As a security consultancy, Cyberis undertakes penetration testing for organisations of all sizes, and in many verticals. This testing is often a function of regulatory or compliance requirements, and for some customers' operational teams is viewed as a necessary evil.
Bluetooth technology permeates the modern world. From smart phones to wireless speakers, fitness trackers to WiFi mesh hardware, Bluetooth has become the de facto standard for short-range wireless communications. The chances are that you have Bluetooth enabled devices near you as you read this, and, if you're regularly involved in conference calls, you've probably often used a Bluetooth enabled speaker or VoIP phone.
Quantum computers are on the horizon and the ramifications the technology is expected to produce across a multitude of industries is game changing. They can certainly be described as a disruptive technology when taken in the context of current cryptography and will force a radical change in how secure communication is implemented. A prime reason for this is due to the significant advances they promise to provide in the factoring of large numbers.
The basic security principle of keeping the attack surface as small as possible is still as important as ever, however you define your perimeter. Keeping an eye on the attack surface of the network perimeter, is not an obsolete activity, it is as important today as it was twenty years ago.
When undertaking penetration testing against Internet facing systems, we often see information exposure vulnerabilities. These expose information regarding the systems under test that can, in isolation, be considered low risk as they are not directly exploitable to obtain access to systems or sensitive data.
If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners.
I find myself writing this blog today as there are only a few references on the internet to user enumeration attacks via timing discrepancies, despite almost every site I've tested in my career being vulnerable to the weakness.
The issue is fairly obvious from the title; an application log-in response takes differing amount of times depending on whether or not the user is valid. But why?
This is a technical blog post on using trusted online services as a delivery and command and control (C2) channels in simulated attack scenarios. Written by Geoff Jones - Director and Simulated Attack Specialist at Cyberis.
Who Needs Rep?
Larger organisations often employ reputational filtering of web traffic to defend against delivery of malicious code and the exfiltration of data if a compromise were ever to occur. It's an effective control provided by many next-generation firewalls and web proxies, including newer cloud-based solutions such as Zscaler.
Today's announcement (https://www.krackattacks.com/) of the KRACK attacks against WPA2 represents a serious security concern for all wireless networks. The de facto wireless encryption standard, which has resisted hacking attempts for 14 years, has finally fallen. Both personal and enterprise versions of the protocol are vulnerable.
Another week, another ransomware outbreak. On Tuesday, we saw another variant of ransomware spreading, worm-style, across unsecured networks within large organisations. As with the WannaCry outbreak in May, large global corporations have been affected, and infections have spread from their initially-compromised hosts across internal networks. NotPetya hasn't received as much press as WannaCry did, but from a security perspective it does, at the moment, look far more interesting.