112 matches found
In the Fight Against DDoS Attacks, not all PoPs are Created Equal
A distributed denial of service DDoS attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. A DDoS attack is launched from numerous compromised devices, often distributed globally in what ...
Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three...
Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information (CVE-2020-25178)
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...
NSA Releases Network Infrastructure Security Guidance
The National Security Agency NSA has released a new Cybersecurity Technical Report CTR: Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter an...
NSA Best Practices for Selecting Cisco Password Types
The National Security Agency NSA has released a Cybersecurity Information CSI sheet with guidance on securing network infrastructure devices and credentials. Cisco devices are used globally to secure network infrastructure devices, including across the Department of Defense, National Security...
Ransom DDoS Enters its Fourth Wave
Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...
Types of Penetration Testing
If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your...
A6: Security Misconfiguration ❗️ — Top 10 OWASP 2017
A6: Security Misconfiguration ❗️ — Top 10 OWASP 2017 Introduction A6: Security Misconfiguration What is Security Misconfiguration? I believe this name was chosen to be as ambiguous as possible for one of the Top 10 OWASP vulnerabilities. It can encompass anything and everything related to...
Rockwell Automation MicroLogix 1400 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: MicroLogix 1400 Vulnerability: Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-033-01 Rockwell Automation MicroLogix 1400 that...
Rockwell Automation FactoryTalk Linx and FactoryTalk Services Platform
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Linx and FactoryTalk Services Platform Vulnerabilities: Classic Buffer overflow, Improper Check or Handling of Exceptional Conditions 2. RISK EVALUATION...
Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...
Time for a Haircut
Like many people around the world, my hair has grown profusely in the past few months and bears little resemblance to the photo in my profile. Without the required care and attention, my hair is getting dangerously close to the bad hairstyles I adopted in the 1980s. I could of course attempt to f...
Zero Trust—Part 1: Networking
Enterprises used to be able to secure their corporate perimeters with traditional network controls and feel confident that they were keeping hackers out. However, in a mobile- and cloud-first world, in which the rate and the sophistication level of security attacks are increasing, they can no...
Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios
With the bulk of end users now working remotely, legacy network architectures that route all remote traffic through a central corporate network are suddenly under enormous strain. The result can be poorer performance, productivity, and user experience. Many organizations are now rethinking their...
Rockwell Automation Allen-Bradley Stratix 5950
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix 5950 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write a...
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection Microsoft Defender ATP employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land...
U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels
The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the...
One year later: The VPNFilter catastrophe that wasn't
Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. The attacker’s...
The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack
DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently...
Rockwell Automation Stratix 5400/5410/5700 and ArmorStratix 5700
1. EXECUTIVE SUMMARY ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Stratix 5400/5410/5700, ArmorStratix 5700 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...