-
Initial Review of Changes from CMMC v0.6 to v0.7
This is a first look at the changes in the v0.7 draft of the CMMC that was released today. We are also hosting a copy here as well. The sha1 checksum of both versions should match: 2170d92d043be87a7f646c2aaf426cfc89a8453 First, three appendices have been added. APPENDIX C. CMMC LEVEL 2 DISCUSSION AND CLARIFICATION APPENDIX D. CMMC LEVEL…
-
Cybersecurity Maturity Model Certification (CMMC) Readiness
Is your organization ready for the Cybersecurity Maturity Model Certification (CMMC) requirement that will start going into contracts in September 2020? Although the accreditation body for the CMMC is still under development, it is expected to be established in January 2020 with certifications beginning to occur around April or May 2020. Clients who undertake the…
-
Check Point R80.30 New Features
Earlier this month, Check Point released version R80.30 of their Gaia operating system. A few of our favorite new features in R80.30 are as follows: Ability to import Cyber Intelligence Feeds to the Security Gateway using custom CSV and Structured Threat Information Expression (STIX) Enhanced visibility to “Malware DNA” analysis Multihop Ping and Multiple ISPs…
-
Keeping Up with Federal Requirements – Cybersecurity and the Competitive Edge
Slides from the NIST SP800-171 presentation “Keeping Up with Federal Requirements – Cybersecurity and the Competitive Edge” talk at the 2019 Annual Alaska PTAC Government Contracting Conference.
-
Graylog API Query Results to CSV
I thought I would post this quick bit because it took me a while to figure out how to use the Graylog API to run some of the same searches that I’ve built dashboards on or use on a regular basis. There is still some refinement to do on the authentication piece, and maybe some…
-
“404 cannot POST https…” after enabling ssl on Graylog
I recently spent the better part of the day banging on a problem with a Graylog Virtual Machine Appliance (install guide here) after enabling SSL with the graylog-ctl enforce-ssl command. I was using a fresh download of the VM, v2.3.2. After reapplying the new configuration with graylog-ctl reconfigure, I was getting the error “Error –…
-
RDP and SMTP Authentication Failures
I wanted to write a quick post after a few recent security experiences that I’ve had involving log monitoring and analysis…It turned out a little longer than expected as I trailed off down a few side streams of thought. Anyhow, I wanted to cover a few of the low/no cost important practices around security monitoring…
-
Acquiring API Keys for recon-ng – Flickr API Key (flickr_api)
I wrote a brief guide for this since I just had to do it and the Recon-ng Usage Guide has this one listed as TBD. Cheers! Create a Flickr account at https://www.flickr.com/signup. Apply for an API key at: https://www.flickr.com/services/apps/create/apply/ and select APPLY FOR A NON-COMMERCIAL KEY. Enter the name of your app, say “My_Username_RNG_app”. Enter…
-
Phishing for “2017 Outlook Web Access”
A Well Done Phishing Attempt Today I received this fairly well done phishing attempt about a “2017 Outlook Web Access” migration. The landing page presents a OWA login screen like this: The body of the email uses some somewhat convincing language to try to get the recipient to feel a sense of urgency, panic,…
-
IPv4 hosts not being discovered in Cisco Firepower Management Center 6.2
I wanted to document a recent issue that I encountered with a Cisco Firepower implementation. The configuration is a pair of Cisco ASA 5545-X firewalls running the Firepower Services Modules and managed by the virtual edition of the Firepower Management Center. All elements were running 6.2.0 images. The network was very straight forward inside/outside configuration. Initially,…