The Recorded Future web-conference today was a great insight into the deep Cyber-Intelligence technology the company has developed and what it offers organizations. On display were both a definitive set of broad trend data combined with deep and granular information on every aspect of the MITRE ATT&CK framework and beyond. Recorded Future’s LinkedIn profile reports the company as having had Series E funding of $25 million dollars, however Crunchbase reports an even higher total investment of over $50 million dollars. A press report on PRNewswire in October 2021 outlines Recorded Future’s recent investment in CVE intelligence company Cyber Threat Cognitive Intelligence (CTCI) and describes the Intelligence Fund; Recorded Future’s investment platform. For anyone as passionate about Cyber-Security, predictive forecasting, and Intelligence as I am, there is a ton to be excited about with Recorded Future’s platform and capabilities. Here’s what I learned from the conference today. Recorded Future aggregates data…
IT Security
Linux Dominates Performance-based Computing Market Share Linux may be less susceptible to cyber-attacks because Windows presents such an attactive target by holding the majority of the desktop marketshare. However, Linux servers dominate the global market in some powerful ways. According to industry reports, Linux OSs comprise 100% of all supercomputers, and over 95% of the top 1 million web servers are running Linux. Linux runs on 90% of all cloud infrastructure and dominates the mobile phone market with > 80% of market share. Embedded operating systems, and RTOS for IoT devices? Again, Linux is by far the most popular OS of choice. If you want more interesting facts about Linux’s market presence, you can Read Nick Galov’s revealing 2021 comprehensive summary of Linux market penetration. Knowing how to conduct a Security Audit of a Linux system and services is very important indeed. This most often includes whitelisting required applications and…
What is GVM and OpenVAS? WikiPedia does a really nice introduction to GVM so let jump start our understanding with that: OpenVAS is the scanner component of Greenbone Vulnerability Manager, a software framework of several services and tools offering vulnerability scanning and vulnerability management. All Greenbone Vulnerability Manager products are free software, and most components are licensed under the GNU General Public License. To understand the relationship between OpenVAS and GVM we should refer to the OpenVAS website, which does a good job explaining the relationship between OpenVAS and GVM: In 2019 the branding separation was completed. OpenVAS now represents the actual vulnerability scanner as it did originally and the “S” in “OpenVAS” now stands for “Scanner” rather than “System”. These changes are accompanied by an updated OpenVAS logo. The framework where OpenVAS is embedded is the Greenbone Vulnerability Management (GVM).OpenVAS released with GVM-10 receives numerous performance optimization to address…
Trojan Source: Raw-Bin Hood Pick Pocketing Source Code with Unicode Bidirectional Control Characters
A new type of vulnerability has been disclosed by researchers at Cambridge University in the UK where Unicode Bidirectional Control Characters are used to change the way text appears in the IDE or text editor compared to how the compiler will interpret and compile the source code into an executable. Proof of concept code has been released for virtually every language including C, C#, C++, Go, Java, Ruby, Python, JavaScript, Rust, and more. Here is a link to the original paper, a GitHub repository released by the authors that includes proof-of-concept code samples for virtually every popular language and the issued CVEs CVE-2021-42574 and CVE-2021-42694, both having severity score of 9.8 “Critical”. Unicode Bidirectional Control Characters are needed in Unicode because Unicode is meant as a super encoding standard which allows all languages (and even emojis) to be contained in a single encoding standard as opposed to say, ASCII which…
These study notes are provided for students of CompTIA Pentest+ exam. If you notice any problems with the notes, please let me know via email (joseph@ripplesoftware.ca). General Pentesting Engagement Scoping Information Gathering Vulnerability Scanning Exploitation Process Pentest Tools Exploit Specifics Post Exploit Communication Processes
3 Major Reasons Why Your Small Business Needs a Website More credibility and professionalism – Websites provide a sense of credibility and further establishes your brand as a professional service. Without a website most people will not acknowledge your products or services simply because it cannot be found online. Having a website gives you the opportunity to build a long-lasting online relationship with your clients. Giving them the reassurance they need to trust your brand. Increase in customer reach – Online shopping has blown up over the years- everything from computers and cars to food and services can all be found online nowadays. This means, the number in online shoppers have increased and since the internet doesn’t have a closing time, sales are growing even after hours! Because you are able to access a website almost anywhere at anytime, the reach has become much wider, allowing your business to globally…
This short introduction to cyber-security covers fundamental concepts. These concepts are the basis for all other cyber-security topics. If you are studying for CompTIA Security+ SY0-501 Exam this a good first video to watch.
General Details SolarWinds is a publicly traded company worth $5.4B dollars that developing IT infrastructure management software products for small and medium-sized enterprises. Two separate pieces of malware known as SUPERNOVA and SUNBURST worked against vulnerabilities in SolarWind’s product Orion. The malware known as SUNBURST potentially allows an attacker to compromise the server on which the Orion products run. The manner in which SUNBURST malware was used against its victims resulted in it being labelled a “supply chain attack,” a technique in which an adversary uses malware to disrupt a companies ability to produce or deliver it’s products to customers. Although the term “supply chain attack” a broad term without a universally agreed upon definition, theoretically, the intended target of a supply chain attack is not necessarily the company whose network was breached and disrupted. For example, if an attacker wanted to disrupt operations of a large retail target such…
In a previous article the impact of cyber-breach on stock prices and the value of cyber-insurance to corporations was reviewed. Ransomware and IT breaches are increasing, and the expectation is that more companies will turn to cyber-insurance, and also increase their IT security controls. Here is a list of cyber-security listed ETFs and a list of all the companies included in those ETFs with duplicates removed, along with a company description. CIBR – First Trust Nasdaq Cybersecurity ETF Includes 40 individual stocks comprising $3.58 billion in assets Includes other industries, such as aerospace and defense (FactSet) Concentrated with 10 largest making up 47% of market cap Two stars rating by Morningstar HACK – ETFMG Prime Cyber Security ETF Includes 59 individual stocks comprising $2.04 billion in assets Modified equal-weight scheme (not concentrated) with 10 largest making up 28.5% of the market cap HACK has “a unique, cybersecurity-focused take on the…
Tale of the Tape Hackers have kicked some big time ass against major American companies in the past 10 years. JP Morgan Chase, Capital One, Equifax, Uber, LinkedIn, eBay are just a few of the large corporate victims. Just in 2021 many corporate IT hacks have made the headlines with the Colonial Pipeline hack being the most recent. Well, that was, until JBS a major American meat processing plant revealed it had also been breached just days ago. Colonial Pipeline CEO confirmed the company paid $4.4 million ransom. CNA Financial, one of the largest insurance companies in the US, reportedly paid hackers $40 million after a ransomware attack. Information on whether Acer ended up paying the ransom for their breach in March 2021 seems hard to come by but, the initial ransom demand was $50 million and included a threat to increase the demand to $100 million. If Acer did…
