Wednesday, December 30, 2020

Action Item Mgmt. Article via Harvard Business Review

Taming the Epic To-Do List by Allison Rimm

The to-do list can be an indispensable tool when used to mindfully manage your time. But used indiscriminately, you become its servant. To get control of your priorities, you actually need three lists and a calendar. 

List #1 is for important but non-time-sensitive projects. 

List #2 is for items that need to be completed today

The third list is a not-to-do list, to remind you of things you've consciously decided aren't worth your time. 

The calendar is for blocking out time to accomplish important matters on schedule. With your long-term goals in mind, decide which tasks really have to get done — and get done by you. Then, put them on your list — and more importantly, on your calendar. The things that don't need to get done, or done by you, can go on your "not doing" list. Once you get control of your priorities, and recognize that time is a finite resource, you'll feel liberated to focus on what really matters to you.

on No comments:

Thursday, December 24, 2020

SolarWinds collection of articles

Found site/blog by CIEX, Inc.

Updates 2020-12-23

These are listed by date of discovery--some are several days older
  1. SunBurst_DGA_Decode/decode.py at main · RedDrip7/SunBurst_DGA_Decode (GitHub)
  2. Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims (tpost)
  3. CISA Warns Agencies of SolarWinds Orion Compromise via Emergency Directive (gcwire)
  4. 'Very, very large' telecom organization and Fortune 500 company breached in SolarWinds hack (scmedia)
  5. NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources > National Security Agency Central Security Service > Article View 
  6. SolarWinds CyberAttack and FireEye Red Team Tools Coverage 
  7. SolarWinds breach raises stakes for NDAA Trump still threatens to veto (fednews)
  8. Erlang Authenticated Remote Code Execution :: malicious.link — welcome 
  9. SolarFlare Release: Password Dumper for SolarWinds Orion (secblvd)
  10. SolarWinds, GitHub Leaks and Securing the Software Supply Chain (secblvd)
  11. It's A Twister! Will SolarWinds Blow Cybersecurity Governance Reform Into The Boardroom? 
  12. All SentinelOne Customers Protected from SolarWinds SUNBURST Attack (bizwire)
  13. "Strategic Silence" and State (Sponsored Hacking: The US Gov't and SolarWinds)
  14. Little (known SolarWinds gets scrutiny over hack, stock sales)
  15. Top Democrat: 'Critical' that Pompeo brief senators on SolarWinds hack at State Dept. (hill)
  16. FireEye, Crowdstrike enjoy record days as SolarWinds hack leads to soaring security stocks (MarketWatch)
  17. DOE Update on Cyber Incident Related to Solar Winds Compromise (DOE)
  18. Florida Investigating Server Hacking Through SolarWinds Software 
  19. DOD has a leg up in mitigating potential SolarWinds breach, former officials say (FedScoop)
  20. Expert warned 'solarwinds123' password could expose firm: Report (BI)
  21. SolarWinds hack shows we need a 'whole of society' national cyber strategy (hill)
  22. Senators Ask IRS Whether Taxpayer Data Hit in SolarWinds Hack (Bloomberg)
  23. SolarWinds Breach: An RSAC Interview with Dmitri Alperovitch About Who, How and Why (RSA)
  24. FireEye, SolarWinds Breaches: Implications and Protections (eSecurityPlanet)
  25. SolarWinds Scandal Calls Attention to Supply Chain Security 
  26. SolarWinds Should Have Been More 'Vigilant': Palo Alto Networks CEO 
  27. DATA443 RELEASES STATEMENT ON FIREEYE AND SOLARWINDS HACK AND BREACH OTC Markets:ATDS 
  28. Was my workplace hit by SolarWinds hack? FAQ answers. (trib)
  29. The SolarWinds hack, and the danger of arrogance (scmedia)
  30. Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (secblvd)
  31. SolarWinds Hack Blamed on Russia: What We Do and Don't Know (Bloomberg)
  32. Continue Clean (up of Compromised SolarWinds Software)
  33. Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack 
  34. The Solarwinds breach — What do CIOs need to do now? 
  35. CISA warns that SolarWinds software may not be only entry point in latest breaches - (GCN)
  36. SolarWinds Hack Throws Wrench In Private Equity's Most Profitable Market 
  37. More Hacking Attacks Found, Officials Warn of Risk to U.S. Government (nyt)
  38. CYBER CONFLICT DATASET 
  39. The Strategic Implications of SolarWinds (Lawfare)
  40. Orion Platform - Scalable IT Monitoring (SolarWinds)
  41. SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues 
  42. The SolarWinds Compromise and the Strategic Challenge of the Information and Communications Technology Supply Chain (Council on Foreign Relations)
  43. SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security (secblvd)
  44. DOE confirms its systems were compromised by SolarWinds hack (Utility Dive)
  45. Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity | State (insidenova.com)
  46. Experts say SolarWinds hack could impact Kern County businesses 
  47. Joe Biden Blames Russia For Huge SolarWinds Hack (HuffPost)
  48. Hack Suggests New Scope, Sophistication for Cyberattacks (WSJ)
  49. SolarWinds Hack Victims: From Tech Companies to a Hospital and University (WSJ)
  50. Alex Stamos on Twitter: "There is a long history of "trickle down" effects in cyber, where a technique honed by a major player becomes commonplace. China's 2000s APTs -> Iran/DPRK/teenagers in the 2010s. Stuxnet ->smart ransomware. If supply (chain a)
  51. Alex Stamos on Twitter: "@VickerySec So far, all of the activity that has been publicly discussed has fallen into the boundaries of what the US does regularly and what we explicitly excluded from the Obama (Xi deal. If we are going to set new red lines, th)
  52. Statement by President-elect Joe Biden on Cybersecurity (President-Elect Joe Biden)
  53. Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) (CISA)
  54. SolarWinds hack continues to spread: What you need to know (CNET)

Updates regarding SolarWinds 2020-12-22 

  1. SolarWinds Adviser Warned of Lax Security Years Before Hack(Bloomberg) From the article "Thornton-Trump said that in his experience SolarWinds didn't put enough investment into building a cybersecurity culture within the company."
  2. SolarWinds Achieves SOC 2 Type II Certification (orangematter 2019-06-12 
  3. Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers. (ms)
  4. SolarWinds Hack Victims: From Tech Companies to a Hospital and University (wsj)
  5. SUPERNOVA: A Novel .NET Webshell (paloalto)
  6. Microsoft identifies second hacking group affecting SolarWinds software (cyberscoop)
  7. Microsoft president calls SolarWinds hack an "act of recklessness" (arstechnica) 
  8. Russian hackers hit US government using widespread supply chain attack (arstechnica from 2020-12-14 
  9. Hackers last year conducted a 'dry run' of SolarWinds breach (yahoo)
  10. Treasury Department's Senior Leaders Were Targeted by Hacking
  11. Cyber- Photokeratitis - Some Thoughts On The Events Associated with UNC2452 (prevallion)

New articles recently discovered, updates 2020-12-21

  1. Billions spent on U.S. Defenses Failed to Detect Hack (nyt) 
  2. Richard Blumenthal: Classified briefing ... left me deeply alarmed 
  3. Second Hacking team targeting SolarWinds (reuters)
  4. FireEye CEO says hack "totally unique" (cbs video) 
  5. DebUNCing Attribution: tracking threat actors
  6. Chris Krebs says officials still tracking scope (msn) 
  7. Biden team and lawmakers raise alarms (wapo video)
  8. Giant U.S. Computer Security Breach Exploited Common Software (Scientific American) 
  9. How U.S. agencies' trust in untested software opened the door to hackers (politico) 
  10. A "do not infect" list from the hack. 
  11. MS Analyzes the DLL, finds second malware (MS) [somehow this failed to get into yesterday's list] 
  12. SolarWinds/SunBurst hash exclusions (googledoc) 
  13. Does SolarWInds change the rules (scmagazine)
  14. SolarWinds Hack is Historic Mess (wired)
  15. Continue Clean-Up of Compromised SolarWinds Software (tripwire) 
  16. MS Says 40 customers hit by ongoing hack (npr) 
  17. A hack Foretold (slate)

    An appropriate comment by Kate Moussouris, founder of @LutaSecurity: "So many illusions of control in these articles written about #SolarWinds No regulation is going to stop this from happening. No new requirements for certifications & attestations of security will make us less vulnerable. Knowing the ingredients in software won't fix it either"

Articles regarding SolarWinds, updated 2020-12-19

  1. A moment of reckoning: the need for a strong and global cybersecurity response (Brad Smith, MS) 
  2. FireEye Threat Research 
  3. Hacker group behind Treasure and Commerce breaches
  4. Hackers spied on US treasure emails
  5. Hackers have a clever way to bypass multi-factor auth
  6. Dark Halo Leverages SolarWinds Compromise to Breach
  7. ~18,000 organizations downloaded backdoor
  8. Sunburst countermeasures
  9.  Active Exploitation of SolarWinds Software | CISA
  10. Exposed FTP Credentails in GithubPage
    11. Hackers turned SolarWinds' dominance against it
  11. SolarWinds Update Server could be accessed in 2019 with simple password
    12. How hackers outed their massive cyberattack
  12. Disruptive cyber crisis engulfs multiple agencies
  13. SolarWinds 8-K filing
  14. Malicious domain in SolarWinds Hack turned into kill switch (Krebs)
  15. Some Customers And another version of the list
  16. SolarWinds hack could affect 18,000 customers (Krebs)
  17. ReDrip7/Sunburst decode
  18. Hackers behind Sunburst put lost of effort into avoiding detection (from twitter) And Threadreader unroll
  19. Sunburst: Next level of stealth (Reversing Labs)
  20. SolarWinds stock drops 22%; And significant stock sales before hack was announced (The Register) 
  21. SolarWinds Investors sold millions of Shares (exbulletin)
  22. Why the Sunburst attack is so serious (BBC) 
  23. SolarWinds Breach Used to Infiltrate Customer Networks (Infosec Handlers Diary 
  24. Hacking spree apparenlty reached into Microsoft (Reuters) 
  25. I Was the Homeland Security Adviser to Trump. We're Being Hacked. - The New York Times 
  26. Orion IT Management Platform Security Advisory (ServerCentral) 
  27. CISA Issues Emergency Directive regarding Orion The directive
  28. Hackers broke into Federal Agencies, officials suspect (nyt) 
  29. More hacking attacks found (nyt) 
  30. CISA: APT Compromise of Agencies, Infrastructure, Private sector 
  31. Investigators find evidence of new tactics (wapo) 
  32. Steps to take to protect from recent cyberattacks (MS) 
  33. Customer Guidance (MS Security Response Center) 
  34. Nuclear Weapons Agency hacked 
  35. SolarWInds not the only Initial Attack Vector
  36. MS Says that no customer data compromised with MS hack 
  37. MS identifies organizations targeted in attack 
  38. Hackers have been inside Austin city network for months 
  39. VMware Flaw a Vector in SolarWinds Breach? 
  40. The SolarWinds Orion SUNBURST supply-chain Attack (Truesec) 
  41. SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show (reuters)
  42. Hacks Suggest New Scope, Sophistication for Cyberattacks 
  43. SolarWinds Security Advisory
  44. SolarWinds FAQ regarding the Security Advisory
on 3 comments:

Wednesday, December 16, 2020

Software Supply Chain Attack - Solarwinds

Summary and quotes of developing news related to Solarwinds' hack

·       March 2020, highly sophisticated threat actor and ATP [repeated emphasis in the industry i.e. no protection would have identified it]

·       It installed a Solarwinds digitally signed backdoor (DLL) in Solarwinds Orion platform versions 2019.4 to 2020.2.1 [however, no version is safe] and HF1 may (or not) be affected

·       Rather than an exploit but instead embeddedown configuration data into the Solarwinds config files

·       Backdoor and/or injected code allowed full Admin rights to Solarwinds Orion Platrom and all service accounts and local accounts, and likely hosts monitored by SW Orion i.e. 18,000 of possible 33,000 customers at the least may have been affected 

·       Vulnerability discovered as a result of forensics analysis of FireEye compromise 

·       Microsoft took over domain name avsvmcloud.com used by the hacker to communicate with compromised backdoor 

·       CISA issued Directive 21-01 to government as well as private industry and will post additional IOCs to their website as more is known

·       Leveraged / elevated privileges then APT that cleaned up so even if DLL is not found, compromise is still possible

·       Emphasis "keys to the kingdom" services and need for greater collaboration between IT and InfoSec

·       FireEye's IOC have not seen false positive nor true positives (as of yesterday?) but/and IOCs will change (and attackers didn't use same patterns) 

·       Lawsuits are coming including legal/regulatory fallouts to be uncovered

Consideration and Countermeasures

·       Isolate or block traffic otherwise disconnect solarwinds system from the rest of the network

·       Take forensics evidence of Solarwinds system

·       Start threat hunting (and anomaly analysis) dating back from March 2020

·       Remove all accounts in scope of compromise

·       Review other Network Management tools and evaluate with caution e.g. access level and access to management interface


on No comments:

Sunday, December 6, 2020

Presentations - dos and don'ts

According to the Harvard Business Review article, to build an engaging presentation:

1) It's not about you. It's about your point

2) Know your point

3) Let your notes support you

4) Get loud

5) Be yourself

6) Practice meaningfully

7) Turn nervous energy into excitement

8) Kill Roy


And, what not to do

https://hbr.org/2018/10/how-to-blow-a-presentation-to-the-c-suite 


on No comments:
Subscribe to: Posts (Atom)