Update 1: OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post … [Read more...]
Supply Chain Attacks Through an IDE
David Dworken, a Google security researcher, presented a recent Defcon talk about how he found over 30 vulnerabilities in various Integrated Development Environments (IDEs) over the course of a few months of research. Many believe that source code on its own is benign as long as you don’t compile and run it, but as Dworken proved, simply loading code into an IDE can cause … [Read more...]
ProxyShell, Exchange Servers Under Attack Again
With the 2021 editions of the BlackHat and DEF CON security conferences all wrapped up, one of the presentation that made the biggest waves was the latest research from Orange Tsai of Devcore Security Consulting. Tsai was the researcher responsible for identifying and disclosing CVE-2021-26855, better known as ProxyLogon, to Microsoft back in January 2021, well before threat … [Read more...]
Defcon Talk Timeless-Timing-Attacks
A recent Defcon talk by Tom Van Goethem and Mathy Vanhoef, "Timeless Timing Attacks" made significant progress on ways to create timing attacks over a network. Timing attacks work by extracting data form devices based on how long it takes to respond. To successfully run a timing attack, the attacker usually must be directly connected to the computer since the smallest … [Read more...]
What to Make of the Biden Administration’s New ICS Cybersecurity Initiative
Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this … [Read more...]
