Much has already been said about the recently reported SolarWinds compromise. In this post, we are not attempting to further investigate the attack, but rather, to provide a SecDevOps perspective on a few of the underlying software and development processes that are reported to have been involved in the initial compromise at SolarWinds. These processes are not unique to SolarWinds, and in fact, are often considered best practices in software development.
A SecDevOps Perspective on SUNBURST
Dec 16, 2020 5:32:00 PM / by Brian Greunke posted in Operations, Continuous Integration, Exploit, DevOps
Analysis Of Exploitation: CVE-2020-10189
Mar 25, 2020 1:39:00 PM / by Luke Rusten posted in DFIR, Incident Response, Forensics, SecOps, InfoSec, Defense, Malware, Exploit, CVE-2020-10189, Intel Sharing, Zoho, Vulnerability, ManageEngine
The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.
Analysis of Exploitation: CVE-2019-3396
May 20, 2019 3:22:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Security, Malware, Exploit, Intel Sharing, Vulnerability
The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.
US-CERT TA18-106A for the Rest of Us!
Apr 25, 2018 4:20:00 PM / by Leo B posted in Exploit, Intel, US-Cert
EXECUTIVE SUMMARY
US-CERT posted a new Tactical Alert (TA18-106A) based on a combined intelligence effort between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). It provided an alert on network devices being exploited by Russian state-sponsored actors. Network device targets include but are not limited to government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. The TA outlines details on the tactics, techniques, and procedures (TTPs) used by Russian state actors. The purpose of the TA was to inform the public about the Russian government campaign.
Meltdown and Spectre
Jan 16, 2018 4:23:00 PM / by Ron Phillips posted in Exploit, Vulnerability, Spectre, Meltdown
SUMMARY
A collaboration between multiple security industry and academic researchers led to the discovery of two separate vulnerabilities. The two vulnerabilities have been named “Meltdown” and “Spectre” and take advantage of flaws in the design of computer processors.