LogRhythm Labs

Security Awareness Training: Secure Remote Access to Corporate Infrastructure

In this installment of Lab’s weekly series, Security Awareness Training, we’ll be discussing appropriate methods for users remotely accessing corporate or cloud infrastructure. Many of us work remotely at some point and need to access corporate file shares and other…

Read More

A New Variant in POS Malware

I’d like to talk a little bit about a new POS Malware variant called LogPOS. Being a researcher at LogRhythm I feel it is my duty to talk about any Malware with the word “log” in it. Ironically this malware…

Read More

7 Home Network Security Tips

The home network is equally important to secure as the organization you work for. Think about it, this is the network that you use when not in the office; you plug your work laptop in, access sites that are unfiltered/unprotected…

Read More

Phase 2 OCR HIPAA Audits: What’s to Come in 2015?

Here is a high-level breakdown for the Phase 2 HIPAA Audits being conducted by OCR in 2015: Back in 2011, the Office of Civil Rights (OCR) was brought on-board to support a pilot HIPAA audit program with the goal of…

Read More

NetMon: Quick Tips and Use Cases

When attackers are trying to break through your perimeter or are operating within your environment, you need to act quickly. Security intelligence is paramount. The good news is that you can detect most indicators of a threat from within the…

Read More

Sharing Threat Intelligence

After the breach of Sony Pictures by North Korea, legislative attention has come back to cybersecurity. Its primary goal has been the sharing of threat information, allowing private companies to integrate their ‘indicators’ — pieces of information that have been…

Read More

The Long Road to Securing America’s Digital Infrastructure

As the US pioneered the Internet, so too the country is pioneering this ever changing information age. With this effort comes a responsibility for all organizations, both private and public, in all industries to protect client and consumer information. On…

Read More

Kippo Honeypot: Log Replay Automation

Kippo is one of my favorite honeypots due to its sheer simplicity, portability, and ease-of-use. It comes with a really neat feature that allows you to replay what the attacker did once they gained access to the honeypot by way…

Read More

Domain Privilege Escalation Vulnerability

On Tuesday, Microsoft released an emergency update to Windows Server 2003 through 2012 R2 to address a vulnerability that enables an attacker to escalate privileges for any account on a Windows Domain. The vulnerability can be detected in Windows Server…

Read More

What You See is Not What You Copy

Tricking users into copying different commands from what is displayed on a web page… OK, maybe I’m late to this party but I recently came across a very cool attack vector that I had not heard about until now. There’s…

Read More