Sending Duo Logs to a Syslog Device

Duo Security is one of the most popular 2-factor authentication applications on the market today. All of the authentication and administrative logs are stored in the admin portal located at https://admin.duosecurity.com. Up until recently, if you wanted to view the logs, you either had to log into the admin portal or use the Duo API to query your Duo instance and manually pull the logs. There have been some scripts that individuals have released to perform this API query, but recently, Duo released their own official version: https://github.com/duosecurity/duo_log_sync/.

Read more...

Hacking Finally Tops Healthcare Breach Causes

One would think that most data breaches were caused by hacking as those are the breaches that are always mentioned in the news. However, up until the end of 2019, Theft was still the top cause of breaches in healthcare according to data compiled from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

Read more...

Introducing Pyoneer

Pyoneer was created to assist with the search for sensitive information while on customer engagements. The tool has been used in different scenarios, not just for penetration testing, but that is where the tools development began. Pyoneer’s base script was written overnight while sitting in a hotel room on an engagement. The idea came while completing another script, Spyder, to ingest a CSV file and mount shares, “Wouldn’t it be great to have something to automatically scan these shares?”. A quick search for an open-source tool turned up nothing, so I began writing the foundation of the script. It was in no way ready during the engagement and the development continued at home. It took roughly a week to complete the script.

Read more...

Ransomware Prevention Tips

  • Published in Research
  • Read: 3920 times

We have compiled a list of security measures to implement to either prevent ransomware or limit the damage. Organizations need not implement all of these in order to prevent ransomware. However, these are various strategies that can be implemented depending on the company. Security measures such as "application whitelisting" will prevent most malicious software on its own.  Overall, most of these strategies are best practice and should be implemented as part of a larger security framework such as SANS Critical Controls.

Read more...

Locky Ransomware Demonstration

  • Published in Research
  • Read: 3510 times

Stern Security Labs analyzed a Locky ransomware sample.  The following video shows an actual Locky ransomware attack on a Windows 7 machine.  Watch how fast the ransomware encrypts the files on the computer.  The computer is encrypted within one minute of clicking on the malicious "invoice.pdf" file!

Read more...

Locky Ransomware Analysis

We have recently received two samples of Locky maldoc (malicious document) ransomware from a healthcare institution.  Ransomware is a devastating piece of malware that encrypts important files on an infected computer and demands ransom to decrypt the files.  We will examine two samples.

Read more...

Top 10 Highlights of FDA’s Draft Guidance on Cybersecurity in Medical Devices

Background
On January 22nd, 2016, the Food and Drug Administration released a draft guidance document titled “Postmarket Management of Cybersecurity in Medical Devices”.  (Food and Drug Administration).  This important document addresses the need for security throughout the lifecycle of several medical devices.  Improving medical device security is a subset of President Obama’s February 19th, 2013 Executive Order 13636 – “Improving Critical Infrastructure Cybersecurity”.  

Read more...

Protect your iCloud account with two-step verification

All Apple users need to enable two-step verification on their iCloud accounts if they have not already.  This protects your account by confirming your identity through a text message in addition to your password.  So even if someone steals your password, they would need to steal your phone as well to get into your iCloud account.

Read more...

How to protect your email account with two-factor authentication

  • Published in Research
  • Read: 4063 times

What is the most important account that you own?.... Most people would say it's their bank account, but many underestimate the value of their email account. If someone gets access to your email account, they can often access all of your other electronic accounts including your bank, LinkedIn, Facebook, Amazon, and more. With access to your email account, a malicious person can click the “I forgot my password” link on all of your other accounts. This password reset link usually goes straight to your email account that they already hacked! This is why your email account is so important and we will show you how to protect it with two-factor authentication.

 

Read more...
Subscribe to this RSS feed