FISA

Even with advances in security practices and technologies, passwords continue to remain a weak point in an organization’s cyber security strategy. Strong passwords are still an essential part of security strategy for most organizations, and poor password hygiene can make their IT network vulnerable.  According to the 2021 Verizon data breach investigation report, shared credentials and poor access management practices were among the top reasons for data breaches all over the globe.  But the simple fact is that maintaining passwords is simply difficult. According to studies, an average person has around 100 passwords (if you’re not convinced, just look up the passwords your browser has saved for you). And this number only goes higher for network managers and other IT professionals.  This is where password managers become useful.  Bitwarden Bitwarden is one of the leading password managers that network engineers use. It’s open-source, end-to-end AES 256-bit encrypted, and they don’t play

Microsoft on Wednesday revealed that a China-based threat actor known as  Storm-0558  acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer's corporate account. This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place in April 2021. "A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process ('crash dump')," the Microsoft Security Response Center (MSRC) said in a post-mortem report. "The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material's presence in the crash dump was not detected by our systems." The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporat

  In this installment, we’ll demonstrate how you can leverage the same feature to detect impossible travel — aka an account connecting from two different locations, far from each other, in a short amount of time. We will use the SSHD service again as an example for this article, but this feature can be used for any service logging authentication. Requirements Setup the acquisition (optional) Same as in part one, in this article,we running the CrowdSec Security Engine in replay mode . If you want to use service mode, you need to set up the acquisition. #/etc/crowdsec/acquis.yaml --- filenames: - /var/log/auth.log labels: type: syslog --- Install the SSHD collection You can find the collection here . sudo cscli collections install crowdsecurity/sshd Parse successful authentication As already seen in part one, this is the parser node to parse successful SSH authentication: #/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml --- - grok: pattern: 'Accept