Guides
There are so many lists of “tools” of “free resources” for “cyber” etc. Well I don’t want to make a list of stuff for social media, this isn’t the TOP x tools, this is simply some resources that I use on a regular basis that should give people a fairly good idea of where to start looking. Cyber sleuthing is a mixture of:
Vulnerabilities
There appears to be a new RCE out for Fortinet devices as per this post (it’s against FortiNAC as far I am aware so this is probably a much smaller exposure footprint than all fortinet devices):
https://www.fortiguard.com/psirt/FG-IR-22-300
There’s also this in FortiWeb (and well they released 40 odd fixes to various bits)
https://www.fortiguard.com/psirt/FG-IR-21-186
When we consider security edge devices and the risks these may pose to organizations and society as a whole it’s important to understand that these are no trivial matter. These are “security” appliances that are there to protect your organizations, to provide remote access as well as protect network egress etc.
Fortinet are not the only vendor to suffer from these types of vulnerability (Remote Code Execution – RCE) however there do appear to have been quite a few of these when looking historically.
Read more “CVE-2022-39952 Fortinet Global Exposure”
Education
The loss of availability Ransomware causes is enough to make your day/week/s bad, the loss of data, bad month/quarter or longer.
Lockbit posted “Royal Mail need new negotiator.” Followed by “ALL AVAILABLE DATA PUBLISHED !”
What we actually found is that they published the chat history:
Read more “Lockbit 3.0 and Royal Mail – Chats Published”
Threat Intel
Adversary: Unknown, likely Criminal Actor/s
Initial Access Vector: Unknown/Unproven
Impact: ~3K+ Hosts have had Remote Code Execute and their ESXi logon pages changed (plus had encryption routines run to encrypt virtual machines, with varying success). A Second encryption routine has been deployed to some hosts; the threat actor is expanding/changing capabilities.
Risk: Further impact, Additional Threat Actors Exploit the vulnerability
Read more “ESXiargs Summary 09-02-2023 10:03”
Threat Intel
When running honeypots you never have to wait too long for something to drop!
This moring we had a new hit in the pot, so I decided to invesigate but also to blog and show how we could go about investigating the logs and paylods etc.
Read more “Learn to SOC: Java Webshell via confluence”
Guides
If you want to keep up with the world of cyber security the fastest place is twitter, however that’s not the only place and whilst tweetdeck and twitter itself are incredible useful, you also are going to want to check out other areas. Inspired by a friend’s tool I thought I’d just knock up a list of sites that have useful cyber security information on:
Read more “Useful Security News Sites and Blogs”
Defense
On March 2nd, 2021 at ~6pm GMT Microsoft released an out of band update to all version of exchange from 2010 through to 2019. This was in response to a range of vulnerabilities which had been abused (a 0-day) by a threat actor (coined by MS as HAFNIUM).
For more info from MS please see the following:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Key CVES include:
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Read more “Checking for Hafnium or other groups impact from Exchange Abuse”