A SecDevOps Perspective on SUNBURST

Dec 16, 2020 5:32:00 PM / by Brian Greunke posted in Operations, Continuous Integration, Exploit, DevOps

Much has already been said about the recently reported SolarWinds compromise. In this post, we are not attempting to further investigate the attack, but rather, to provide a SecDevOps perspective on a few of the underlying software and development processes that are reported to have been involved in the initial compromise at SolarWinds. These processes are not unique to SolarWinds, and in fact, are often considered best practices in software development.

Read More

Analysis Of Exploitation: CVE-2020-10189

Mar 25, 2020 1:39:00 PM / by Luke Rusten posted in DFIR, Incident Response, Forensics, SecOps, InfoSec, Defense, Malware, Exploit, CVE-2020-10189, Intel Sharing, Zoho, Vulnerability, ManageEngine

The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.

Read More

Analysis of Exploitation: CVE-2019-3396

May 20, 2019 3:22:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Security, Malware, Exploit, Intel Sharing, Vulnerability

The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.

Read More

US-CERT TA18-106A for the Rest of Us!

Apr 25, 2018 4:20:00 PM / by Leo B posted in Exploit, Intel, US-Cert

EXECUTIVE SUMMARY

US-CERT posted a new Tactical Alert (TA18-106A) based on a combined intelligence effort between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). It provided an alert on network devices being exploited by Russian state-sponsored actors. Network device targets include but are not limited to government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. The TA outlines details on the tactics, techniques, and procedures (TTPs) used by Russian state actors. The purpose of the TA was to inform the public about the Russian government campaign.

Read More

Meltdown and Spectre

Jan 16, 2018 4:23:00 PM / by Ron Phillips posted in Exploit, Vulnerability, Spectre, Meltdown

SUMMARY

A collaboration between multiple security industry and academic researchers led to the discovery of two separate vulnerabilities. The two vulnerabilities have been named “Meltdown” and “Spectre” and take advantage of flaws in the design of computer processors.

Read More
View RSS Feed