REMEMBER - Data does not equal information, and information does not equal understanding. Very important for Incident Response

From Bruce Schneier's Blog:

Automation has its place in incident response, but the focus needs to be on making the people effective, not on replacing them ­ security orchestration, not automation.

In a world of uncertainty, the focus is on execution. In a world of certainty, the focus is on planning.

When things are uncertain, you want your systems to be decentralized. When things are certain, centralization is more important. Good incident response teams know that decentralization goes hand in hand with initiative. And finally, a world of uncertainty prioritizes command, while a world of certainty prioritizes control.


For More Info:
https://www.schneier.com/blog/archives/2017/03/security_orches.html

LastPass users - you may want to read this

When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn't present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault.

"It will take a long time to fix this properly, It's a major architectural problem"



For More information:
https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/

OFFLINE Backup is becoming more and more important (Ransomware is getting smarter)

From the article:

The attacks also use a process known as Process Hollowing to execute the installer. Here, attackers create processes in a suspended state and replace the process image with one that the attacker wants to remain hidden. The installer, he said, is also encrypted inside the NSIS installer and decrypted at runtime. Even this particular technique is a riff on traditional Process Hollowing, he said.

“Everything happens inside of memory. I’m executing the process in a suspended state, replacing the image with the image of the ransomware and redirecting the entry point of the new process to my code,” Nipravsky said. “What happens when I resume the process is that it goes to my code and not the original code.”

For more details:

https://threatpost.com/locky-cerber-ransomware-skilled-at-hiding/124441/

Free - Office 2016 training from Microsoft

There are PDF files and these files have a road map with live links.

Nice idea and not bad for being offered free.
It will be more useful for those who have trouble with PowerPoint  or Access



Get it here
https://support.office.com/en-us/article/office-training-roadmaps-62a4b0dc-beba-4d8e-b79c-0ad200e705a1

Free (till 03/15) book - Learning Linux Shell Scripting

Not sure of the quality however it is free.

Get it here
https://www.tradepub.com/free/w_pacb41/

How to Securely use your Mobile Apps

Simple and good enough for regular users

Get it Here
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201703_en.pdf