193 matches found
Detecting Credential Stealing Attacks Through Active In-Network Defense
ARCHIVED STORY Detecting Credential Stealing Attacks Through Active In-Network Defense By Trellix · September 22, 2021 This blog was written by Chintan Shah Executive Summary Today, enterprises tend to use multiple layers of security defenses, ranging from perimeter defense on network entry point...
Ntlm_Theft - A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files
A tool for generating multiple types of NTLMv2 hash theft files. ntlmtheft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the...
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
The pandemic and remote work shattered your perimeter. Your attack surface has changed — and will keep changing. It’s our mission to help customers strengthen security defenses and stay ahead of evil. As the modern perimeter expands, new and old vulnerabilities emerge as open doors for attackers;...
Managing Privileged Access for a Post-COVID Perimeter
For many, 2021 signifies a year of recovery, reflection and reimagining. After the whirlwind year of 2020, we witnessed all aspects and facets of our lives and businesses turn upside down as our communities and economies adapted to the disruptions of the COVID-19 pandemic. As we all know, the...
Top Routinely Exploited Vulnerabilities
Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, the United Kingdom’s National Cyber Security Centre NCSC, and the U.S. Federal Bureau of Investigation FBI. This advisory provides...
Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
✍️ Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. 🕵️♂️ Proof of Concept Updating page with malicious...
CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer
In a perfect world, CISA would laminate cards with the year’s top 30 vulnerabilities: You could whip it out and ask a business if they’ve bandaged these specific wounds before you hand over your cash. This is not a perfect world. There are no laminated vulnerability cards. But at least we have th...
Cisco ASA Bug Now Actively Exploited as PoC Drops
Researchers have dropped a proof-of-concept PoC exploit on Twitter for a known cross-site scripting XSS vulnerability in the Cisco Adaptive Security Appliance ASA. The move comes as reports surface of in-the-wild exploitation of the bug. Researchers at Positive Technologies published the PoC for...
CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential
The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device. This is an instance of CWE-798: Use of Hard-coded Credentials, and has an estimated CVSSv3 score of 9.1...
Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 CVSS score 9.8, the issue stems from a lack of input validation in the Virtual SAN vSAN Health...
CISA Emergency Directive 21-03: VPN Vulnerabilities Actively Exploited
On April 20, 2021, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency CISA released an alert on the exploitation of Pulse Connect Secure Vulnerabilities with Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive ED...
AM Live Vulnerability Management Conference Part 2: What was I talking about there
Hello all! It is the second part about AM Live Vulnerability Management conference. In the first part I made the timecodes for the 2 hours video in Russian. Here I have combined all my lines into one text. What is Vulnerability Management? Vulnerability Management process is the opposite of the...
AM Live Vulnerability Management Conference Part 1: Full video in Russian + Timecodes in English
Hello all! 2 weeks ago I participated in the best online event fully dedicated to Vulnerability Management in Russia. It was super fun and exciting. Thanks to all the colleagues and especially to Lev Paley for the great moderation! I have talked out completely. Everything I wanted and the way I...
Zero Trust: 7 adoption strategies from security leaders
Microsoft considers Zero Trust an essential component of any organization’s security plan. We have partnered with Cloud Security Alliance, a not-for-profit organization that promotes cloud computing best practices, to bring together executive security leaders to discuss and share insights about...
Campari Site Suffers Ransomware Hangover
Italian spirits brand Campari has restored its company website following a recent ransomware attack. According to the ransom note, the group behind the breach used Ragnar Locker to encrypt most of Campari’s servers and was holding the data hostage for $15 million in Bitcoin. Campari Group is behi...
The Network Perimeter: This Time, It’s Personal
In the rear-view mirror of history, the state of cybersecurity will not take top billing away from the COVID-19 pandemic. However, the one has been significantly affected by the other, and only time will tell what the full fallout will be. The first six months of 2020 saw significant developments...
Sandbox in security: what is it, and how it relates to malware
To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...
SNIcat - Server Name Indication Concatenator
SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication , a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command &Control Server which controls the agent and...
Fact vs. Fiction: 10 Endpoint Security Myths Debunked
Simply defined, endpoint security protects desktops, laptops, servers, and fixed-function devices from malicious internal and external threats. Endpoint security combines various threat detection, response and prevention technologies to help organizations disrupt cyberattacks. Despite the clear-c...
6 Best Practices to Fight a New Breed of Insider Threats
The current global pandemic has disrupted how organizations work. Some businesses quickly adapt while other organizations are still figuring out the new landscape. Unfortunately, criminals are exploiting vulnerabilities during this challenging time. There has been an 238% increase in cyberattacks...