Monday, May 22, 2017

The problems of PUA (Potentially Unwanted Alerts)

Recently we had a client call us about a problem on their network.  Rendition Infosec runs a 24×7 security monitoring service and had a client call about an antivirus alert for PUA (potentially unwanted application).  This class of alert is often difficult to tune out since attackers and administrators often use the same software tools.

Frequent examples of this are netcat (nc.exe) and psexec from SysInternals.  These tools are like the infamous “dual use technology” we hear so much about when sanctioning oppressive regimes.  When we receive an alert like this, we most frequently find that the alert can be attributed to the activity of a systems administrator.  However, there is a possibility that the alert represents the activities of an attacker.

Monday, May 8, 2017

Petition for Microsoft to disclose data about MS17-010

Rendition Infosec is sponsoring a petition asking Microsoft to disclose telemetry data around MS17-010. We've highlighted a number of reasons why we feel this is important for the security community as a whole.

It is almost certain that Microsoft has data around how these vulnerabilities were exploited by attackers. Revealing this data will help us better understand decisions made in the vulnerability equities process. It will also enhance understanding about how likely it is that vulnerabilities discovered by APT attackers are independently rediscovered by others attack groups. Finally, it will help policy makers assess whether the exploits reportedly stolen (and subsequently released) by Shadow Brokers were likely used to exploit other targets before being released to the general public. If you work in infosec, think computer security is a good thing to have, and/or believe in transparency, please consider signing our petition, linked below:

https://www.renditioninfosec.com/2017/05/call-to-microsoft-to-release-information-about-ms17-010/