Good day folks! I’m prepping for my holiday shutdown here at Cisco, but before I do, I have a threat update including some interesting developments on vulnerability hoarding that would make the Grinch cringe. But first:
Continue readingTag: CTI (Page 7 of 11)
Good morning folks! I have some updates on the threat side of things that we all should be aware of:
In our first update, Russian SVR-backed pests known as APT29, CozyBear, NOBELIUM or the MS name of “Midnight Blizzard” are following the lead of North Korean adversaries. They’re exploiting a really bad JetBrains TeamCity vuln (CVE-2023-42793/9.8 CVSS) to manipulate source code, sign certs, and push updates. TeamCity is a CI/CD tool that helps run DevOps, sort of like Travis CI, Jenkins, CircleCI, and more. So it has the potential to be like SolarWinds issues a couple of years ago. Now appears they have patiently used it to get into more of the supply chain and gain as-of-yet dormant footholds. They are even using Dropbox to help mask their C2 – Yikes!
Continue readingWho hasn’t hear this one: “the attacker only need to be right once, and they are a success”. Indeed, the corollary is said just as often: “you only need to be wrong once and you’re screwed!” All of that makes you feel a little helpless, right? Helpless folks give up – and good luck getting them to deal with the myriad of issues that are inherent to securing their environments! We’re going to see how we can turn the tables here, and the first step is to see how visibility makes you a most frustrating victim for adversaries!
Continue readingGood morning folks! I have a lot of updates on the threat side of things, some talk of elections & AI, and more that we all should be aware of:
Cisco’s Talos just released an awesome 2023 Year In Review that helps break down the trends and strains that kept them up late at night changed the threat landscape. Of note?
Continue readingIf you take a look at the long list of breaches that make front-page news, you may think that a single framework can do a decent job of explaining the mechanisms. But that is not the case – some of the largest most famous breaches or vulnerabilities were web application related like the Equifax breach, Yahoo, First American, Facebook, and more. We can thank these breaches for endless credit monitoring – thanks folks! When we talked about MITRE ATT&CK, we discussed a very popular methodology that focused greatly on network and endpoint attacks. Web and application attack patters are missing, though, so how do we discuss a web or application threat? CAPEC helps us understand those web attack patterns and defend against them!
Continue reading