Debra Shinder WS Blog

Stop before you plug in that USB drive

It’s a natural impulse: You find a USB stick lying around, and the first thing you want to do is find out what’s on it. But too often, those flash drives can contain malware – whether put there deliberately or inadvertently downloaded by some hapless computer user. Even though they should know better, a recent survey revealed that 78 percent of IT pros had plugged in a “found” flash drive at some point – and that’s just the ones who admitted to it.

Targeted Malware: IT pros are getting nervous

According to a recent survey done by Bit9, targeted malware is the top concern of IT/security professionals once again this year. And in fact, a fourth of the respondents said their own organizations had been the victims of targeted malware in 2012 and another 18 percent didn’t know. Servers are being compromised at a higher rate (according to Verizon’s annual data breach investigations report, making up 94 percent of all data compromised) and perhaps most ominous of all, the pros are losing confidence in their ability to prevent such attacks.

Microsoft releases updates to Sysinternals tools

A while back, I did a series here on Windowsecurity.com about how to use some of the great Sysinternals tools developed by Mark Russinovich in tracking down malware. Specifically, I talked about Autoruns, Process Monitor and Process Explorer. Microsoft has just released updates to a couple of those, as well as ProcDump, Disk Usage (Du) and Registry Usage (Ru), improving their features and giving Procmon support for new Windows 8 file information queries.

Internet slowdown due to “biggest attack in history”

Our European friends have been experiencing a slowdown in Internet access recently, and there’s a good reason. They’re calling it the “biggest DDoS attack in the history of the Internet” and it started out as a targeted attack against Spamhaus, a blacklist provider in Europe. It started last week and escalated into a monster, impacting the Internet’s performance by targeting network providers with a DNS exploit.

Why you should wipe the drive after a malware infection

Think you’ve completely removed all traces of that malware that infected one of your organization’s computers? Maybe not. Many types of malicious software leave behind small but important configuration changes that will allow them to infect the machine all over again in the future, and these can be very hard to detect. This series of articles over on the SANS Internet Storm Center (ISC) site shows how several of those misconfigurations work.

Four parts have been published:
https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394

https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+-+Part+2/15406

https://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448

https://isc.sans.edu/diary/Wipe+the+drive%21++Stealthy+Malware+Persistence+-+Part+4/15460

DoD accepts CompTIA’s CASP certification

Here’s good news for those of you who have earned the CompTIA Advanced Security Practioner certification, which the company’s vice president says is the toughest technical exam related to network security that it has ever offered. Now the U.S. Department of Defense has recognized its value, adding the CASP to its list of security exams that are accepted by the agency as proof of security-related tech skill. CASP is approved for several different job categories, including IA Systems Architect and Engineer levels I and II. If you’re interested in working for the DoD, as an employee or contractor, find out more here:
http://www.networkworld.com/news/2013/032213-dod-comptia-268017.html

Scroll to Top