Month: April 2024
Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks
- by nlqip
F5 threat researchers have discovered a new Apache Struts campaign. This new campaign is a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits. We have dubbed the campaign “Zealot” based on the name of the zip file containing the python scripts with the NSA-attributed exploits. As we continue to research…
Read MoreFor years I wondered why business groups would move forward with technology initiatives before fully understanding their risk exposure. Focused on the business outcome, teams always wanted to implement first and figure out the risks later. Problem is, risks are intrinsic to business outcomes. A solution is only as valuable as the information flowing through…
Read MoreAchieving Multi-Dimensional Security Through Information Modeling—Modeling Inversion Part 5
- by nlqip
It is against business priority enablers that we align the following causation models required to present our high-level protection strategy. Causal Model 1 — Threat Landscape We captured the business priorities in the business model’s value proposition. ECS’s desire is to “offer certified and compliant cloud computing services secured with the leading security standards.”…
Read MoreEighty-six percent of Internet hosts prefer forward secrecy; all modern browsers do, too. The Bleichenbacher attack only affects RSA sessions not protected with the ephemeral keys offered by forward secrecy. All modern browsers and mobile clients have preferred ephemeral keys for several years. Google has been preferring them with their servers and software since 2012.6…
Read MoreInternet of Things (IoT) devices gained infamy almost overnight for their lack of security. This led to their participation in a Thingbot (a botnet built out of IoT devices) named Mirai1 that launched massive distributed denial-of-service (DDoS) attacks against a handful of victims, including Dyn, OVH, KrebsOnSecurity, and Rutgers University2 in late 2016. As a result of…
Read MoreAnything we put online must swim in a sea of enemies. The F5 Labs report, Lessons Learned from a Decade of Data Breaches, revealed that an average breach leaked 35 million records. Nearly 90% of the US population’s social security numbers have been breached to cyber criminals. When confronted by staggering statistics like these, it is…
Read MoreFigure 2: Alternative C&C server address hosted on Pastebin.com One of the challenges that adversaries need to deal with is how to maintain a sustainable C&C infrastructure without being quickly denylisted by enterprise security solutions, or being frequently shut down by ISPs and hosting services following law enforcement and security vendors’ abuse reports. Many…
Read MoreA report on the Terraform creator and cloud infrastructure tools vendor exploring a sale first emerged in March. IBM is close to a deal to purchase Terraform creator and cloud infrastructure tools vendor HashiCorp, according to multiple media outlets. Armonk, N.Y.-based cloud and mainframe giant IBM could announce the deal Wednesday, according to Bloomberg. That…
Read MoreA large technology consultancy with thousands of employees spread across north America and Europe is now approaching 99% cloud deployment for their applications. The consultancy believes this is the right solution to provide flexible and secure application deployment for their widely dispersed user community. The migration from on-premises to cloud-delivery began a decade ago with…
Read MoreNow hear this: You will always have exposure. No company has the ability to mitigate all risks at all times. No company I’ve ever visited has even had all of its identified risks treated at any given point. Yet so many companies lead their security strategy with controls. They’ll make sizable investments in security appliances…
Read More