As many of you may know, the MSI team has been hard at work the last several months finishing the beta of our new compromised workstation detection product, HoneyPoint Wasp. It is a fully integrated component of HoneyPoint Security Server, capable of executing distributed detection and threat monitoring on Windows workstations across enterprises. The initial [...]
My friend Eric has put up some excellent statistics and metrics on PHP RFI attacks against his honeynet. This is some excellent data. If you have read other stuff we have pointed to from Eric, then you know what to expect. But, if you are interested in a real world look at trends and metrics [...]
One of the least understood parts of MicroSolved is how the HoneyPoint Internet Threat Monitoring Environment (#HITME) data is used to better protect our customers. The engineers have asked me to drop this line into the newsletter and give you a “bees knees” perspective of how it works! First, if you don’t know about the [...]
Lucid Puppy Linux 5.0 was released back in May of 2010, but as one of my favorite distros, I have been playing with it heavily since then. I have been so impressed with the new version that I wanted to take a moment and write a quick review of this release. You can find the [...]
Right now, most organizations are fighting a losing battle against initial stage compromises. Malware, bots and client side attacks are eating many security programs alive. The security team is having a nearly impossible time keeping up with the onslaught and end-user systems are falling left and right in many organizations. Worse, security teams that are [...]
Just talked to a client who had dropped a HoneyPoint decoy host in their VPN termination segment a couple of weeks ago. Yesterday, it paid off. They caught a machine that had passed the anti-virus and patching requirements of the NAC for the VPN. The machine was AV scanned clean. But, immediately upon connection the [...]
I posted details here along with a current list of PHP RFI drop hosts that are being used to compromise web servers with vulnerable code. You can use the list along with grep/regex to scan your outbound web/firewall/proxy logs for web servers that are likely infected with bot code from the scanners using these sites. [...]
A honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to [...]
The HITME has been abuzz with alerts from around the globe of scans attempting to find various mobile directories on HoneyPoint hosts. Here is a list of targets that are being checked for: /iphone /m /mobi /mobile While no scanner signatures or identifiers are being sent with the probes, it’s still cause for concern over [...]
Project Honey Pot, a non-profit grassroots community of IT professionals founded in 2004 to capture and analyze malicious traffic, just captured its one billionth spam message. It is marking the opportunity by releasing its findings. They discovered that the number of computers co-opted as part of botnet operations has experienced a yearly average increase of [...]