Despite the recent hacking of high-profile users’ Twitter accounts, and reports that Russia continues its attempts to penetrate U.S. institutions and government entities, cybersecurity remains something that campaigns are thinking about only when there’s an issue. […]
The decision to outsource or hire an in-house incident response team can be difficult. Here’s what you need to consider when developing your IR strategy. […]
Flexible, Open-Source Tool to Manage Post-Exploitation Issues – Without the Extra Spend […]
Organizations are losing the endpoint security battle against new or unknown zero-day attacks. A recent Ponemon Study on endpoint security revealed that 68% of IT security experts say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019. Of those breaches, 80% were zero-day attacks – with the frequency of […]
NBC News and Boston 25’s Blair Miller interviews Quentin Rhoads-Herrera of CRITICALSTART‘s TEAMARES about the vulnerabilities associated with contact tracing and how hackers are targeting companies and individuals through these apps. Video Transcript: M. Davenport: Health officials want to know how people are contracting the Coronavirus, who they are catching it from, but one […]
When TEAMARES began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory released last month, we initially started by reading the advisory and mitigation steps, which contained minimal details but included key pieces of information needed to kick off our research. […]
Globally, breaches cost organizations billions of dollars every year. In the U.S., losses for each breach average just under $10 million […]
How big is your security risk and how do you identify and contain those risks? You may be surprised to learn that there are looming threats you can’t see, and attackers may be enjoying a long dwell time within your system – before you even detect an issue. […]
Many organizations are shocked to learn their systems have been breached, with attackers having exposed vulnerabilities. However, you can defend your organization against these threats by taking some proactive measures. Minimizing your security risk begins with risk management – ensuring proper asset management, implementing policies and procedures around protecting assets, and effective risk mitigation. Yet […]
Versions Tested: GlobalProtect App < 5.1.4 on Windows GlobalProtect App < 5.0.10 on Windows Product:https://www.paloaltonetworks.com/products/globalprotect Security Advisories:https://security.paloaltonetworks.com/CVE-2020-2032 CVE Numbers:CVE-2020-2032 CVSS Score:7.0 CWE:CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition NIST:N/A OWASP:N/A Summary: A race condition vulnerability in the Palo Alto Networks GlobalProtect app on Windows allowed a local limited Windows user to execute programs with SYSTEM […]
Missing HttpOnly flags on cookies are a common finding in Web Application penetration testing. Many times, there is confusion surrounding whether it is necessary to enable this flag though. However, cookies can contain session tokens and other values that can be useful to a malicious actor and should be protected. If the cookies do not […]
Versions Tested: VMware Fusion 11.5.3 Products: https://www.vmware.com/products/fusion.html https://docs.vmware.com/en/VMware-Remote-Console/index.html https://docs.vmware.com/en/VMware-Horizon-Client/index.html Security Advisories: https://www.vmware.com/security/advisories/VMSA-2020-0011.html CVE Number(s): CVE-2020-3957 CVSS Score: 7.3 CWE: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-424: Improper Protection of Alternate Path NIST: N/A OWASP: N/A Summary: VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use […]
Discussions about contact tracing have been ongoing since February 2020, when some experts began looking ahead at how to move through the global COVID-10 pandemic. What Is Contact Tracing? Contact tracing essentially comprises identifying those who have been infected with COVID-19 and notifying as many people as possible who have been in close contact with […]
Breaches are a fact of life for every business. However, it is possible to stop breaches and improve your security posture by taking a proactive approach to your incident response (IR) strategy. The Risk of a Cyber Security Breach Continues to Increase Consider: A joint study by Ponemon Institute and IBM Security revealed the percentage […]
Quentin Rhoads-Herrera, director of professional services at CRITICALSTART, joins GDC to talk about the safety and privacy concerns stemming from new contact tracing apps. Featured in FOX 32 Chicago | May 13, 2020 […]
That’s what a lot of you have asked us. So, the Q&A team reached out to Quentin Rhoads-Herrera – a security breach specialist. In mid-April Google and Apple launched a contact tracing app model that would allow people to offer up their location information in order to help stop the spread of COVID-19. But could […]
Tennessee has just 25 percent of the recommended amount of contact tracers, leaving the state 1,500 people short for the critical disease mitigation effort. The National Association of County and City Health Officials is recommending just over 2,040 in Tennessee for its population. Nashville has just 75 contract tracers which needs to be tripled to […]
Public password dumps have been an excellent way for attackers to gain access to accounts. Whether through credential stuffing or utilizing the emails and passwords directly, these dumps are a treasure trove of information. One thing red teamers and malicious actors alike can always count on is that the average user will likely reuse one […]
One thing is clear: no one is safe from ransomware attacks. What is changing, however, are attack modes as threat actors adjust their methods based on evolving mitigation methods being employed. For several years, ransomware has been viewed as a type of malware that locks or encrypts the system or data and demands a ransom […]
Chris Ward speaks with Quentin Rhoads-Herrera of CRITICALSTART to discuss cybersecurity in a time of a pandemic. In our current time of crisis, it’s a sad fact that there are many taking advantage of distracted governments, businesses, and individuals. With the majority of workforces in the Western world currently working from home, often on insecure […]
A hacker could provide entertainment value by disrupting the virtual NFL draft that begins Thursday. Desperation for any sports entertainment shouldn’t make us forget that these things are boring. The few moments of suspense as picks and trades are announced are drowned out by incessant chatter by talking heads and nonstop loops of player highlights. […]
Version Tested: 3.0.0 Product: https://www.opsramp.com/ CVE Numbers: CVE-2020-11543 CVSS Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE: CWE-798: Use of Hard-coded Credentials OWASP: https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password Summary: During a recent penetration test, CRITICALSTART‘s TEAMARES researchers discovered that OpsRamp Gateway has an administrative account named vadmin that allows root SSH access to the server. This account was unknown to clients […]
For Quentin Rhoads-Herrera, this was not a typical security test. A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects. He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could […]
Versions Tested: CIPAce Version < 6.80 Build 2016031401 CIPAce Version < 9.1 Build 2019092801 Product: https://www.cipplanner.com/Products/CIPAce/Pages/CPMPlatform.aspx Security Advisories: N/A CVE Numbers: CVE-2020-11586 CVE-2020-11587 CVE-2020-11588 CVE-2020-11589 CVE-2020-11590 CVE-2020-11591 CVE-2020-11592 CVE-2020-11593 CVE-2020-11594 CVE-2020-11595 CVE-2020-11596 CVE-2020-11597 CVE-2020-11598 CVE-2020-11599 CRITICALSTART‘s TEAMARES researchers have released a steady cadence of advice regarding the importance of testing your systems regularly for […]
As pentesters and red teamers, we know that it isn’t hard to get user passwords. The real challenge can be getting an elevated user such as Domain Admin (DA) or Enterprise Admin (EA), especially if you want to try bypassing any type of security auditing, such as the addition of a user to a privileged […]
Due to current events, your organization is more than likely experiencing disruption resulting from a rush to implement remote work policies, social distancing, and other unexpected changes to business as usual. And if you’re like many organizations, chances are you did not have remote work contingency plans in place and may be scrambling to find […]
Versions Tested: Web Revision: 1.107, Board: 3.001, Firmware: 2.213 Product: https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc Security Advisories: N/A CVE Numbers: CVE-2020-11542 CVSS Score: N/A CWE: CWE-305: Authentication Bypass by Primary Weakness NIST: IA-4: Identifier Management OWASP: A2: Broken Authentication With access to a system’s control interface, a malicious actor can unlock controls remotely, allowing them to gain physical […]
With the daily routines of millions rapidly changing as we settle into a period of social distancing, many are looking for ways to pass the time once their reading lists have been plowed through and the Netflix binge is no longer do the trick. Why not take advantage of this downtime to learn a new […]
Challenging times bring out the best in people – but also the worst. As the world deals with COVID-19 and the economic fallout, you can be sure that scammers are looking for ways to capitalize on this crisis. Among their methods includes leveraging current events and news. “Every year we see tax refund season create […]
What does a computer virus have in common with the Coronavirus (COVID-19)? Plenty, believe it or not, as technology can be used to help solve both. The TEAMARES research team has found that our hash cracker Cthulhu can be used to run computer simulations that mimic the same complex protein folding that occurs in viruses. […]
Regular Expressions (Regex) are used to identify strings that defy simple search terms, which infosec and technology professionals use for things like input validation, searching and scripting. Unfortunately, the syntax can be intimidating and the learning curve steep for beginners. Throw in a handful of different flavors and the confusion grows. While it can be […]
How many times have you typed in the wrong URL? If you’re like us, it happens a lot — but typing the wrong address in your browser and hitting enter can cost you big time. We all use sites like YouTube and Google, but now, more than ever, criminals are using fake URLs that […]
Versions Tested: Tiff Server 4.0 Product: https://www.aquaforest.com/en/tiffserver.asp Security Advisories: N/A CVE Numbers: CVE-2020-9323 CVE-2020-9324 CVE-2020-9325 CVSS Score: Unauthenticated File and Directory Enumeration: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:W/RC:C Unauthenticated Arbitrary File Download: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C Unauthenticated SMB Hash Capture via UNC: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C CWE: Unauthenticated File and Directory Enumeration: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) Unauthenticated Arbitrary […]
No matter how much you think you’ve done to protect your data and systems, common vulnerabilities continue to wreak havoc on enterprises. Cyberattacks are already increasing due to global events, meaning it’s more important than ever to identify and secure vulnerabilities. The following are some vulnerability trends the TEAMARES team is seeing – and what […]
Full video transcript: Our focus is around penetration testing, discovering vulnerabilities, and potential configuration issues that lead to data breaches on some of the biggest clients, Fortune 500, Fortune 50 and so on. I notice a lot of vendors, they will do a scan and hand it off and say, “It’s a pen test”, right? […]
Luckily, it was only a test. During penetration testing for two international companies, our team found numerous vulnerabilities. In both cases we had total control over all systems within the clients’ network and could easily shut them down, siphon data from critical customer-facing systems, take over PCI assets, and more. If we were the bad […]
Full video transcript: Well, I love evangelizing security and also working with some of the smartest people in the industry, and it makes it really fun to work here. We have a lot of smart people. They’re very passionate about security and to do what’s right for the customer. Our professional services bench, who all […]
The subject of password strength and complexity requirements has been discussed and debated ad nauseam in the security industry. It’s a subject as old as information security and will not be going away any time soon. Cory Mathews, Offensive Security Technical Lead for CRITICALSTART‘s TEAMARES, outlines the importance of proper password management and the steps you can […]
Why Password Managers and MFA are Important in your Security Stack The subject of password strength and complexity requirements has been discussed and debated ad nauseam in the security industry. It is a subject as old as information security itself and will not be going away any time soon. We, as penetration testers, absolutely love […]
Background: After running into ManageEngine products on a number of penetration tests, we decided to take a closer look at their products and see if there were any vulnerabilities that we could take advantage of. CVE Numbers: CVE-2019-12876 Versions Tested: DesktopCentral – 10.0.380 ADSelfService Plus – 5.7 ADManager Plus – 6.6.5 DLL Hijacking: Multiple ManageEngine […]
