Common Vulnerabilities and Exposures – October 2022

Critical Zoho ManageEngine RCE Vulnerability On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated […]

Hacks – October 2022

September saw a significant number of cyber breaches with Uber, Rockstar Games and Optus all impacted within a week. The attack methods observed in these breaches were MFA fatigue attacks and a vulnerable public API in the case of the Optus breach. MFA fatigue attacks are becoming a more frequently used MFA bypass technique, where […]

March 2022 Okta LAPSUS$ security incident

At 2:09pm on the 22nd of March 2022 (AEDT), the advanced persistent threat actor (APT) group “LAPSUS$” released screenshots and claims, on the encrypted messaging app Telegram [1] they had achieved superuser access to the Okta Cloud platform, as well as access to other internal systems including the Okta Atlassian suite and Okta Slack channels. […]

Log4j Vulnerability

Log4j continues to disrupt global festive season change freezes. On Friday (10 December 2021), NIST announced a remote code execution vulnerability (CVE-2021-44228) https://nvd.nist.gov/vuln/detail/CVE-2021-44228 in the Apache log4j project. Log4j is one of the pervasive, open-source building blocks that applications across your infrastructure use for logging. The vulnerability is of critical severity as it can be […]

Hacks – Importance of configuration management

Hackers are smart and know a lot of simple tricks to get around the cybersecurity defences that companies spend a huge amount of dollars and time to implement. Once inside a network one of the main aims is to steal data and exfiltrate it to an external destination; this is considered one of the most […]

News U.S Colonial Fuel Pipeline Ransomware Attack

Attackers tend to target major organisations like banks, software companies, vendors & financial firms. On May 7th Colonial Pipeline got attacked. A ransomware attack had been executed, completely shutting down their supply of fuel & gas. The company suffered major losses. This is one of the purposes of attacks like these, to de-stabilize an organisation […]

Ransomware A Real World Incident

Late last year Brace168 was engaged to respond to a ransomware attack to conducted incident response services. The ransomware in question was a previously unknown variant of ‘zusy’ malware delivered through a trojanised open-source software, Notepad++. On the day of the attack, Brace168 initiated a War Room to immediately respond to the situation and work […]

Here are some of our musings about the Cyber Security industry.

The real question is the cost of not having a cyber security plan. We all hate paying our insurance policies. Trust me, it’s one of my pet hates each year when they come around, but let me tell you a story. In 2011, I had an accident … a big one. I broke my neck. […]