Introducing: Ransomware Tracker | abuse.ch

The author and maintainer of the popular abuse.ch website has realeased a new and interesting project tracking and providing guidence for ransomwear type malware.

Its purpose at this stage of development is:

 

  • Providing an overview on internet infrastructure used by cybercriminals for their Ransomware operations
  • Providing hosting- and internet service providers (ISPs), law enforcement agencies (LEA) and national CERTs/CSIRTs intel on such infrastructure within their constituency
  • Offering blocklists for internet users, enterprises and antivirus vendors and security solution providers
  • Giving internet users and enterprises a brief overview on Ransomware mitigation strategies

I think it’s great that more and more security professionals are developing new tools, sites and research to help mitigate these threats.

Source: Introducing: Ransomware Tracker | abuse.ch

Continue Reading

Open Source [Scalable] Vendor Security Reviews – Google Security 

Google released one of its in-house tools used to help assess vendor security. They have released both the questionnaires and source code on Github (link below). For organisations which have to regularly assess the high level security controls in place for vendors this approach is quite novel, the questionnaire changes based on the responses and (where relevant) displays warnings and security advice to the vendor within the form itself.

Quote:

Based on this positive response, we’ve decided to open source the VSAQ Framework (Apache License Version 2) and the generally applicable parts of our questionnaires on GitHub: https://github.com/google/vsaq. We hope it will help companies spin up, or further improve their own vendor security programs. We also hope the base questionnaires can serve as a self-assessment tool for security-conscious companies and developers looking to improve their security posture.

The VSAQ Framework comes with four security questionnaire templates that can be used with the VSAQ rendering engine:

Source: Google Online Security Blog: Scalable vendor security reviews

Continue Reading