Common Vulnerabilities and Exposures – October 2022
Critical Zoho ManageEngine RCE Vulnerability On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated […]
Hacks – October 2022
September saw a significant number of cyber breaches with Uber, Rockstar Games and Optus all impacted within a week. The attack methods observed in these breaches were MFA fatigue attacks and a vulnerable public API in the case of the Optus breach. MFA fatigue attacks are becoming a more frequently used MFA bypass technique, where […]
March 2022 Okta LAPSUS$ security incident
At 2:09pm on the 22nd of March 2022 (AEDT), the advanced persistent threat actor (APT) group “LAPSUS$” released screenshots and claims, on the encrypted messaging app Telegram [1] they had achieved superuser access to the Okta Cloud platform, as well as access to other internal systems including the Okta Atlassian suite and Okta Slack channels. […]
Log4j Vulnerability
Log4j continues to disrupt global festive season change freezes. On Friday (10 December 2021), NIST announced a remote code execution vulnerability (CVE-2021-44228) https://nvd.nist.gov/vuln/detail/CVE-2021-44228 in the Apache log4j project. Log4j is one of the pervasive, open-source building blocks that applications across your infrastructure use for logging. The vulnerability is of critical severity as it can be […]
Hacks – Importance of configuration management
Hackers are smart and know a lot of simple tricks to get around the cybersecurity defences that companies spend a huge amount of dollars and time to implement. Once inside a network one of the main aims is to steal data and exfiltrate it to an external destination; this is considered one of the most […]
News U.S Colonial Fuel Pipeline Ransomware Attack
Attackers tend to target major organisations like banks, software companies, vendors & financial firms. On May 7th Colonial Pipeline got attacked. A ransomware attack had been executed, completely shutting down their supply of fuel & gas. The company suffered major losses. This is one of the purposes of attacks like these, to de-stabilize an organisation […]
Ransomware A Real World Incident
Late last year Brace168 was engaged to respond to a ransomware attack to conducted incident response services. The ransomware in question was a previously unknown variant of ‘zusy’ malware delivered through a trojanised open-source software, Notepad++. On the day of the attack, Brace168 initiated a War Room to immediately respond to the situation and work […]
Here are some of our musings about the Cyber Security industry.
The real question is the cost of not having a cyber security plan. We all hate paying our insurance policies. Trust me, it’s one of my pet hates each year when they come around, but let me tell you a story. In 2011, I had an accident … a big one. I broke my neck. […]
