If you've been keeping up with the world of information security this week, you are probably a bit overwhelmed.
Lots of important patches were released in the recent days, as we outlined in the Update Palooza diary, including Java and Adobe Reader and Acrobat updates. We saw instances of SSHD servers compromised and are still unsure of the attack vector. High-profile sites, such as NBC and EDUCAUSE were breached. There has been lots of talk of targeted attacks, especially after the release of Mandiant's APT report and its subsequent misuse. And this is just a set of items reported here at ISC.
What, if anything, should we be doing now that we weren't doing a week ago? One possible advice is to stay vigilant: be careful what attachments you open and which links you click on. Unfortunately, that is not very practical advice, though one that is hard to resist offering. Perhaps more practical advice is to remind you to pay attention to logs and IDS alerts, spitting incidents and responding to them in a prioritized manner. Also, please take a careful look at the vulnerability posture of systems in your organization. Examine the patches that were recently released. If you've been waiting to push out those updates, especially if they patch client-side applications, now is a good time to focus on that task.
It's a dangerous web out there. But you already knew that, didn't you?
-- Lenny Zeltser
Lenny Zeltser focuses on safeguarding customers' IT operations at NCR Corp. He also teaches how to analyze malware at SANS Institute. Lenny is active on Twitter and Google+. He also writes a security blog.
Feb 21st 2013
Feb 21st 2013
7 years ago