Inbound Exploits Are Still A Thing

In a year chock full of juicy network security headlines, two of the biggest so far have been WannaCry and the Equifax breach. Here’s a quick refresher: WannaCry broke out in May (fizzling shortly thereafter), taking advantage of a known vulnerability in the SMB protocol and utilizing an exploit attributed to a group linked to the NSA (the Equation Group) via tools posted by a different group with ties to Russia (the Shadow Brokers). So much intrigue … You [...]

By | 2017-10-17T08:39:13+00:00 October 16th, 2017|Network Security|Comments Off on Inbound Exploits Are Still A Thing

The CINS Army List Is Changing Today

Since 2012 (before Threat Intelligence was cool) we've published a public list of malicious IP addresses for the community. It goes by many names: CINS Army, CI Army, CINS ... In any case, over 10,000 users (these days those 'users' are automated tools, scripts, and open source projects) now download the list regularly, for use in their firewalls, IPSes, SEIMs, and other network security tools. And today, the list is getting a bit of a facelift. Up until today, [...]

By | 2017-10-17T08:39:44+00:00 September 26th, 2017|Network Security|Comments Off on The CINS Army List Is Changing Today

Apache Struts Vulnerabilities Are Nothing New

With news breaking on the use of an Apache Struts vulnerability in the recent Equifax breach, we thought we'd shed some light on Struts exploits from our perspective. First and foremost: Our customers should know that no Sentinel appliances or servers within the Sentinel infrastructure are affected by these vulnerabilities. And, more importantly, our customers' networks have been protected against these Struts exploits since they were made public. Struts vulnerabilities are nothing new - we've been witnessing Struts-related exploits [...]

By | 2017-10-17T08:40:09+00:00 September 14th, 2017|Network Security|Comments Off on Apache Struts Vulnerabilities Are Nothing New

Securing the Internet of Things

(Still) Securing the Internet of Things Ahh, IoT. Remotely monitoring and configuring your doorbell, washer and dryer, thermostat, security cameras, or just about any applicance or wearable you can imagine is pretty cool. And, the list of IoT devices gets larger every day. But here’s the rub on IoT devices: As Mirai proved to everyone last fall, they are perfect conduits for cyber attacks. Here’s why: Their designers don’t devote enough time or energy to securing the device’s software, [...]

By | 2017-10-17T08:37:43+00:00 August 16th, 2017|General|Comments Off on Securing the Internet of Things

June is National Internet Safety Month

National Internet Safety Month is designated by the U.S. Congress and supported by the National Cyber Security Alliance. NCSA advises everyone to follow three easy steps before going online: Stop. Think. Connect.™ At Sentinel IPS, we couldn’t agree more. Stop. Every time you access the Internet is an opportunity for someone to adversely impact you. Not to be overdramatic, just be vigilant and aware of your surroundings. Understand the consequences of your actions and implications for your online privacy. [...]

By | 2017-10-17T08:41:07+00:00 June 12th, 2017|Network Security|Comments Off on June is National Internet Safety Month

WannaCry Ransomware Attacks Over Mother’s Day Weekend

By now, I’m sure you’re aware of the WannaCry ransomware strain (also known as WanaCrypt0r and Wcry), which broke out over this past weekend. It is currently distributed via a Windows operating system vulnerability in the SMB protocol, and has infected networks in 150 countries worldwide. A lot has happened in a short amount of time, so we want to make sure you have the most current information and a better understanding of how to protect your network. Here [...]

By | 2017-10-17T08:41:38+00:00 May 15th, 2017|Network Security|Comments Off on WannaCry Ransomware Attacks Over Mother’s Day Weekend

Ransomware – It’s Baaaaa-aaaack!

If you haven't already heard, Locky is back! Borrowing another tactic from the Dridex playbook, we're seeing the Locky campaign use malicious .pdf email attachments as its preferred infection vector. Once opened, the .pdf requests to extract and open a second file (an embedded Office document) which then prompts the user to execute malicious macros. Interestingly enough, this technique is being used in response to increased user awareness of malicious office macros. So what does Sentinel do to protect [...]

By | 2017-10-17T08:42:56+00:00 April 26th, 2017|Network Security|Comments Off on Ransomware – It’s Baaaaa-aaaack!

Growing Number of HIPAA Breach Fines Enforced

Metro Community Provider Network (MCPN) – a public health nonprofit was fined and paid a $400,000 penalty for allowing a hacker to access employee email accounts and obtain electronic protected health information (ePHI) of 3,200 patients. MCPN provides primary care, pharmacies, social work, dental and behavioral care to approximately 43,000 low income patients. MCPN reported the security breach in January 2012. The U.S. Department of Health and Human Services Office of Civil Rights (OCR) found MCPN violated the HIPAA [...]

By | 2017-10-17T08:43:24+00:00 April 21st, 2017|Network Security|Comments Off on Growing Number of HIPAA Breach Fines Enforced