Blog Archives | Page 2 of 3 | Critical Start

Prepare your business with On-Demand Breach Response

Learn More

Webinar Series | Once More unto the Breach | Lessons Learned from Billion Dollar Breaches

Learn More

SOAR And MDR: Finding The Best Fit To Augment Security

Posted on January 28, 2020 (March 16, 2020) by Randy Watkins

The well-documented shortage of experienced cybersecurity practitioners is hindering organizations’ ability to achieve an acceptable risk level. To control expenses and employee turnover due to the shortage, many organizations look to augment security teams with security orchestration automation and response (SOAR) platforms and managed detection and response (MDR) services. (Full disclosure: My company offers the latter.) While differences […]

4 Key Steps to Protect Your Organization Against Increased Cyber Threats

Posted on January 9, 2020 (March 17, 2020) by Jordan Mauriello

In today’s cyber threat landscape, it’s not just the military-industrial and defense industries that have a legitimate reason to be concerned about cyber terrorism and state-sponsored cyberattacks. Attacks from state-sponsored sources have significantly increased over the past few years. If you examine the report from the Center for Strategic & International Studies Significant Incidents Summary, […]

Protecting Your Organization Against Ransomware Attacks

Posted on January 7, 2020 (June 9, 2020) by Callie Guenther

Attacks are increasing – a proactive approach to data protection can help you safeguard your systems – here’s how. Ransomware attacks are a growing problem that is only expected to get worse. Last year, the public sector saw more than 40 reported ransomware attacks on state and local municipalities. In late 2019, attacks on 22 […]

Top 6 Cybersecurity Predictions for 2020

Posted on January 2, 2020 (May 13, 2020) by Jordan Mauriello

The pace of breaches and cybersecurity threats continues unabated. In 2019 alone, we saw two of the top five largest breaches in history with First American Financial Corp and Facebook not to mention the Capital One breach that impacted more than 100 million Americans. As enterprise infrastructures become cloud-based, security teams are struggling to keep […]

That’s a Wrap: 2019 Cybersecurity Predictions Recap

Posted on December 30, 2019 (March 17, 2020) by Jordan Mauriello

As we close the books on 2019, we thought we’d take a look back at the predictions we made nearly a year ago. Did the market play out as we expected, or did things change? Here is a quick review of each prediction with some final thoughts: Prediction #1: GDPR Non-Compliance – In 2019, several […]

Tips for Securing PowerShell

Posted on December 16, 2019 (June 9, 2020) by CRITICALSTART Staff

In 2020, system administrators will be using PowerShell. There is no tool more powerful in Windows than the little blue shell with its forgiving syntax, unprecedented access to the operating system, and the flexibility to do anything an admin could want in a few simple, scriptable lines. Yet this powerful tool is the bane of […]

The First Channel-Only MDR

Posted on December 13, 2019 (March 17, 2020) by Randy Watkins

When CRITICALSTART first opened for business in 2012, we pursued a service-led product resell business to ensure we were adding value rather than simply pushing product. Serving as a trusted advisor to our customers, we encountered various approaches to the channel, whether direct, channel-friendly, or channel-only. Our experience in assessing the best approaches for our […]

Retailers: Don’t Let Black Friday Cyberattacks Darken Holiday Shopping

Posted on November 19, 2019 (June 9, 2020) by Callie Guenther

Valentine’s Day, Mother’s Day, Independence Day, Back-to-School, and Halloween are days in which retailers reap huge profits. Yet nothing compares to the most wonderful time of the year: Thanksgiving Day to Cyber Monday. In a recent survey by the National Retail Federation (NRF), consumers say they will spend an average of $1,047.83 this holiday season, […]

Reducing Vulnerabilities: Addressing Orphaned Systems and Weak Passwords

Posted on November 11, 2019 (March 18, 2020) by Quentin Rhoads-Herrera

Luckily, it was only a test. During penetration testing for two international companies, our team found numerous vulnerabilities. In both cases we had total control over all systems within the clients’ network and could easily shut them down, siphon data from critical customer-facing systems, take over PCI assets, and more. If we were the bad […]

Cybersecurity 101: What to Look for in a Partner

Posted on October 18, 2019 (March 18, 2020) by Jessica Myers

The key to effective cybersecurity is to quickly stop an attack before it becomes a breach. Leveraging the right tools and working with the right partner is critical in stopping breaches and securing your digital profile. However, to understand what to look for, it’s important to have complete visibility into your environment. Today, most organizations […]

Testing a Flutter Application

Posted on September 18, 2019 (March 18, 2020) by Jessica Myers

As your app gets bigger, a good set of tests may help you save time, as tests can find new bugs that could appear with normal modifications. Even performing Test-Driven Development (TDD) is a good idea, as it can help you define a structure of your project and write less but more efficient code. In […]

Research Report: The Impact of Security Alert Overload

Posted on August 29, 2019 (July 10, 2020) by Jessica Myers

CRITICALSTART conducted a survey of more than 50 Security Operations Center (SOC) professionals across enterprises, Managed Security Services Providers (MSSP) and Managed Detection & Response (MDR) providers to evaluate the state of incident response within SOCs. The survey was fielded Q2 2019. The report and analysis are based on the responses received from this sample […]

SECURITY TOOLS

Posted on August 26, 2019 (May 13, 2020) by Jason Bessonette

THREAT ANALYTICS Search CHROME Extension Current Version 4.0.4 – Updated on 8/26/2019 to include the capability to base64 encode the selection prior to its use. This expands the types of websites and services this extension can be used for. Version 4.0 – Updated on 5/7/2015 to add support for the 3rd group and the […]

Cracking NTLMv2 Hashes with Cthulhu

Posted on August 20, 2019 (June 2, 2020) by Quentin Rhoads-Herrera

Why Password Managers and MFA are Important in your Security Stack The subject of password strength and complexity requirements has been discussed and debated ad nauseam in the security industry. It is a subject as old as information security itself and will not be going away any time soon. We, as penetration testers, absolutely love […]

Cybercriminals Going after K-12? Yep, It’s a Thing.

Posted on August 2, 2019 (March 18, 2020) by Jessica Myers

Louisiana Governor John Bel Edwards has issued a state of emergency due to a malware attack against several local schools in the Sabine, Morehouse, and Ouachita Parishes, in northern Louisiana. This is the first activation of Louisiana’s emergency support function relating to cybersecurity in the state’s history, giving the state access to some much-needed assistance […]

Mid-Year Check-In: 2019 Cybersecurity Predictions

Posted on July 31, 2019 (March 18, 2020) by Randy Watkins

Back in early January, I teamed up with my colleague, Jordan Mauriello, to write five cybersecurity predictions for 2019. Now that the year is half over, I thought that it would be good to take a look back at the predictions and check-in to see how they are holding up. Did the market play out […]

Tackling the Cybersecurity Talent Shortage, One Alert at a Time

Posted on July 25, 2019 (March 23, 2020) by CRITICALSTART Staff

Reducing alert overload by integrating zero-trust technology as part of your security posture can help solve the headcount problem. Without question, there’s an acute shortage of cybersecurity talent. Depending on whose numbers you believe, there’s something along the lines of 1 million open cybersecurity jobs in the world today. Gartner analyst Earl Perkins summarizes the problem […]

The Industry’s First – and Only – MOBILESOC App Just Got Better

Posted on July 24, 2019 (May 13, 2020) by Jessica Myers

Instant triage and response to security alerts? We’ve got an app for that. We’re changing the way Security Operations Center (SOC) teams interact. Always looking to improve our best-in-class Managed Detection and Response (MDR) services, we recently redesigned our MOBILESOC app with a new, easy-to-use interface. The app contains a host of new features including […]

ManageEngine Privilege Escalation

Posted on July 16, 2019 (March 18, 2020) by Quentin Rhoads-Herrera

Background: After running into ManageEngine products on a number of penetration tests, we decided to take a closer look at their products and see if there were any vulnerabilities that we could take advantage of. CVE Numbers: CVE-2019-12876 Versions Tested: DesktopCentral – 10.0.380 ADSelfService Plus – 5.7 ADManager Plus – 6.6.5 DLL Hijacking: Multiple ManageEngine […]

The Threat of Systematic Cybersecurity Risk in Financial Services

Posted on June 4, 2019 (May 13, 2020) by Jessica Myers

It’s obvious that criminals follow the money, making financial services firms a top target for cyberattacks. Financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries. This equates to attacks of roughly 1 billion times per year, which is nearly the equivalent of 2,000 attacks per minute or […]

Drowning in Alerts? CRITICALSTART, Microsoft Defender ATP Collaboration Will Reduce Alerts by 99%

Posted on May 30, 2019 (March 20, 2020) by Jessica Myers

The rapidly changing threat landscape poses numerous challenges for all enterprise organizations. Among those challenges is security infrastructures generating thousands of false-positive alerts, which can obscure legitimate threats. In response, CRITICALSTART recently announced a collaboration with Microsoft Defender ATP – a partnership that will help customers reduce alerts by 99 percent. The collaboration gives CRITICALSTART […]

Law Firms Beware: Data Breaches on the Rise

Posted on May 29, 2019 (March 18, 2020) by Jessica Myers

If your law firm hasn’t been breached, chances are very high it will. Cybersecurity in the legal sector is a growing concern, with cyberattacks occurring daily. Law firms are particularly susceptible to data breaches due to the nature of the information that resides on their servers and databases. Yet many may not be truly aware […]

The Last Watchdog Talks to CRITICALSTART About Radical Transparency

Posted on April 29, 2019 (March 20, 2020) by Cecily Russell

At CRITICALSTART, we’ve made the concept of “radical transparency” a cornerstone of our Managed Detection & Response (MDR) offering. Simply put, radical transparency means our customers see everything our analysts are doing 24x7x365. And we mean everything. Customers work from the exact same interface and access all consoles, audit logs, analytic rules, playbooks, and Service […]

The Boy Who Cried “Alert”

Posted on April 12, 2019 (March 18, 2020) by Cecily Russell

Later, he saw a REAL wolf prowling about his flock. Alarmed, he leaped to his feet and sang out as loudly as he could, “Wolf! Wolf!” But the villagers thought he was trying to fool them again, and so they didn’t come. Amazing how little changes over 2000 years. Aesop captured the danger of false […]

The Rx for a Healthy Cybersecurity Strategy: A Look at CRITICALSTART Customer, Ardent Health Services

Posted on April 12, 2019 (March 20, 2020) by Cecily Russell

Of course, cybersecurity is a priority for businesses across all industries, but in healthcare, the urgency is on an entirely different plane. From doctors’ offices to outpatient clinics to hospitals, protecting the network – and specifically, patient data – is absolutely critical, and those charged with ensuring that protection must feel confident in the resources, […]

ManageEngine User Enumeration

Posted on March 26, 2019 (March 18, 2020) by Chase Dardaman

Background: While conducting a penetration test of a client’s external network, I discovered a way to enumerate users’ in ManageEngine’s ADSelfService Plus application. This allows an attacker to determine the system Admin username. Product: ManageEngine ADSelfService Plus Software Version: 5.7, build 5704 Issue: The login page is vulnerable to account enumeration. The admin login page […]

VMware Horizon Connection Server Information Disclosure

Posted on March 20, 2019 (March 18, 2020) by Cory Mathews

Background: While conducting a penetration test of a client’s external network, I discovered three separate instances of information disclosure in VMware’s Horizon Access Web Portal. An unauthenticated user could access information such as internal domain names, the Connection Server’s internal hostname, or the gateway’s internal IP address. Version Tested 4.7.0 CVE Number CVE-2019-5513 Security Advisoriess […]

The Pastebin Treasure Hunter

Posted on March 15, 2019 (March 18, 2020) by Cecily Russell

Introduction Malicious actors have multiple ways to share data they have stolen from websites or services. Some might post to popular forums to gain notoriety while others might post anonymously to paste sites like PasteBin. Combing through all the pastes being posted is beyond the ability of humans, so I’ve created a tool that helps […]

#BalanceForBetter: International Women’s Day 2019

Posted on March 8, 2019 (March 18, 2020) by Cecily Russell

This year’s International Women’s Day 2019 theme is #BalanceforBetter, a direct call-to-action to drive gender parity across the world. This year’s campaign hinges on the motto “the race is on” for a gender-balanced boardroom and gender balance amongst employees and challenges everyone to “lace up your running shoes”. Cybersecurity is at the heart of protecting […]

Data is the New Source Code

Posted on February 19, 2019 (March 18, 2020) by Cecily Russell

The role of data in today’s business world cannot be overstated. Competitive intelligence is inextricably linked to the speed at which valuable data can be consumed and analyzed to yield important business insights. The need for the increased efficiency gleaned by these learning systems has facilitated a massive increase in spending on artificial intelligence (AI) […]

Information Disclosure in JForum 2.1.X – Syntax

Posted on February 8, 2019 (March 18, 2020) by Jason Bessonette

Background While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application. Version Tested: 2.1.8 CVE Number: CVE-2019-7550 Security Advisories: None Issue When creating a new user within the application, the browser sends a GET request to the […]

The Next Step of Social Engineering: Social Media Hoaxes

Posted on January 29, 2019 (May 13, 2020) by Cecily Russell

From Jonathan Swift’s fake almanac in 1708 to the modern Dihydrogen monoxide joke, hoaxes have been around for as long as humans have enjoyed deceiving each other for fun. The ease of communication via technology has made hoaxes and scams even more prevalent, evolving from word-of-mouth and chain email to Instagram, WhatsApp, and Facebook. Users […]

Abusing mshta.exe to Gain PowerShell Access

Posted on January 22, 2019 (June 2, 2020) by Jason Bessonette

Background In my previous life, I spent a lot of time analyzing malware and figuring out how it worked in order to defend against it. One trend that has increased across the industry is the use of fileless malware and specifically mshta.exe as a method of infection. Now that I’m on offense, I wanted to […]

Five Cybersecurity Predictions for 2019

Posted on January 16, 2019 (November 25, 2019) by Randy Watkins

2018 was another year of change in the cybersecurity industry. We’ve had some interesting conversations with customers, partners, providers, and analysts over the past twelve months, and we’re excited about where the industry is headed – at least from our vantage point. We are all seeing the 2019 prediction stories, and many of the broader […]

One Month Later: The Marriott Data Breach – What You Should Do

Posted on January 9, 2019 (November 25, 2019) by Jessica Myers

Just over a month ago, Marriott International, one of the world’s largest hotel chains, announced that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018. Among the hotels under the Starwood brand are the W Hotels, St. Regis, Sheraton, Westin, and […]

Naughty or Nice: Cybercriminals’ Latest Targeting Strategies During the Holiday Season

Posted on December 18, 2018 (November 25, 2019) by Jessica Myers

Economics of Christmas: The Joy of Shopping Retailers solicit most fervently on a handful of days throughout the year. Valentine’s Day, Mother’s Day, Independence Day, Back-to-School, and Halloween all bring in huge profits across industry, yet nothing quite compares to the most wonderful time of the year. Naturally, Thanksgiving Day to Cyber Monday are the […]

Phishing Attacks Today: DRIDEX and URSNIF Are Back

Posted on December 12, 2018 (March 20, 2020) by Jessica Myers

On the morning of December 12th, 2018, the CRITICALSTART CYBERSOC began seeing the resurgence of a prolific phishing campaign. This campaign included malware variants such as DRIDEX & URSNIF, both common Banking Trojans used in macro-based attacks. These files are observed hiding with macro-enabled documents or downloaded after the code executes, requesting the host reach […]

A Commitment to Getting It Right: Palo Alto Networks’ Expedition Migration Tool

Posted on November 29, 2018 (May 13, 2020) by Quentin Rhoads-Herrera

Background: During a recent penetration test for a client, I came across a tool called MigrationTool from Palo Alto Networks. The tool was littered with issues, like the unauthenticated disclosure of passwords, hashes, versions, and more that were uncovered. So, what’s a TEAMARES team member to do? I quickly grabbed my screenshots and informed Palo Alto […]

Supporting Our Family: In Memory of Ricki Bateman

Posted on November 27, 2018 (June 5, 2019) by Stacie Bon

The Bateman family

Today being the National Day of Giving, we come together to celebrate the gift of generosity and contribution. For CRITICALSTART, the day takes on special significance this year as we rally to support a member of our own family. Derek Bateman, a member of the CRITICALSTART SOC team, recently suffered the devastating loss of his […]

PRTG Network Monitor Privilege Escalation

Posted on October 3, 2018 (February 3, 2020) by Quentin Rhoads-Herrera

Background: Recently I’ve seen a decent number of privilege escalations occurring on Windows due to permission issues and using symlinks. The work from Ryan Hanson from Atredis on the Cylance privilege escalation and Windows Standard Collector privilege escalation really inspired me to research more into this issue and potentially find some myself. After several weeks […]