Day: April 5, 2022

Microsoft’s Response to CVE-2022-22965 Spring Framework

Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability. Threat analysis of the …

Microsoft’s Response to CVE-2022-22965 Spring Framework Read More »

SWN #201 – VMware, Hydra, MailChimp, Cisco, PEAR PHP, Red Hat, GitLab, & Digital Diplomacy

Paul’s Security Weekly Tue, 31 May 2022 22:18:06 +0000 Wed, 08 Jun 2022 08:33:18 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no SWN #201 – VMware, Hydra, MailChimp, Cisco, PEAR PHP, Red Hat, GitLab, & Digital Diplomacy Tue, 05 Apr 2022 21:48:08 +0000 29:15 …

SWN #201 – VMware, Hydra, MailChimp, Cisco, PEAR PHP, Red Hat, GitLab, & Digital Diplomacy Read More »

SWN #201 – VMware, Hydra, MailChimp, Cisco, PEAR PHP, Red Hat, GitLab, & Digital Diplomacy

Paul’s Security Weekly Tue, 31 May 2022 22:18:06 +0000 Wed, 08 Jun 2022 08:33:18 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no SWN #201 – VMware, Hydra, MailChimp, Cisco, PEAR PHP, Red Hat, GitLab, & Digital Diplomacy Tue, 05 Apr 2022 21:48:08 +0000 29:15 …

SWN #201 – VMware, Hydra, MailChimp, Cisco, PEAR PHP, Red Hat, GitLab, & Digital Diplomacy Read More »

ASW #191 – Eric Allard

Paul’s Security Weekly Tue, 31 May 2022 22:18:06 +0000 Wed, 08 Jun 2022 07:39:46 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no ASW #191 – Eric Allard Tue, 05 Apr 2022 21:00:00 +0000 01:18:50 false Podcast full Read more

ASW #191 – Eric Allard

Paul’s Security Weekly Tue, 31 May 2022 22:18:06 +0000 Wed, 08 Jun 2022 07:39:46 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no ASW #191 – Eric Allard Tue, 05 Apr 2022 21:00:00 +0000 01:18:50 false Podcast full Read more

Smarter Homes & Gardens: Protecting the Smart Devices in Your Home

Outfitting your smart home could get a whole lot easier this year.  A new industry standard called Matter aims to remove a big barrier in smart home technology, one that makes different smart home devices compatible with any smart home platform—something that wasn’t possible until now.  For years, different smart home devices have run on several …

Smarter Homes & Gardens: Protecting the Smart Devices in Your Home Read More »

Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely

If you’re thinking about crypto, one of the first things you’ll want to do is get yourself a good wallet.   Topping the several important things a new cryptocurrency investor needs to think about is security. Rightfully so. Cryptocurrency is indeed subject to all kinds of fraud, theft, and phishing attacks, just like the credentials and …

Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely Read More »

ILTA eDiscovery Survey Highlights Targeted ESI Collection as the Preferred Methodology

The International Legal Technology Association (ILTA) recently published a very informative and comprehensive law firm eDiscovery practice survey, “2021 Litigation and Practice Support Survey.” ILTA received responses from litigation support professionals from 82 different law firms ranging in size from medium to large, on a variety of subjects, including eDiscovery practice trends and software tool …

ILTA eDiscovery Survey Highlights Targeted ESI Collection as the Preferred Methodology Read More »

Randomizing the KUSER_SHARED_DATA Structure on Windows

Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization (KASLR) that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space (VAS) locations including kernel stacks, pools, system PTEs etc. are randomized. A well-known exception to this is the KUSER_SHARED_DATA structure which is a page …

Randomizing the KUSER_SHARED_DATA Structure on Windows Read More »

How to Incorporate Security Into Your Vendor Selection Process

As an InfoSec leader, how often are you pulled into the vendor selection process? Often, it’s probably only in an auditing role or to assist with vendor risk assessments when available. Often, InfoSec teams are introduced into these conversations and processes way too late, creating roadblocks for vendor partnerships to move forward.Read more

CVE-2022-25372:Local Privilege Escalation in Pritunl VPN Client

Pritunl Vulnerability Overview Affected Product Summary The Pritunl VPN Client service is vulnerable to an arbitrary file write as SYSTEM on Windows. This is due to insecure directory permissions on the Pritunl ProgramData folder. The arbitrary file write is then able to be leveraged for full privilege escalation due to the privileged Pritunl VPN service …

CVE-2022-25372:Local Privilege Escalation in Pritunl VPN Client Read More »

Cyber Triage 3.2.0

Watch Video or continue reading below Cyber Triage version 3.2 brings in several customer requests. The whole list of new features is HERE, but today I’d like to introduce you to some of the most prominent ones. This post covers: Batching – You can now queue multiple hosts at a time for ingest. KAPE Input …

Cyber Triage 3.2.0 Read More »

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Four

Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile Part IV: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – First-Party Data …

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Four Read More »

Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling

Burp Suite Enterprise Edition is the dynamic vulnerability scanner that can help you to secure your whole web portfolio. And with release 2022.3, we’ve taken those same flexible Burp scans and made them even better. The all-new way to deploy Burp Suite Enterprise Edition to Kubernetes has now arrived – bringing powerful new auto-scaling capabilities …

Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling Read More »

5 Reasons Why Enterprises Need Zero Trust Security

The notion of “Zero Trust” has been around since the 90s. But, the Zero Trust security model was first coined by John Kindervag to describe stricter access control management and cybersecurity programs, in 2010. By implementing Zero Trust, enterprises can strengthen their cybersecurity posture and their defenses against cyberthreats. Let’s see the 5 reasons why …

5 Reasons Why Enterprises Need Zero Trust Security Read More »

Process Injection via Component Object Model (COM) IRundown::DoCallback()

Introduction The MDSec red team are continually performing research in to new and innovative techniques for code injection enabling us to integrate them in to tools used for our red team services and our commercial C2, Nighthawk. Injecting Code into Windows Protected Processes using COM, Part 1 and Part 2 by James Forshaw of the Project Zero team prompted an interest in COM …

Process Injection via Component Object Model (COM) IRundown::DoCallback() Read More »

Cado Security Extends Support To Serverless Environments 

Today we’re thrilled to announce that we’ve extended support to serverless environments! With enhanced visibility and analysis of Amazon Web Services (AWS) Fargate and Lambda serverless functions, security teams gain enhanced visibility and context to further simplify cloud investigation and response. Check out a live platform demonstration of Cado’s AWS Fargate support, or request a …

Cado Security Extends Support To Serverless Environments  Read More »

Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps

Many organisations have recognised the risk of assigning cloud engineers with direct privileges to their production Azure Cloud resources. With Owner or Contributor privileges assigned to an engineer’s day-to-day Azure Active Directory (Azure AD) account, an attacker capable of compromising such an account can gain total control over the relevant cloud resources, and act with …

Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps Read More »

What is your public cloud exposure? See what an attacker sees with Recon.Cloud from Lightspin

“What is my public exposure?” This is a question we have heard time and time again from our customers. The Lightspin platform provides a variety of views of customers’ cloud environment – from surfacing the most critical attack paths, to lateral movements, poor configurations, to giving their teams a birds’ eye view of all their …

What is your public cloud exposure? See what an attacker sees with Recon.Cloud from Lightspin Read More »

Guide on Cybersecurity Maturity Model Certification (CMMC 2.0)

CMMC 2.0 Model is the latest upgraded version of CMMC v 1.0 established back in 2020. The Department of Defense (DoD) in a bid to mitigate the growing risk of cyber security threats, released the Cybersecurity Maturity Model Certification (CMMC) framework in January 2020. The objective behind establishing this framework was to ensure that businesses …

Guide on Cybersecurity Maturity Model Certification (CMMC 2.0) Read More »

Axie Infinity – Ronin Network loses $620m in the largest-ever crypto heist

Axie Infinity is the biggest gaming platform that rewards users for playing games. Ronin Network, which is also owned by Vietnamese parent company Sky Mavis, allows players to exchange the digital coins they earn in Axie Infinity with other cryptocurrencies like Ethereum. On March 29th, a newsletter from the Ronin network stated that 173,600 ether …

Axie Infinity – Ronin Network loses $620m in the largest-ever crypto heist Read More »