Dataproof Communications

I often speak with Federal System Integrators (FSIs) who need to implement Multi-Factor Authentication (MFA) as part of their NIST 800-171 compliance. Specifically section 3.5.3 of this NIST guide states, “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.” Many of these FSIs have already implemented smart cards in their environment, at...

OT Cybersecurity - Securing Your Industrial Operations for Reliability and Uptime #outlook a{ padding:0; } body{ width:100% !important; } .ReadMsgBody{ width:100%; } .ExternalClass{ width:100%; } body{ -webkit-text-size-adjust:none; } body{ margin:0; padding:0; } img{ border:0; height:auto; line-height:100%; outline:none; text-decoration:none; } table td{ border-collapse:collapse; } #backgroundTable{ height:100% !important; margin:0;...

As part of Imperva’s efforts to protect our customers’ data, we have an ongoing research project focused on analyzing and sharing different attack methods on databases. If you aren’t familiar with this project, which we call StickyDB, please read Part I and Part II. There we explain this database honeypot net (Figure 1), which tricks attackers into targeting our...

#TheSAS2017 presentation: Smart Medicine Breaches Its “First Do No Harm” Principle At last year’s Security Analyst Summit 2017 we predicted that medical networks would be a titbit for cybercriminals. Unfortunately, we were right. The numbers of medical data breaches and leaks are increasing. According to public data, this year is no exception. For a year we have been observing how cybercriminals...

In late February, the U.S. Security and Exchange Commission (SEC) issued new cybersecurity guidance in the form of an “interpretive release.” According to the SEC website, the Commission frequently provides guidance on federal securities laws and SEC regulations for business and investment communities. The release covered three main topics: Disclosure of cybersecurity risks and incidents Companies have been largely remiss in...

Every year the number of smart devices grows. Coffee machines, bracelets, fridges, cars and loads of other useful gadgets have now gone smart. We are now seeing the emergence of smart streets, roads and even cities. Devices such as smart cameras have long been part of everyday life for many, as communication devices, components in security and video surveillance systems,...

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile. Our previous post on their 2017 activity stepped away from the previously covered headline buzz presenting their association with...

While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usually the sign of an advanced APT actor. This turned out to be a malicious loader internally named ‘Slingshot’, part of a new, and highly sophisticated attack platform that rivals Project Sauron and Regin in...

Tripwire, Inc.

Recently cryptojacking attacks have been spreading like wildfire. At Imperva we have witnessed it firsthand and even concluded that these attacks hold roughly 90% of all remote code execution attacks in web applications. Having said that, all of the attacks we have seen so far, were somewhat limited in their complexity and capability. The attacks contained malicious code that downloaded...