Blog Archives | Critical Start
Learn real world attack and defense strategies with Adversarial Emulation and Active Defense training from TEAMARES
TEAMARES launches Breach Attack as a Service for quick testing whenever your environment changes.
Webinar Series | Once More unto the Breach | Lessons Learned from Billion Dollar Breaches

4 Holiday Shopping Tips That Retailers Can Provide to Customers

By Callie Guenther |  CYBERSOC Data Scientist, CRITICALSTARTNovember 20, 2020 Retailers have the opportunity to boost consumer trust by making security a top priority. The increase in regulation is a natural segue for retailers to tailor advanced privacy policies to protect consumer data and create the trusting and intimate relationships that the retail market wants and customers demand. See your cybersecurity as a value proposition that drives business growth, rather […]

Read More…

How Retailers Can Be Ready for Black Friday and Cyber Monday 

By Callie Guenther |  CYBERSOC Data Scientist, CRITICALSTARTNovember 20, 2020 Black Friday. You love it, you hate it, you love to hate it. Coronavirus has canceled many things in 2020, but Black Friday and Cyber Monday may be as big as ever. The number of online holiday shoppers this year is expected to skyrocket due to the Covid-19 pandemic and consequently, consumers and […]

Read More…

Multiple Vulnerabilities Discovered in Aviatrix

Versions Tested: Aviatrix Cloud Controller UserConnect-5.3.1516 Aviatrix VPN Client 2.8.2 Product: https://aviatrix.com/cloud-network-platform/ Security Advisories: https://docs.aviatrix.com/HowTos/security_bulletin_article.html   Summary: CRITICALSTART‘s TEAMARES  recently discovered multiple vulnerabilities in the Aviatrix Cloud Controller appliance v5.3.1516 and Aviatrix VPN client v2.8.2 for Linux, macOS, and Windows. TEAMARES would like to thank the Aviatrix security team for partnering with us to get […]

Read More…

The Democratization of Security: Simplification and Direction for Content Management

  Last week, we talked about how life could be made easier through the democratization of security permissions and access.  In particular, we discussed how Microsoft Azure Active Directory (AAD) simplifies user onboarding. There’s a second component to the Democratization of Security that can take this streamlining process even further. By taking a new approach […]

Read More…

CRITICALSTART & ePlus | National Cybersecurity Awareness Month Podcast

Full Transcript: LW: Welcome. Thanks for joining everyone, my name is Lee Waskevich, vice president of security and networking strategy here with ePlus. Today, I’m joined by Randy Watkins with CRITICALSTART. RW: Hey! Thanks for having me on. LW: Absolutely, absolutely. appreciate you joining us. LW: So, we’re going to run through a few different […]

Read More…

Exploiting Enterprise Passwords

  No matter how much you think you’ve done to safeguard your data and systems against breaches, common vulnerabilities continue to wreak havoc on enterprises. The top of the list of these vulnerabilities is weak passwords. According to a 2019 Verizon Data Breach Investigations Report (DBIR), 80% of hacking-related breaches involved compromised and weak credentials. Attackers are […]

Read More…

Cyber Threat Concerns Grow as Schools Lean on Virtual Learning

With many school districts using distance learning due to the COVID-19 pandemic, concerns about cyber threats are growing. Schools and students are now dependent on internet-connected devices to deliver virtual lessons, creating more opportunities for cyber attackers and hackers. “School districts are in a place where they are completely reliant on all of this online […]

Read More…

Critical Vulnerabilities Discovered in MoFi Routers

Versions Tested: MOFI4500-4GXeLTE V2 Firmware 3.6.1-std MOFI4500-4GXeLTE V2 Firmware 4.0.8-std MOFI4500-4GXeLTE V2 Firmware 4.2.5-std Product: http://mofinetwork.com/ CVE Numbers: CVE-2020-13856 CVE-2020-13857 CVE-2020-13858 CVE-2020-13859 CVE-2020-13860 CVE-2020-15832 CVE-2020-15833 CVE-2020-15834 CVE-2020-15835 CVE-2020-15836   Summary: Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE.  The initial vulnerabilities were […]

Read More…

Once More unto the Breach – Lessons Learned From Billion Dollar Breaches

What can we learn from some of the most expensive data breaches in history?  CRITICALSTART’s TEAMARES’ security expert, Allyn Lynd, recently dove into this topic as he looked back on some of the most infamous breaches during “Lessons Learned from Billion Dollar Breaches,” the second in our five-part series aimed at understanding what causes breaches […]

Read More…

CRITICALSTART MDR Ranks 4.7/5 on Gartner Peer Insights

Recognizing the importance of peer reviews in an organization’s purchasing decisions, CRITICALSTART is pleased to announce that we’ve achieved high ratings by Gartner Peer Insights in the Managed Detection & Response Services category.   How We Ranked With 100% willingness to recommend CRITICALSTART to others, our customers gave us high ranks for: Security event management […]

Read More…

Uncovering Your Security Blind Spots: Keys to Protecting your Organization from the Unknown

Many organizations are shocked to learn their systems have been breached, with attackers having exposed vulnerabilities. However, you can defend your organization against these threats by taking some proactive measures. Minimizing your security risk begins with risk management – ensuring proper asset management, implementing policies and procedures around protecting assets, and effective risk mitigation. Yet […]

Read More…

MSSP vs MDR: Comparing Incident Response Capabilities

Three acronyms swirl around today’s security discussions: Managed Detection and Response (MDR), Managed Security Service Provider (MSSP), and Security Incident and Event Management (SIEM). While all three of these concepts are often discussed in the same conversation, one (SIEM) is really a tool while the other two (MDR and MSSP) are services that can work […]

Read More…

Outer Space Meets Cyberspace: What Space Travel Can Teach Us About Cybersecurity

February 20, 1962: An Atlas LV-3B launch vehicle lifts off from Launch Complex 14 at Cape Canaveral, Florida. It’s lifting astronaut John Glenn into orbit aboard the Mercury program spacecraft known as Friendship 7. At the time, this was a technological marvel and a wonder of engineering complexity. But it was this complexity that Glenn […]

Read More…

SOC vs. CSIRT: What’s the Difference?

Years ago, organizations relied primarily on their IT department to manage security. As cybersecurity attacks increased in frequency and sophistication, companies launched Security Operations Centers (SOCs) to centralize security tools and personnel. Yet in recent years, as the number of security breaches escalated, organizations realized they needed dedicated response teams, which led to the introduction […]

Read More…

Local Privilege Escalation Discovered in GlobalProtect App

Versions Tested: GlobalProtect App < 5.1.4 on Windows GlobalProtect App < 5.0.10 on Windows Product:https://www.paloaltonetworks.com/products/globalprotect Security Advisories:https://security.paloaltonetworks.com/CVE-2020-2032 CVE Numbers:CVE-2020-2032 CVSS Score:7.0 CWE:CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition NIST:N/A OWASP:N/A   Summary: A race condition vulnerability in the Palo Alto Networks GlobalProtect app on Windows allowed a local limited Windows user to execute programs with SYSTEM […]

Read More…

Securing Your Cookies: HTTPOnly Flag for Cookie Theft Defense

Missing HttpOnly flags on cookies are a common finding in Web Application penetration testing. Many times, there is confusion surrounding whether it is necessary to enable this flag though. However, cookies can contain session tokens and other values that can be useful to a malicious actor and should be protected. If the cookies do not […]

Read More…

Local Privilege Escalation Discovered in VMware Fusion

  Versions Tested: VMware Fusion 11.5.3 Products: https://www.vmware.com/products/fusion.html https://docs.vmware.com/en/VMware-Remote-Console/index.html https://docs.vmware.com/en/VMware-Horizon-Client/index.html Security Advisories: https://www.vmware.com/security/advisories/VMSA-2020-0011.html CVE Number(s): CVE-2020-3957 CVSS Score: 7.3 CWE: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-424: Improper Protection of Alternate Path NIST: N/A OWASP: N/A   Summary: VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use […]

Read More…

Once More Unto the Breach: An Exploration into Breach Prevention and Response

Organizations continue to learn the hard way that cybersecurity breaches can happen for many reasons at companies of any size and maturity level. Hackers are relentless in testing the waters to reveal vulnerabilities, and sneak in through whatever means possible once they detect security blind spots. The list of where vulnerabilities reside can be daunting: […]

Read More…

COVID-19 Contact Tracing Methods Compared: Examining Privacy & Security Implications

Discussions about contact tracing have been ongoing since February 2020, when some experts began looking ahead at how to move through the global COVID-10 pandemic. What Is Contact Tracing? Contact tracing essentially comprises identifying those who have been infected with COVID-19 and notifying as many people as possible who have been in close contact with […]

Read More…