Data Deserialization

By Muhammed Zahid Ayar, SOC Analyst

What is serialization?

Computer data is generally organized in data structures such as arrays, records, graphs, classes, or other configurations for efficiency. When data structures need to be stored or transmitted to another location, such as across a network, they need to go through a process called serialization. This process converts and changes the data organization into a linear format that is needed for storage or transmission across computing devices.

This entry was posted in Threats & Vulnerabilities, deserialization, Muhammed Zahid Ayar on July 29, 2016 by Chad R

Malware Analysis Report: Numecod Ransomware

By: NYC DoITT SOC & Richard Vargas, CIS SOC Analyst

WHAT’S NEMUCOD?

Nemucod is a Trojan that downloads potentially malicious files to an infected computer. According to Symantec, Nemucod was first discovered in December of 2015 and was associated with downloading malware including Teslacrypt, a variant of ransomware.

This entry was posted in Threats & Vulnerabilities, ransomware on July 25, 2016 by Kimberly K

2016: The Year of Ransomware

By: Katelyn Bailey

Since the beginning of 2015, ransomware infections have been on an upward climb, with no foreseeable slowdown. March, April, and May each broke the record set by the previous month for the highest number of ransomware notifications ever issued by the MS-ISAC, based on our state, local, tribal, and territorial (SLTT) government monitoring. We attribute this continued growth in 2016 to the new-found popularity of ransomware as a money-making enterprise and the strength of the distribution campaigns, as well as ever diversifying tactics, techniques, and procedures (TTPs) by cyber threat actors.

This entry was posted in Threats & Vulnerabilities, ransomware on June 30, 2016 by Kimberly K

Malvertising

by Dilan Samarasinghe, SOC Analyst

 

MS-ISAC has recently observed an increase in malware that is most often disseminated through malvertising. Malvertising, or malicious advertising, is the use of online, malicious advertisements to spread malware and compromise systems. Generally this occurs through the injection of unwanted or malicious code into ads. Malicious actors then pay legitimate online advertising networks to display the infected ads on various websites, exposing every user visiting these sites to the potential risk of infection. Generally, the legitimate advertising networks and websites are not aware they are serving malicious content.

This entry was posted in Uncategorized, Threats & Vulnerabilities, Malvertising on April 28, 2016 by Chad R

Powershell Malware

PowerShell Malware

This entry was posted in Threats & Vulnerabilities on August 03, 2015 by Chad R

Q2 Increase in Account Compromises Impacting SLTT Governments

Q2 Increase in Account Compromises Impacting SLTT Governments

This entry was posted in Threats & Vulnerabilities on July 30, 2015 by Chad R

Stagefright Vulnerability Impacting Android Devices

Stagefright Vulnerability Impacting Android Devices

This entry was posted in Threats & Vulnerabilities, Stagefright Android Zimperium on July 28, 2015 by Chad R

CIS Community Newsletter – July 9, 2015

1. CIS Hardened Virtual Images Now Available in Amazon Marketplace
The ability to launch instances hardened according to the trusted secure configuration baselines prescribed by the Center for Internet Security's (CIS) expert consensus teams is now available in the AWS Marketplace. Reduce cost, time, and risk by building your AWS solution with AMIs that are preconfigured to align with industry best practice for secure configuration.

This entry was posted in Threats & Vulnerabilities on July 14, 2015 by Chad R

Wave of Printer Web Server Defacements Highlights need to Secure Embedded Devices

by Ben Spear

This entry was posted in Threats & Vulnerabilities on July 13, 2015 by Chad R

Announcing CIS Docker 1.6 Benchmark v1.0.0

CIS has released its first security configuration benchmark for Docker 1.6, which makes more than 80 recommendations for configuring and operating Docker in production environments.   The benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Docker 1.6 or later technology.

This entry was posted in Threats & Vulnerabilities, benchmarks, Cyber security, Docker on May 11, 2015 by Amanda B