017 by Marc Handelman in All is Information, Conferences, Education, Intelligence, Threat Intelligence
April 07, 2017 /Marc Handelman
All is Information, Conferences, Education, Intelligence, Threat Intelligence

SANS CTI 2017, Jeremy Johnson's 'Using Intelligence to Heighten your Defense' →

April 06, 2017 by Marc Handelman in All is Information, Conferences, Education, Intelligence, Threat Intelligence
April 06, 2017 /Marc Handelman
All is Information, Conferences, Education, Intelligence, Threat Intelligence

CTI Summit 2017, Threat Intelligence At Microsoft - A Look Inside →

March 14, 2017 by Marc Handelman in All is Information, Conferences, Information Sciences, Intelligence, Threat Intelligence
March 14, 2017 /Marc Handelman
All is Information, Conferences, Information Sciences, Intelligence, Threat Intelligence

Machine-Based Investigation: Fully →

March 14, 2017 by Marc Handelman in All is Information, Analytics, Computation, Data That Is Big, Exploration, Fingerprinting, Information Sciences, Intelligence, Robots, Machine Learning

via Motherboard writer Michael Byrne, comes this well-wrought piece on the apparent proliferation of 'bots on Twitter, ie., the implications of algorithm-driven entities on the Twitterverse. The fascinating component to this study by Onur Varol, Emilio Ferrara, Clayton A. Davis, Filippo Menczer and Alessandro Flammini, was the utilization of a machine-learning apparatus (and the feature-sets therein) to tease out the truth. Additional documentation (in the form of the paper) is available on arXIv. Today's MustRead.

"Part of what makes the new research interesting is the sheer number of features used in the classification model..." - Motherboard's Michael Byrne

March 14, 2017 /Marc Handelman
All is Information, Analytics, Computation, Data That Is Big, Exploration, Fingerprinting, Information Sciences, Intelligence, Robots, Machine Learning

CTI SUMMIT 2017, Robert M. Lee's - Knowing When to Consume Intelligence and When to Generate It →

March 13, 2017 by Marc Handelman in All is Information, Information Security, Threat Intelligence, Intelligence, Conferences, Education

H/T

March 13, 2017 /Marc Handelman
All is Information, Information Security, Threat Intelligence, Intelligence, Conferences, Education

Wisdom, Ignorance of the Crowds

February 22, 2017 by Marc Handelman in IARPA, Intelligence, All is Information, National Security, Must Read

IARPA's doing it, the Neuromongers did it, why not You? Well crafted report on the methodology behind applying the power behind the ignorance and widom of the crowd... Known as the Crowdsourcing Evidence, Argumentation, Thinking and Evaluation (CREATE), IARPA's new program ostensibly may enhance intelligence anlayst's capability levels by leveraging the behavior of crowdsourced resources. Today's Must Read.

February 22, 2017 /Marc Handelman
IARPA, Intelligence, All is Information, National Security, Must Read

Retailers Begin Physical Customer Tracking →

January 18, 2017 by Marc Handelman in All is Information, Tracking, Dubious Methodology, Questionable Tracking, User Tracking, Surveillance, Must Read, Demise of Privacy, Information Security, Information Sharing, Intelligence Sharing, Intelligence, IoT, IoT Security

Tracking, that is, with the assistance of Intel Corporation (NASDAQ: INTC), that benevolent arbiter of all things computational... El Reg has conveniently provided a FAQ (direct from the chip fabricator) in their superlatively reported post. Today's Must Read.

January 18, 2017 /Marc Handelman
All is Information, Tracking, Dubious Methodology, Questionable Tracking, User Tracking, Surveillance, Must Read, Demise of Privacy, Information Security, Information Sharing, Intelligence Sharing, Intelligence, IoT, IoT Security

iOS Tracking, The Control Gambit →

July 25, 2016 by Marc Handelman in All is Information, Information Security, Intelligence, Vulnerabilities, User Tracking

via Kate Kochetkova writing on the Kaspersky blog, comes advice on mitigating iOS tracking. Well played Ms. Kochetkova, Well Played.

 

July 25, 2016 /Marc Handelman
All is Information, Information Security, Intelligence, Vulnerabilities, User Tracking

J4VV4D, Defining Threat Intelligence →

May 03, 2016 by Marc Handelman in All is Information, Information Security, Intelligence, Intelligence Sharing, Threat Intelligence
May 03, 2016 /Marc Handelman
All is Information, Information Security, Intelligence, Intelligence Sharing, Threat Intelligence
fire.jpg

"Unauthorized Code" In Juniper Firewalls, The Decryption Litany →

December 18, 2015 by Marc Handelman in All is Information, Intelligence, Espionage, Malware

via the inimitable Dan Goodin and writing at Ars Technica, wherein the good Mr. Goodin, in a display of remarkable restraint, tells the tale of the discovery of code (in this case not 'authorized') making itself at home in Juniper network componentry. In this case, firewall network componentry. Ooops

December 18, 2015 /Marc Handelman
All is Information, Intelligence, Espionage, Malware

Threat Intelligence, The Primer

November 17, 2015 by Marc Handelman in All is Information, Information Security, Information Sharing, Intelligence, Intelligence Sharing, Threat Intelligence

Wang Wei talks threat intelligence at The Hacker News, and provides a primer, thereto.

November 17, 2015 /Marc Handelman
All is Information, Information Security, Information Sharing, Intelligence, Intelligence Sharing, Threat Intelligence

Council on Foreign Relations, The State of US Cybersecurity →

November 09, 2015 by Marc Handelman in All is Information, Intelligence, Infrastructure, Infosec Policy, Information Security
November 09, 2015 /Marc Handelman
All is Information, Intelligence, Infrastructure, Infosec Policy, Information Security
  • Newer
  • Older