News
Another day in the life o’cyber! There’s probably new exploits, new vulnerabilities, new updates and industry changes galore but here’s some highlights from the day!
Read more “Cyber News Today”
Guides
If you want to keep up with the world of cyber security the fastest place is twitter, however that’s not the only place and whilst tweetdeck and twitter itself are incredible useful, you also are going to want to check out other areas. Inspired by a friend’s tool I thought I’d just knock up a list of sites that have useful cyber security information on:
Read more “Useful Security News Sites and Blogs”
Defense
Protecting admin interfaces is a really good idea, network segmentation however is one thing that many organisations struggle with. Most networks are what we call flat. They may be carved up into VLANs but generally speaking, in a lot of networks if you are “inside” then you have full access across the TCP/IP space.
Now here we are talking about the internal attack surface, so a threat actor would need network routable access which should not be the case for things like vcenter interfaces from the internet, however it appears that’s not really exactly how the world works.
Let’s look in Shodan! Read more “CVE-2021-22005 – vCenter RCE”
Threat Intel
Welcome to another Threat Week update, today we are going to look at some of the active threats in the wild and in the news.
Common attack vectors are still the usual suspects. Phishing, drive by infections, insecure internet exposed services (e.g. FTP, RDP, SSH, web services etc.) We’ve seen phishing attacks using legitimate services such as Zoho CRM to hijack their mail domain to bypass mail filters, so again good education plus technical controls are the best defence against these attacks.
Xservus run a vulnerable lab which hosts honeypots, web services and is used to detect threats. The following graph showcases external threats detected. Read more “July Threat Update”