Booo! Don’t Let FUD Scare You

What better time than Halloween to discuss the marketing strategy of Fear, Uncertainty, and Doubt - better known in our industry as FUD? First, I want to concentrate on the F in FUD... The Fear. Uncertainty and Doubt are interesting, but in the business of Network Security, use of Fear is more common and more problematic. So what does the use of Fear in marketing look like? It's not always obvious, but any language that scares you in to [...]

By | 2017-10-31T16:26:58+00:00 October 31st, 2017|Business Development, Network Security|Comments Off on Booo! Don’t Let FUD Scare You

An Update on BadRabbit

Please see our notes below on BadRabbit, the latest ransomware threat. First things first. We have several measures in place to detect and stop network communications related to BadRabbit. To see if your Sentinel has detected BadRabbit-related traffic, search your Event Activity page for the term, 'BadRabbit'. Stay up to date. That said, analysis of this ransomware is evolving quickly, and it's important to stay on top of the story. One of the best resources we've found is Cisco's Talos blog: [...]

By | 2017-10-31T16:27:22+00:00 October 26th, 2017|Network Security|Comments Off on An Update on BadRabbit

Inbound Exploits Are Still A Thing

In a year chock full of juicy network security headlines, two of the biggest so far have been WannaCry and the Equifax breach. Here’s a quick refresher: WannaCry broke out in May (fizzling shortly thereafter), taking advantage of a known vulnerability in the SMB protocol and utilizing an exploit attributed to a group linked to the NSA (the Equation Group) via tools posted by a different group with ties to Russia (the Shadow Brokers). So much intrigue … You [...]

By | 2017-10-27T00:36:14+00:00 October 16th, 2017|Network Security|Comments Off on Inbound Exploits Are Still A Thing

The CINS Army List Is Changing Today

Since 2012 (before Threat Intelligence was cool) we've published a public list of malicious IP addresses for the community. It goes by many names: CINS Army, CI Army, CINS ... In any case, over 10,000 users (these days those 'users' are automated tools, scripts, and open source projects) now download the list regularly, for use in their firewalls, IPSes, SEIMs, and other network security tools. And today, the list is getting a bit of a facelift. Up until today, [...]

By | 2017-10-27T00:34:36+00:00 September 26th, 2017|Network Security|Comments Off on The CINS Army List Is Changing Today

Apache Struts Vulnerabilities Are Nothing New

With news breaking on the use of an Apache Struts vulnerability in the recent Equifax breach, we thought we'd shed some light on Struts exploits from our perspective. First and foremost: Our customers should know that no Sentinel appliances or servers within the Sentinel infrastructure are affected by these vulnerabilities. And, more importantly, our customers' networks have been protected against these Struts exploits since they were made public. Struts vulnerabilities are nothing new - we've been witnessing Struts-related exploits [...]

By | 2017-10-27T00:38:37+00:00 September 14th, 2017|Network Security|Comments Off on Apache Struts Vulnerabilities Are Nothing New

June is National Internet Safety Month

National Internet Safety Month is designated by the U.S. Congress and supported by the National Cyber Security Alliance. NCSA advises everyone to follow three easy steps before going online: Stop. Think. Connect.™ At Sentinel IPS, we couldn’t agree more. Stop. Every time you access the Internet is an opportunity for someone to adversely impact you. Not to be overdramatic, just be vigilant and aware of your surroundings. Understand the consequences of your actions and implications for your online privacy. [...]

By | 2017-10-27T00:44:32+00:00 June 12th, 2017|Network Security|Comments Off on June is National Internet Safety Month

WannaCry Ransomware Attacks Over Mother’s Day Weekend

By now, I’m sure you’re aware of the WannaCry ransomware strain (also known as WanaCrypt0r and Wcry), which broke out over this past weekend. It is currently distributed via a Windows operating system vulnerability in the SMB protocol, and has infected networks in 150 countries worldwide. A lot has happened in a short amount of time, so we want to make sure you have the most current information and a better understanding of how to protect your network. Here [...]

By | 2017-10-31T13:25:14+00:00 May 15th, 2017|Network Security|Comments Off on WannaCry Ransomware Attacks Over Mother’s Day Weekend

Ransomware – It’s Baaaaa-aaaack!

If you haven't already heard, Locky is back! Borrowing another tactic from the Dridex playbook, we're seeing the Locky campaign use malicious .pdf email attachments as its preferred infection vector. Once opened, the .pdf requests to extract and open a second file (an embedded Office document) which then prompts the user to execute malicious macros. Interestingly enough, this technique is being used in response to increased user awareness of malicious office macros. So what does Sentinel do to protect [...]

By | 2017-11-20T05:54:34+00:00 April 26th, 2017|Network Security|Comments Off on Ransomware – It’s Baaaaa-aaaack!

Growing Number of HIPAA Breach Fines Enforced

Metro Community Provider Network (MCPN) – a public health nonprofit was fined and paid a $400,000 penalty for allowing a hacker to access employee email accounts and obtain electronic protected health information (ePHI) of 3,200 patients. MCPN provides primary care, pharmacies, social work, dental and behavioral care to approximately 43,000 low income patients. MCPN reported the security breach in January 2012. The U.S. Department of Health and Human Services Office of Civil Rights (OCR) found MCPN violated the HIPAA [...]

By | 2017-11-20T06:04:45+00:00 April 21st, 2017|Network Security|Comments Off on Growing Number of HIPAA Breach Fines Enforced