Exploits, vulnerabilities and threat adaptation

Security, whether focused on physical, cyber, operational, or other domains, is an interesting topic that lends itself to considerable debate among practitioners. There are, however, basic concepts and underpinnings that pervade general security theory. One of the most important, yet often misunderstood concepts are those inextricably entwined concepts of vulnerabilities and exploits. These basic underpinnings are critical in all security domains.


Securing a New Way of Working: You Gotta Love the CVEs

Right, so now the vast majority of your workforce works remotely. Clearly managing all these inbound VPN connections is on top of mind, but what about other vulnerabilities you should be monitoring for? In addition to the ever increasing number of inbound VPN connections, organizations can expect an increase in the use of SaaS-based collaborative software such as Slack, Dropbox, G Suite, and Trello.


New Kr00k Vulnerability Affects Over 1 Million Wi-Fi Devices

A new vulnerability was recently discovered that could potentially allow attackers to obtain sensitive information from over one billion Wi-Fi-capable devices. Kr00k (CVE-2019-15126) is the latest vulnerability that's been shown to caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing hackers to decrypt some wireless network packets transmitted by impacted devices.


NSA Releases Cloud Vulnerability Guidance

The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls.


What is Cross-Site Scripting (XSS)?

Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users and may be used to bypass access control, such as the same-origin policy. The impact of XSS can range from a small nuisance to significant cybersecurity risk, depending on the sensitivity of data handled by the vulnerable website, and the nature of any mitigations implemented.


Organizations Still Failing to Apply Patches - Top 10 Software Vulnerabilities

New research from Recorded Future claims that hackers are exploiting many of the same security vulnerabilities as last year, demonstrating how failure to apply security updates is leaving organizations vulnerable to attack. Researchers analyzed the top vulnerabilities, exploit kits and malware attacks used by attackers in 2019 and found that six of the most commonly exploited vulnerabilities were repeats from 2018.


NSA's Windows 10 Advisory - Is Your OS Really Secure?

New year, same old problems for Windows 10. But it doesn’t have to be that way. Earlier this month the United State’s National Security Agency (NSA) announced that they discovered a major vulnerability in Windows 10 and Windows Server 2016 that could have had dire consequences for businesses around the world. The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors NSA official cybersecurity advisory


Unpatched zero-day vulnerability in Internet Explorer exploited in the wild

Barely a week after Patch Tuesday, internet security company Qihoo 360 has discovered yet another vulnerability in Internet Explorer (IE), this time due to a remote code execution vulnerability in the jscript.dll scripting engine. The vulnerability, identified as CVE-2020-0674, is considered Critical for IE 11, and Moderate for IE 9 and IE 10.


Detecting CVE-2020-0601 Exploitation Attempts With Wire & Log Data

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.