433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

ISC Stormcast For Monday, January 20th, 2025 https://isc.sans.edu/podcastdetail/9286, (Mon, Jan 20th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/THSLcK

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? A threat actor has leaked … More → The post Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked appeared first on Help Net Security.
http://news.poseidon-us.com/THRkxK

Zero Trust and Entra ID Conditional Access, (Sun, Jan 19th)

Microsoft Entra ID (Formerly Azure AD) Conditional Access (CA) policies are the key components to a Zero Trust strategy, as it provides the ability to function as the front door for users and devices. CA policies use attributes, or signals, of various components as variables to be used to enforce specific access controls. Attributes include user and device attributes, such as location and device risk. By defining and controlling the conditions in which access is granted, we can reduce risk and enhance security.
http://news.poseidon-us.com/THRZPb

New tool: immutable.py, (Sat, Jan 18th)

When performing triage on a Linux system you suspect might be compromised, there are many aspects of the system that you may want to look at. In SANS FOR577, we talk about some existing tools and even writing your own bash script to collect triage data. In a case I worked a year or so ago, the attacker installed an LD&#x5f&#x3b;PRELOAD rootkit, which was itself pretty interesting, but one aspect that was a little unusual in this case was that they also set the immutable bit on /etc/ld.so.preload. I&#39&#x3b;ve used the find command to find suid and guid binaries and scripts, but it is a bit more of a pain to find files with the immutable bit. So, I wrote by a Python script that takes one or more file or directory names and returns the names of any that have the immutable bit. You can also add a switch to search recursively and another to return full path rather than relative (the default). I figured I can&#39&#x3b;t be the only person who ever needed a tool like this, so I&#39&#x3b;ve added it to my GitHub script repo.
http://news.poseidon-us.com/THQvwT

Army readies new AI guidance based on lessons learned

The Army is looking at commercial AI use cases that can serve large populations of users, ideally without running up huge bills The post Army readies new AI guidance based on lessons learned first appeared on Federal News Network.
http://news.poseidon-us.com/THQkgR

Army readies new AI guidance based on lessons learned

The Army is looking at commercial AI use cases that can serve large populations of users, ideally without running up huge bills The post Army readies new AI guidance based on lessons learned first appeared on Federal News Network.
http://news.poseidon-us.com/THQkZs

Army readies new AI guidance based on lessons learned

The Army is looking at commercial AI use cases that can serve large populations of users, ideally without running up huge bills The post Army readies new AI guidance based on lessons learned first appeared on Federal News Network.
http://news.poseidon-us.com/THQkYq