The decision to outsource or hire an in-house incident response team can be difficult. Here’s what you need to consider when developing your IR strategy. […]
Incident Response Teams: In-House vs Outsourced
Category: Blog
Once More unto the Breach – Lessons Learned From Billion Dollar Breaches
What can we learn from some of the most expensive data breaches in history? CRITICALSTART’s TEAMARES’ security expert, Allyn Lynd, recently dove into this topic as he looked back on some of the most infamous breaches during “Lessons Learned from Billion Dollar Breaches,” the second in our five-part series aimed at understanding what causes breaches […]
CRITICALSTART MDR Ranks 4.7/5 on Gartner Peer Insights
Recognizing the importance of peer reviews in an organization’s purchasing decisions, CRITICALSTART is pleased to announce that we’ve achieved high ratings by Gartner Peer Insights in the Managed Detection & Response Services category. How We Ranked With 100% willingness to recommend CRITICALSTART to others, our customers gave us high ranks for: Security event management […]
CRITICALSTART’s TEAMARES Launches DeimosC2
Flexible, Open-Source Tool to Manage Post-Exploitation Issues – Without the Extra Spend […]
Impact of Zero-Day Exploits on Breaches
Organizations are losing the endpoint security battle against new or unknown zero-day attacks. A recent Ponemon Study on endpoint security revealed that 68% of IT security experts say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019. Of those breaches, 80% were zero-day attacks – with the frequency of […]
How the COVID-19 Pandemic Affects Hackers
Rob Davis, CEO of CRITICALSTART, talks to Hal of Fox 11 New in Los Angeles about the ways that hackers are taking advantage of the “work from home” efforts. […]
F5 BIG-IP Remote Code Execution Exploit – CVE-2020-5902
When TEAMARES began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory released last month, we initially started by reading the advisory and mitigation steps, which contained minimal details but included key pieces of information needed to kick off our research. […]
Endpoint Detection & Response: What It Is & Why You Need It
Learn how endpoint detection and response (EDR) tools go a step beyond antivirus solutions to enable automated rules-based response and analysis. […]
Webinar: Lessons Learned from Billion Dollar Breaches
Globally, breaches cost organizations billions of dollars every year. In the U.S., losses for each breach average just under $10 million […]
Threat Hunting: Proactive Incident Response
Our expert cyber threat hunters assess network activity, identify suspicious behavior, isolate comprised endpoints, & provide a detailed report with our findings. […]
Uncovering Your Security Blind Spots: Keys to Protecting your Organization from the Unknown
Many organizations are shocked to learn their systems have been breached, with attackers having exposed vulnerabilities. However, you can defend your organization against these threats by taking some proactive measures. Minimizing your security risk begins with risk management – ensuring proper asset management, implementing policies and procedures around protecting assets, and effective risk mitigation. Yet […]
MSSP vs MDR: Comparing Incident Response Capabilities
Three acronyms swirl around today’s security discussions: Managed Detection and Response (MDR), Managed Security Service Provider (MSSP), and Security Incident and Event Management (SIEM). While all three of these concepts are often discussed in the same conversation, one (SIEM) is really a tool while the other two (MDR and MSSP) are services that can work […]
Outer Space Meets Cyberspace: What Space Travel Can Teach Us About Cybersecurity
February 20, 1962: An Atlas LV-3B launch vehicle lifts off from Launch Complex 14 at Cape Canaveral, Florida. It’s lifting astronaut John Glenn into orbit aboard the Mercury program spacecraft known as Friendship 7. At the time, this was a technological marvel and a wonder of engineering complexity. But it was this complexity that Glenn […]
SOC vs. CSIRT: What’s the Difference?
Years ago, organizations relied primarily on their IT department to manage security. As cybersecurity attacks increased in frequency and sophistication, companies launched Security Operations Centers (SOCs) to centralize security tools and personnel. Yet in recent years, as the number of security breaches escalated, organizations realized they needed dedicated response teams, which led to the introduction […]
Local Privilege Escalation Discovered in GlobalProtect App
Versions Tested: GlobalProtect App < 5.1.4 on Windows GlobalProtect App < 5.0.10 on Windows Product:https://www.paloaltonetworks.com/products/globalprotect Security Advisories:https://security.paloaltonetworks.com/CVE-2020-2032 CVE Numbers:CVE-2020-2032 CVSS Score:7.0 CWE:CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition NIST:N/A OWASP:N/A Summary: A race condition vulnerability in the Palo Alto Networks GlobalProtect app on Windows allowed a local limited Windows user to execute programs with SYSTEM […]
How Security Teams Eliminate Risk Acceptance with MDR
Recent data shows that 83 percent of IT security professionals are feeling more overworked in 2020 than in 2019, and 82 percent felt that their teams were understaffed. CRITICALSTART’s own research on the impact of security alert overload revealed more than 75% of survey respondents reported a SOC analyst turnover rate of more than 10% […]
Securing Your Cookies: HTTPOnly Flag for Cookie Theft Defense
Missing HttpOnly flags on cookies are a common finding in Web Application penetration testing. Many times, there is confusion surrounding whether it is necessary to enable this flag though. However, cookies can contain session tokens and other values that can be useful to a malicious actor and should be protected. If the cookies do not […]
Local Privilege Escalation Discovered in VMware Fusion
Versions Tested: VMware Fusion 11.5.3 Products: https://www.vmware.com/products/fusion.html https://docs.vmware.com/en/VMware-Remote-Console/index.html https://docs.vmware.com/en/VMware-Horizon-Client/index.html Security Advisories: https://www.vmware.com/security/advisories/VMSA-2020-0011.html CVE Number(s): CVE-2020-3957 CVSS Score: 7.3 CWE: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-424: Improper Protection of Alternate Path NIST: N/A OWASP: N/A Summary: VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use […]
Once More Unto the Breach: An Exploration into Breach Prevention and Response
Organizations continue to learn the hard way that cybersecurity breaches can happen for many reasons at companies of any size and maturity level. Hackers are relentless in testing the waters to reveal vulnerabilities, and sneak in through whatever means possible once they detect security blind spots. The list of where vulnerabilities reside can be daunting: […]
COVID-19 Contact Tracing Methods Compared: Examining Privacy & Security Implications
Discussions about contact tracing have been ongoing since February 2020, when some experts began looking ahead at how to move through the global COVID-10 pandemic. What Is Contact Tracing? Contact tracing essentially comprises identifying those who have been infected with COVID-19 and notifying as many people as possible who have been in close contact with […]
Why a Proactive IR Strategy Is Critical
Breaches are a fact of life for every business. However, it is possible to stop breaches and improve your security posture by taking a proactive approach to your incident response (IR) strategy. The Risk of a Cyber Security Breach Continues to Increase Consider: A joint study by Ponemon Institute and IBM Security revealed the percentage […]
Weaponizing Public Breach Data Dumps for Red Teamers
Public password dumps have been an excellent way for attackers to gain access to accounts. Whether through credential stuffing or utilizing the emails and passwords directly, these dumps are a treasure trove of information. One thing red teamers and malicious actors alike can always count on is that the average user will likely reuse one […]
EPP vs. EDR vs. MDR: Endpoint Security Solutions Compared
Proactive vs. Reactive Endpoint Security Really, there are two kinds of security practitioners in the world right now: Proactive: Those who don’t like to ever spill the milk (aka those that want to make sure nothing malicious ever runs on an endpoint); and Reactive: Those that know the milk will spill, so they’d better get […]
Ransomware and the CIA Triad: Considerations for Evolving Attack Methods
One thing is clear: no one is safe from ransomware attacks. What is changing, however, are attack modes as threat actors adjust their methods based on evolving mitigation methods being employed. For several years, ransomware has been viewed as a type of malware that locks or encrypts the system or data and demands a ransom […]
NFL Draft: 5 Things Teams Need to Do Now to Guard Against Hackers
Ready or not, it’s NFL draft week. After much debate over how to hold the NFL draft, teams are now on the clock as they prepare for a draft like none before. However, as the league and teams have worked to build out a virtual draft infrastructure that relies on technology like Zoom or Microsoft […]
CRITICALSTART’s TEAMARES a Top Contributor to Folding@Home in Global Fight Against COVID-19
In times like these, we all could use some good news and CRITICALSTART‘s TEAMARES is excited to share some: we just reached top contributor status in our participation in Folding@Home’s fight against COVID-19! As of this week, we are now in the top 0.3% of all team contributors. It would not be possible without the […]
The Sky Is Falling: Cybersecurity Needs for the Remote Workforce
Chicken little was always running around saying the same thing… until it really happened… and then no one believed him. The cybersecurity industry has a similar problem, pushing fear to the populace of consumers, but in this case to push product into those anxious hands. That’s bad business, not just in practice, but also in […]
Free MOBILESOC and Endpoint Protection for Remote Security Teams until June 15
Like many other organizations, we have deliberated on how CRITICALSTART can contribute to the safety and well-being of the broader community, not just our customers and employees. A tremendous number of people have suffered job losses during this crisis, so one of our first announcements was that the company would not be cutting any headcount and that we would allow every employee up […]
Hard-Coded Administrator Password Discovered in OpsRamp Gateway
Version Tested: 3.0.0 Product: https://www.opsramp.com/ CVE Numbers: CVE-2020-11543 CVSS Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE: CWE-798: Use of Hard-coded Credentials OWASP: https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password Summary: During a recent penetration test, CRITICALSTART‘s TEAMARES researchers discovered that OpsRamp Gateway has an administrative account named vadmin that allows root SSH access to the server. This account was unknown to clients […]
Vulnerabilities Discovered in CIPAce Enterprise Platform
Versions Tested: CIPAce Version < 6.80 Build 2016031401 CIPAce Version < 9.1 Build 2019092801 Product: https://www.cipplanner.com/Products/CIPAce/Pages/CPMPlatform.aspx Security Advisories: N/A CVE Numbers: CVE-2020-11586 CVE-2020-11587 CVE-2020-11588 CVE-2020-11589 CVE-2020-11590 CVE-2020-11591 CVE-2020-11592 CVE-2020-11593 CVE-2020-11594 CVE-2020-11595 CVE-2020-11596 CVE-2020-11597 CVE-2020-11598 CVE-2020-11599 CRITICALSTART‘s TEAMARES researchers have released a steady cadence of advice regarding the importance of testing your systems regularly for […]
From the Trenches: Relaying Passwords for the Win!
As pentesters and red teamers, we know that it isn’t hard to get user passwords. The real challenge can be getting an elevated user such as Domain Admin (DA) or Enterprise Admin (EA), especially if you want to try bypassing any type of security auditing, such as the addition of a user to a privileged […]
Telesploit: Open-Source Remote Vulnerability Assessment & Penetration Testing
Due to current events, your organization is more than likely experiencing disruption resulting from a rush to implement remote work policies, social distancing, and other unexpected changes to business as usual. And if you’re like many organizations, chances are you did not have remote work contingency plans in place and may be scrambling to find […]
Authentication Bypass Vulnerability Discovered in Infinias eIDC32 WebServer
Versions Tested: Web Revision: 1.107, Board: 3.001, Firmware: 2.213 Product: https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc Security Advisories: N/A CVE Numbers: CVE-2020-11542 CVSS Score: N/A CWE: CWE-305: Authentication Bypass by Primary Weakness NIST: IA-4: Identifier Management OWASP: A2: Broken Authentication With access to a system’s control interface, a malicious actor can unlock controls remotely, allowing them to gain physical […]
The Best Online Security Courses to Take in Your Downtime
With the daily routines of millions rapidly changing as we settle into a period of social distancing, many are looking for ways to pass the time once their reading lists have been plowed through and the Netflix binge is no longer do the trick. Why not take advantage of this downtime to learn a new […]
Phishing Attacks: Beware of Online Financial Scams
Challenging times bring out the best in people – but also the worst. As the world deals with COVID-19 and the economic fallout, you can be sure that scammers are looking for ways to capitalize on this crisis. Among their methods includes leveraging current events and news. “Every year we see tax refund season create […]
CRITICALSTART’s TEAMARES Research Is Aiding Global Fight Against COVID-19
What does a computer virus have in common with the Coronavirus (COVID-19)? Plenty, believe it or not, as technology can be used to help solve both. The TEAMARES research team has found that our hash cracker Cthulhu can be used to run computer simulations that mimic the same complex protein folding that occurs in viruses. […]
Regex Revelry
Regular Expressions (Regex) are used to identify strings that defy simple search terms, which infosec and technology professionals use for things like input validation, searching and scripting. Unfortunately, the syntax can be intimidating and the learning curve steep for beginners. Throw in a handful of different flavors and the confusion grows. While it can be […]
Vulnerabilities Discovered in Tiff Server from AquaForest
Versions Tested: Tiff Server 4.0 Product: https://www.aquaforest.com/en/tiffserver.asp Security Advisories: N/A CVE Numbers: CVE-2020-9323 CVE-2020-9324 CVE-2020-9325 CVSS Score: Unauthenticated File and Directory Enumeration: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:W/RC:C Unauthenticated Arbitrary File Download: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C Unauthenticated SMB Hash Capture via UNC: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C CWE: Unauthenticated File and Directory Enumeration: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) Unauthenticated Arbitrary […]
State Legislation May Drive Federal Security Compliance Regulations in 2020
State governments are taking the lead in developing cybersecurity regulations as cyberattacks and data breaches continue to skyrocket. There’s a huge need for privacy regulations in the U.S. as the federal government has been deficient in adopting regulations. To help drive home the need for cybersecurity policies, states are attempting to push forward some type […]
Vulnerability Focus: Exploits Impacting Organizations
No matter how much you think you’ve done to protect your data and systems, common vulnerabilities continue to wreak havoc on enterprises. Cyberattacks are already increasing due to global events, meaning it’s more important than ever to identify and secure vulnerabilities. The following are some vulnerability trends the TEAMARES team is seeing – and what […]
