Blog - RH-ISAC

The Basics There are some straightforward, yet specific, tool-related recommendations organizations can implement at near zero additional cost to maximize investments already made in their environment. Initially, when folks think about network security for organizations, network appliances like firewalls (FW) come up in conversation. Less commonly discussed is how permissive the FW rules are. Too…

On January 4, 2023, Ahn Lab Security Response Center (ASEC) researchers reported the technical details of a new Linux malware written using Shc delivering a cryptocurrency miner. ASEC researchers assess that the campaign is primarily targeting unspecified systems in South Korea. According to ASEC researchers, the malware authenticates through a dictionary attack on Linux SSH…

The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced its adoption of the FIRST Standard Definitions and Usage Guidance — Traffic Light Protocol (TLP) Version 2.0 for sharing information within the organization. As of January 4, 2023, all RH-ISAC intelligence reports, community calls, workshops, and briefings will follow TLP 2.0 standards. The intelligence team will discuss…

From the onset, access control is the most dynamic pillar in the ZTA implementation process. New accounts need to be created for legitimate business use, accounts likely need varying degrees of access, and account revocation for individual accounts and a mass list is always a concern. Identity and Access Management (IAM) Basics The quest towards…

Now that we have it defined, how do we practically approach the path to zero-trust architecture (ZTA) and why does it matter? Suppose we start the ZTA discussion by agreeing on a standard definition in its simplest form, i.e., limiting the impact of any unauthorized events by design. Many current industry definitions summarize the key…