Experienced first ransomware episode - need advice on go forward business strategy
Hello all,Long time lurker to this subreddit, first time poster :)I manage IT and marketing for a company that acquires smaller companies that align with our overall strategy. The companies that we acquire are much smaller than us (usually 15-40 employees) and are kind of "mom and pop" owned and operated.From an IT perspective, we have tried to create somewhat of an "in the cloud" technology approach that we can plug these smaller companies into so that we can get everyone on the same basic systems and speed up the process of overall integration.We use Google for business for our email and "file server" solution. Each "division" (company we acquire) has their own folder in the drive that contains all of their related files and folders.WELL - 2 weeks ago one of our divisions that we recently purchased (2 months ago) was victim of a brute force attack which resulted in all files on the file server, the ERP server, and the CRM server to be encrypted with ransomware. Being that we just bought the company 2 months ago, we had not moved their files from their file server to our Google Drive just yet (we don't like to just go in guns a' blazin and make the employees feel like we are changing EVERYTHING at once lol). A backup solution was in place both locally (which was deleted via the hack) and in the cloud - so everything was ok.Being that it was my first experience with ransomware it got me thinking about how we are currently do things and what we should be doing on a go forward. IF that division had been on our Google Drive...that ransomware could have spread to the rest of the company...So I am really just trying to understand what "best practice" is for utilizing/structuring/securing Google Drive for business as a "file server" solution on a go forward, AND best practice for backing the Google Drive up for the entire company so that we can be as full proof as we can be for a potential ransomware situation.Our users currently use Google File Stream on their local PC's. We are running a daily backup to a local PC at our corporate location, and a weekly backup to an external hard drive that is then disconnected and moved off-site.I definitely see the need for a completely restructured approach - I just need some direction :) I appreciate any advice in advance!Thanks guys,-R

Submitted April 11, 2018 at 07:59PM by Machinegamer
via reddit https://ift.tt/2Hfbq0w

New techniques for adding data to Alternate Data Streams and executing it
https://ift.tt/2qniGO3

Submitted April 11, 2018 at 07:57PM by oddvarmoe
via reddit https://ift.tt/2EGInOg

Anyone at ISC West 2018?
I'm here in Las Vegas from Los Angeles. Would love to connect with any redditors that happen to be here! I'm here just for the day. (April 11th 2018)

Submitted April 11, 2018 at 10:36PM by bugnuker
via reddit https://ift.tt/2GQfTDo

News Flash: Great Western Railway, Sears and Delta, Despacito Video Deleted in Hack
https://youtu.be/G97ihMBUKj8

Submitted April 11, 2018 at 10:31PM by GlassHouseSystems
via reddit https://ift.tt/2HuVGEw

I found this in my banking app's username field. Security hole or random keyboard presses?
I have Chase save my username for faster logins. Today when I open the app, where the username would be I find this:

v6YDPBiQ+Y1wHZ+boAkMypifMD3KCHTZz6105o/3bUTrS5+CjJiyP9a9MS5gcgYMZcJvQ4MnDbin GmEEAg12z1WXXQ1gGCAFw4077l1lHeBgBRwJfTmbdDL4AEFN6CAPUSKbLQ0xRiEktedBgAdHvXb7 gyv/v8BkvIw5fSrixh0IRIzeS3ppO5pm+ugfOoDaLLajrc1uCRvCOtbWqsH8l5ydvRJ4RuxbwRAz45ptbpTGHm9wqH6+BPscOpXQpbI088o4heNTL3fviEXmwFaJMWZDwyitiJL1aRfidpk3Wbnd+HNo9VsPBy7yWsgbPEvkKLwnJw5d13oamcPbXDKpg== 

I doubt my phone turned on in my pocket. It seems too randomized for that. Maybe it did, but I thought I'd get y'all's opinion. Does this resemble anything concerning? Or should I just learn to turn my screen off?

Submitted April 11, 2018 at 11:13PM by alextheracer
via reddit https://ift.tt/2INFnBX

An OWASP-like top 10 for smart contract vulnerabilities
https://www.dasp.co

Submitted April 11, 2018 at 11:38PM by davidw_-
via reddit https://ift.tt/2EEyW1D

Breaking RSA OAEP with Manger’s attack
https://ift.tt/2GBcXyF

Submitted April 11, 2018 at 04:46AM by dgryski
via reddit https://ift.tt/2qqmYDM

Highlights of the Verizon 2018 Data Breach Investigations Report
https://ift.tt/2GStZIE

Submitted April 12, 2018 at 12:08AM by zinsi-
via reddit https://ift.tt/2qs1rua

USB Detective - USB Device Forensics
https://ift.tt/2H62CHQ

Submitted April 11, 2018 at 11:58PM by 13Cubed
via reddit https://ift.tt/2HhGUDk

An OWASP-like top 10 for smart contract vulnerabilities
https://www.dasp.co

Submitted April 11, 2018 at 11:38PM by davidw_-
via reddit https://ift.tt/2EEyW1D

Thousands of hacked websites are infecting visitors with malware
https://ift.tt/2Jy6XUV

Submitted April 12, 2018 at 01:29AM by DJRWolf
via reddit https://ift.tt/2JBA21M

I found a nice tool that lets you extract and view the source code of Chrome, Firefox and Opera extensions .. for those of you who want to know what your extensions are doing in the background.
Long story short.. I just went through a little ordeal where I wanted to install a very basic Firefox extension, but the extension requires full access to all websites I visit, including access to usernames and passwords that I input. I couldn't understand why, and didn't trust it. It was MPL v2 licensed, but no source code was provided.So... I went search for ways to extract the source and ran across this tool:https://robwu.nl/crxviewer/It's meant to be the demo site for an open source browser extension which has the same functionality (here), but I thought it works just as well as a standalone tool. And it turned out it's able to extract source from not only Firefox, but also Chrome and Opera extensions too.For those of you who are as paranoid as I am about what the extensions may or may not be doing without your knowledge, this is a great little tool. Has a built in JS beautifier as well, which is really nice.

Submitted April 12, 2018 at 01:00AM by NessInOnett
via reddit https://ift.tt/2HxK97r

Cant remove keylogger, but i know my PC is infected with one.
ANY help is needed right now. I'm desperate since my bank account has been compromised now... Malwarebytes or Avast wont detect ANYTHING. And i cant find any suspicious programs in "msconfig".

Submitted April 12, 2018 at 03:30AM by Mikllasp
via reddit https://ift.tt/2JFdzAO

Security awareness talk in SF Tuesday next week - learn how to mitigate the wetware risk
https://ift.tt/2EFtuLY

Submitted April 12, 2018 at 03:08AM by Chouma
via reddit https://ift.tt/2JDhP3O

Manned guard services in India I Armed Guard |Security guards for Office
https://ift.tt/2EFGNvT

Submitted April 12, 2018 at 11:40AM by onlinecleansweep
via reddit https://ift.tt/2JEF4L9

Web App Security 101: Keep Calm and Do Threat Modeling
https://ift.tt/2qprfYb

Submitted April 12, 2018 at 02:25PM by Slavos17
via reddit https://ift.tt/2GPqXoi

Is WAF a must?
Thinking now about security hardening our web app (Google cloud, K8S as a service, API that is exposed to the web), considering to use some web application firewall (WAF) but it seems to have significant costs. How critical is having this vs plain ELB + nginx basic security measures like limiter

Submitted April 12, 2018 at 02:57PM by yonatannn
via reddit https://ift.tt/2Hwu2XK

Slack channel for InfoSec Write-up followers – InfoSec Writeups – Medium
https://ift.tt/2JChgrj

Submitted April 12, 2018 at 03:42PM by Eta-Meson
via reddit https://ift.tt/2INH8iv

Please email me your password
https://ift.tt/2Hiitp6

Submitted April 12, 2018 at 03:25PM by albinowax
via reddit https://ift.tt/2HuqbKp

ASP.NET View State Decoding
https://ift.tt/2GVrTDG

Submitted April 12, 2018 at 03:03PM by folliez
via reddit https://ift.tt/2HuRcNV

Penetrating Pays: The Pornhub Story
https://ift.tt/2v7W1KD

Submitted April 12, 2018 at 04:50PM by ZephrX112
via reddit https://ift.tt/2GPFTmm