苏珊·布拉德利这里CSO在线。我想提请你注意我的东西在最近的Windows Defender先进的威胁防护警报发现。他们谈论了在一个鱼叉式网络钓鱼攻击使用的零日闪光灯。Adobe发布了对2018年的目标袭击是针对俄罗斯的医疗机构12月5日这一个零日补丁。题为起来CV 2018 15982,该漏洞有一个有趣的攻击序列。它强调了我一个数字,应该用它来阻止此类攻击缓解的。开始与鱼叉式网络钓鱼攻击的攻击。由于该网站Knowb4点出了高达的网络攻击的91%,并导致数据泄露开始用鱼叉式网络钓鱼电子邮件。鱼叉式网络钓鱼电子邮件实际上是在一个特定的个人或部门与组织,似乎是从一个值得信赖的来源有针对性的电子邮件。因此,它是非常难以防守。 It's not impossible, but is hard to detect. So here's how this attack played out. Spear phishing email consisted of a rar archive file containing two files. The first was a lure document an enticing email and the second was an archive file just disguised as jpeg file. Once the user opened the document an active ex flashed control was activated. That ran a command script that unzipped the archive file and ran the payload. In this instance a scheduled task was created to start a backdoor whenever the user logged in. It collected vital system information and then uploaded that information to a hard coded command and control IP address server every five minutes.
后门设置为能够接收可能被加载到内存中的指令。有几种方法可以减轻这种攻击以及保卫多一点点,并检查您的电子邮件帐户,看看是否已被破坏。一些更常见的方式,你可以判断,如果你的帐户已受到侵害的,如果你看到可疑的活动。在环境中的其他用户收到从受感染的电子邮件数量。你看盒子的规则,你没有设置。用户显示名称可能会被更改。用户的邮箱被阻止发送电子邮件阻塞。发送的文件夹包含常见的黑客入侵帐户的邮件就像我困在这里汇钱。还有的是不寻常的轮廓变化异常证书仅仅改变邮件转发已添加。再次什么,只是似乎很奇怪。 Make sure you empower your end users to tell you of unusual events they see in their mailbox. Next you obviously want to patch for the exploit but again we can't always have patches available so we also need to know how and what things to do to protect. Just in case. For example on Windows 10 you can enable Windows Defender System guard and exploit protection capabilities in Windows 10. Next you can turn on cloud delivered protection and automatic sample submission in Windows Defender antivirus. This uses artificial intelligence and machine learning to identify new patterns. And of course you want to make sure your office ATP settings are available advanced threat protection.
你要确保先进的威胁防护安全链接和先进的保护保护设置安全发送设置,你要打开Windows 10减少攻击面的规则来限制可执行的活动。您可能需要审核,如果你许可,能够做到这一点,你将需要Windows Defender的ATP和需要Windows 10的企业E5。底线我希望你想想,当你会受到攻击的方面。如果你不将受到攻击。如果你考虑与计划,你将是从长远来看更安全。所以,现在你在风险面前。想想,你可以强化你的系统的方法的。直到下一次。这是苏珊·布拉德利CSO在线内幕。
后门设置为能够接收可能被加载到内存中的指令。有几种方法可以减轻这种攻击以及保卫多一点点,并检查您的电子邮件帐户,看看是否已被破坏。一些更常见的方式,你可以判断,如果你的帐户已受到侵害的,如果你看到可疑的活动。在环境中的其他用户收到从受感染的电子邮件数量。你看盒子的规则,你没有设置。用户显示名称可能会被更改。用户的邮箱被阻止发送电子邮件阻塞。发送的文件夹包含常见的黑客入侵帐户的邮件就像我困在这里汇钱。还有的是不寻常的轮廓变化异常证书仅仅改变邮件转发已添加。再次什么,只是似乎很奇怪。 Make sure you empower your end users to tell you of unusual events they see in their mailbox. Next you obviously want to patch for the exploit but again we can't always have patches available so we also need to know how and what things to do to protect. Just in case. For example on Windows 10 you can enable Windows Defender System guard and exploit protection capabilities in Windows 10. Next you can turn on cloud delivered protection and automatic sample submission in Windows Defender antivirus. This uses artificial intelligence and machine learning to identify new patterns. And of course you want to make sure your office ATP settings are available advanced threat protection.
你要确保先进的威胁防护安全链接和先进的保护保护设置安全发送设置,你要打开Windows 10减少攻击面的规则来限制可执行的活动。您可能需要审核,如果你许可,能够做到这一点,你将需要Windows Defender的ATP和需要Windows 10的企业E5。底线我希望你想想,当你会受到攻击的方面。如果你不将受到攻击。如果你考虑与计划,你将是从长远来看更安全。所以,现在你在风险面前。想想,你可以强化你的系统的方法的。直到下一次。这是苏珊·布拉德利CSO在线内幕。
流行
从IDG.tv精选视频