Data is the New Source Code

By: Callie Guenther   The role of data in today’s business world cannot be overstated. Competitive intelligence is inextricably linked to the speed at which valuable data can be consumed and analyzed to yield important business insights. The need for the increased efficiency gleaned by these learning systems has facilitated massive increase in spending on […]

Read More…

INFORMATION DISCLOSURE IN JFORUM 2.1.X – SYNTAX

By: Moez Janmohammad – Critical Start, Section 8 Username Enumeration in JForum 2.1.8 Version Tested 2.1.8 CVE Number CVE-2019-7550 Security Advisories None Background While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application. Issue When creating a new user […]

Read More…

The next step of social engineering: Social Media Hoaxes

By: Moez Janmohammad   From Jonathan Swift’s fake almanac in 1708 to the modern Dihydrogen monoxide joke, hoaxes have been around for as long as humans have enjoyed deceiving each other for fun. The ease of communication via technology have made hoaxes and scams even more prevalent, evolving from word-of-mouth and chain email to Instagram, […]

Read More…

One month later: The Marriott Data Breach – What You Should Do

Just over a month ago, Marriott International, one of the world’s largest hotel chains, announced that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018. Among the hotels under the Starwood brand are the W Hotels, St. Regis, Sheraton, Westin, and […]

Read More…

Naughty or Nice: Cybercriminals’ Latest Targeting Strategies During the Holiday Season

(Please note: You should always proceed with caution before clicking on a link that you are not familiar with. We sometimes link to third-party sources as a point of reference – some of those links could contain malicious content.) Economics of Christmas: The Joy of Shopping Retailers solicit most fervently on a handful of days […]

Read More…

Announcing Beta MDR Program for Windows

CRITICALSTART is the fastest growing MDR service in North America, and we are expanding our service offerings and integrations with new technologies that increase our capabilities for our customers. CRITICALSTART has partnered with Microsoft to build a strong integration between Windows Defender ATP and our ZTAP Security Orchestration Automation and Response MDR service. WDATP solution […]

Read More…

Phishing Attacks Today | DRIDEX and URSNIF are back

On the morning of December 12th, 2018, the CRITICALSTART CYBERSOC began seeing the resurgence of a prolific phishing campaign. This campaign included malware variants such as DRIDEX & URSNIF, both common Banking Trojans used in macro-based attacks. These files are observed hiding with macro enabled documents or downloaded after code executes, requesting the host reach […]

Read More…

A Commitment to Getting It Right: Palo Alto Networks’ Expedition Migration Tool

Versions Tested: 1.0.106   CVE Numbers: CVE-2018-10142   Security Advisories: PAN-SA-2018-0016 – https://securityadvisories.paloaltonetworks.com/Home/Detail/135   Background: During a recent penetration test for a client, I came across a tool called MigrationTool from Palo Alto Networks. The tool was littered with issues, like the unauthenticated disclosure of passwords, hashes, versions, and more that were uncovered. So, what’s […]

Read More…

PRTG Network Monitor Privilege Escalation

Versions Tested: 18.2.41.1652 CVE Numbers: CVE-2018-17887 Security Advisories: None Background: Recently I’ve seen a decent number of privilege escalations occurring on Windows due to permission issues and using symlinks. The work from Ryan Hanson from Atredis on the Cylance privilege escalation and Windows Standard Collector privilege escalation really inspired me to research more into this […]

Read More…

Defending Layer 8

Security awareness training is broken. Read the news any day of the week and you can find articles talking about breaches, ransomware attacks, and countless records stolen resulting in identity theft victims. Our users are continuing to click suspicious links, open attachments they weren’t expecting, and falling for the call to action. Attackers know that […]

Read More…

CVE-2018-6961 – Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud

Exploits for network devices including routers, switches, and firewalls have been around for as long as networking has been a thing. It seems like every week a researcher discloses a new vulnerability or publishes proof of concept (PoC) code online for these types of devices, and that is exactly what is happening in this article. […]

Read More…

“Fall of Sudo – A Pwnage Collection”

Introduction Finding Linux servers heavily reliant on Sudo rules for daily management tasks is a common occurrence. While not necessarily bad, Sudo rules can quickly become security’s worst nightmare. Before discussing the security implications, let’s first discuss what Sudo is. Defining Sudo What is Sudo? Sudo, which stands for “super user do!,” is a program […]

Read More…

Finding Enterprise Credentials in Data Breaches

In the age of the breach, it’s a safe assumption that almost every public account’s credentials have been exposed at some point. “Have I been pwned” (HIBP), https://haveibeenpwned.com/ is a database that contains usernames and other information about any compromise they come across.  While available for individuals to search against, certain protections have been put […]

Read More…

Putting the NEXT in Next Generation Firewall: Tales From the Field

You’ve purchased a next generation firewall. You understand the WHY, but HOW do you make the most of your investment? What’s NEXT? When it comes to Next-Generation firewall technology, determining the best implementation methodology can be a bit daunting. You may ask yourself: What features should I enable first? How do I enable these new […]

Read More…

Spectre and Meltdown: Why No One Should Implicitly Trust Hardware

Everyone should be wary of downloading, installing, or running unknown scripts or software (especially from questionable sources on the Internet or unexpected email attachments). The truth is, most of us have been conditioned to be a bit paranoid when running code on our machines, as we should be. This innate distrust of questionable or unknown […]

Read More…

KRACK Attacks!

What’s the big deal? Mathy Vanhoef of imec-DistriNet, KU Leuven has discovered a serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. Vanhoef has released a whitepaper, video example of an attack, created a thorough website explaining the vulnerability, and will be releasing proof of concept exploit code soon. Links at the end […]

Read More…

Bluetooth Blues

The proliferation of wireless devices in the world is astounding, and one of the most widely used are Bluetooth, at an estimated capable device count north of 8 billion. Earlier this week, researchers at Armis released information on their website about an attack vector dubbed “BlueBorne”. The list of vulnerable and exploitable devices spans Android […]

Read More…

Security Automation and Orchestration: An Analyst Perspective

Security Automation and Orchestration (SAO) Platforms are the newest players in the security landscape focusing on easing the burden of alert-fatigue. Working as a lead in a Managed Services Security Operations Center (SOC), solutions that claim to automate actions, lower time-to-response, and minimize required headcount peak my interest. SAOs operate by implementing logical decision trees […]

Read More…

The Devil’s in the Subtitles

Wide spread malware affecting media players On May 23rd, 2017, Checkpoint found a vulnerability in four popular media players that uses a new attack vector by creating malicious subtitle files to infect computers, smartphones and smart TVs. Once the files are downloaded, an attacker can potentially take complete control over the device. Over 200 million […]

Read More…

WannaCry Recap

Friday could not have come sooner for some last week. For the rest of us, we may have wished Friday never happened. What is now being considered the most “successful” and prolific ransomware campaign took off like a wildfire in a dry forest. We’ve all heard the name, WannaCry, hopefully it did not make anyone […]

Read More…

WannaCry IOCs and Technical Details

Technical Details It is currently unclear whether this payload is delivered via malicious attachment or through the WAN using the FuzzBunch EternalBlue SMB exploit. The malware behaves much like typical ransomware during execution on the victim’s machine. Below are the operations that are ran via cmd.exe: /c vssadmin delete shadows /all /quiet & wmic shadowcopy […]

Read More…

WannaCry? You might.

Urgent information regarding WanaCrypt/WannaCry/WCry Ransom-ware Outbreak Today, 12 May 2017, a massive ransomware outbreak has been reported across the globe. There are reports of computer systems completely locked up in Russia, Western Europe, East Asia and North America. British hospitals and a Spanish telecom company have been the largest confirmed victims thus far, along with […]

Read More…

Zero Trust and Microsegmentation

by Chris Yates | Senior Security Architect | [email protected] Adoption of Zero Trust and Micro-Segmentation as core design principles can help improve the security posture of your network and attached systems. However, it is important to understand how we got to our current state in order to understand how these principles can help us. Let’s do a quick […]

Read More…

Mitigating Against the Shadow Broker Exploit Dump

On Friday, April 14, a group called “Shadow Brokers” released multiple exploits and tools, purported to be from the NSA, entitled “Fifth Leak: Lost in Translation”. Over the holiday weekend, the Critical Start research team and the greater InfoSec community went through and analyzed many of the tools. Affected Systems The tools are primarily comprised […]

Read More…

Threat Intelligence?

by Randy Watkins | Director, Security Architecture | [email protected] With the uptick in Cyber Crime, security professionals are looking for methods to gain an edge.  Many security professionals are attempting to gain this edge using detection technologies like Intrusion Prevention Systems (IPS), or logging solutions like System Information and Events Monitors (SIEMs) and Endpoint Detection and […]

Read More…

On the Reliance of Client Side Security

I recently conducted a penetration test of a web application. Because of design decisions, I was able to bypass CAPTCHA to brute force user accounts and, ultimately, bypass file upload restrictions to upload malware onto the web server and into the internal network environment. The owner had taken a healthy view of security, had conducted […]

Read More…

Picking the Right Silver Bullet

With the current state of cyber security, the market has become inundated with “solutions”. When every manufacturer is selling hammers, then all problems look like a nail. Security personnel are expected to evaluate solutions, while still trying to find time for operational tasks. After the media fills executives’ minds with the latest security buzzwords, they […]

Read More…

What Are the Mistakes That Get Hackers Arrested?

At Critical Start we use a concept called the Defendable Network and map organizations to SecCon levels designed to give companies a chance against threat actors of varying skill levels.  We group threat actors skill levels into: Untrained Attacker (just gets lucky) Novice Attacker Intermediate (using automated tools mostly) Advanced Expert Phineas Fisher is a Blackhat hacker and […]

Read More…