The Federal Bureau of investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory warning that 3 Fortinet CVEs (CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591) are being leveraged to gain a foothold in government agency and commercial networks to be exploited in the future.
F5 has released patches for several BIG-IP and BIG-IQ critical vulnerabilities. CVE-2021-22986 is the most critical since it allows unauthenticated attackers with network access to use the iControl REST interface, via the BIG-IP management interface and self IP addresses, to execute system commands that could lead to complete system compromise.
Multiple news sources, security researchers and security agencies have reported on a new attack against tens, if not hundreds, of thousands of Internet accessible Exchange servers configured for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Outlook Web App (OWA) access. These attacks are being carried out by the China nation/state sponsored hacking group known as Hafnium.
The U.S. National Security Agency published a report detailing the top 25 vulnerabilities consistently being scanned, targeted, and exploited by Chinese state-sponsored hacking groups. All 25 vulnerabilities are known and have patches available from their vendors.
All cybersecurity news events, like the recent disclosure of compromise involving SolarWinds Orion by APT 29, aka “Cozy Bear,” cause CISOs to ask the same initial questions:
Do I have this problem? Where? What are the consequences?
In this instance, the attack is extremely sophisticated, and quite alarming – it’s a supply chain attack, involving […]
What is Defend Forward?
The DoD’s Defend Forward operational concept has been rolling out over the past few years. Policy makers and cyber defenders in government realized that, as the situation in Afghanistan led directly to the rise of Al-Qaeda and the 9-11 attacks, the situation in cyberspace was going to lead to crippling […]
I’ve been in cybersecurity for 19 years and love the field. It’s technically a very challenging problem to solve and the stakes are extremely high. Those of us in this field are defending the foundation of the information age. We are protecting the money in people’s bank accounts, their personal privacy and dignity, and even […]
RedSeal Cyber Threat Series
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) have a known vulnerability – CVE-2020-3452. This security vulnerability can allow an unauthenticated attacker to remotely conduct a directory traversal attack as well as read sensitive files on a targeted system.
Exploiting this vulnerability, the attacker can view files […]
Cybersecurity Maturity Model Certification (CMMC) is a tiered system in which defense contractors—or any organization holding Controlled Unclassified Information (CUI) must be vetted by a third-party assessor on a five-level scale to determine the maturity of their enterprise security. This requires companies that do business with the Department of Defense to protect their data since […]
Working on a Red Team is frustrating. I know, I was on one.
Red Teams work hard penetrating systems, gathering data and presenting findings to senior management only to get strongly dismissive responses- “So what?” This is frequently followed by an order to not to share detailed information with the Defensive Cyber Operations (DCO) teams […]