Microsoft Exchange–ProxyLogon Vulnerability Analysis
The goal of this case study is to summarize technical details of the ProxyLogon vulnerability alongside with other vulnerabilities that were used in chain to perform remote code execution in early 2021 Exchange hack. In addition, we have reproduced and described steps resulting in successful exploitation of Exchange Server 2016 CU16. Exchange administrators and security practitioners can use this guide to test their deployments or generate logs they can further analyze to gather IOCs and compare it with logs from their live systems.
|
|
|
Risk Assessment: NIST 800-30 vs ISO/IEC 27005
Security risk assessment is one of the key phases of the risk management process. Above all, it refers to the identification of risks, estimation of impact on organizations, and determining sources. Organizations use risk assessment to determine the extent of the potential threats, vulnerabilities, and risks associated with an information technology system. Because of that, it's possible to design appropriate mitigation measures. Certainly, continuous improvement of the risk management plan is an investment protecting the organization’s reputation, money, and time.
|
|
|
How to Implement Secure SDLC to Enhance Your Product Development in 5 Stages
Any business, organization, or team working in the software development field has heard of the software development lifecycle (SDLC). This process defines the stages and procedures development teams follow to ensure they churn out high-quality end products time after time – from planning to deploying for end users. For many businesses, the SDLC might be the business. Knowing how to implement Secure SDLC (SSDLC) may the difference between success and failure, in the short, medium, and long-term.
|
|
Malware for macOS managed to infect 40,000 of computers
Cybersecurity research uncovered a new malware for macOS, which managed to infect almost 40,000 computers over the past couple of months. The malware, named Silver Sparrow, is still a complete mystery to researchers. Silver Sparrow was distributed via multiple installers that pretended to be an update. macOS has security features in-place to allow only binaries signed by recognized developers to run. To bypass these restrictions, all installers were signed by Developer IDs and considered trustworthy by the operating system.
|
|
|
Gain clarity on how to design a sound cybersecurity strategy
Virtual Qubit Conference New York 2021
May 5-6, 2021“Is our business potential diminished simply because our cybersecurity approach is not tailored to our own needs?” This could be the most important question on any CxOs mind. This virtual event will equip CxOs and cybersecurity teams with the right intel to create a sound cybersecurity strategy based on the right technology & budgetary insights, proven practices, and processes specially tailored for SMEs. Don’t build your cybersecurity strategy on guesswork. Join the most relevant dialogue in the industry and get the right focus on revamping your cybersecurity mission.
|
|
Ransomware is one of the most virulent cyber threats facing enterprises today.
Real-Time Security with Infoblox and the Cyber Offensive Experts at LIFARS
April 7, 2021 from 1pm-2pm EST
Join us for the unique opportunity to observe LIFARS demonstrating a typical ransomware cyber attack plan from the initial phish email, to infiltration of executables, command and control, and eventual target encryption. LIFARS will execute the attack plan in their cyber range and show how Infoblox BloxOne Threat Defense can track, prevent and contain the attack.
This webinar is ideal for red or blue teams, SOC analysts, incident responders, security architects, or anyone seeking to learn the value that Infoblox DNS, DHCP, IPAM and BloxOne security services bring to cyber teams.
|
|
LIFARS provides tactical and strategic advice used by clients to increase their organizational security maturity level. We are a global leader in Incident Response, Digital Forensics, Penetration Testing, Ransomware Mitigation, and Cyber Resiliency Services. The recent news of attacks on Microsoft Exchange should be a wakeup call. If installing patches is all you have done and you think you are in the clear, you are wrong.
We have been responding to dozens of MS Exchange cases and have found that attackers are leveraging these vulnerabilities to move laterally within your environment, deploy ransomware and encrypt your systems. Below are some basic steps you should take immediately:
Conducting Forensic Analysis of system memory of the infected machines to identify ANY remnants of the attacker.
- Compromise Assessment of your entire environment to identify indicators of compromise.
- Create offline backups
- Implement best security practices across O365 environment ASAP
For more information about our services, please call us at 1.212.222.7061 or visit www.lifars.com
 |
|
Zuzana Vargova
Computer Forensic Analyst at LIFARS
Meet the LIFARS Team – Insight Into the Mindset of Zuzana Vargova Part 1
Being hacked is the nightmare of every single company, regardless of whether it is a private or public sector. Being able to rely on stable team with experience is priceless during such times. To introduce the LIFARS’s digital forensics and incident response (DFIR) team, we have decided to make an insight to teams’ structure. Working in cyber security is not a regular job. Often, you must deal with novel approaches and tactics of threat actors. What is the driving force behind Zuzana Vargova, LIFARS digital forensics analyst?
LIFARS: Hi Zuzana, can you introduce yourself to our readers? What do you do in LIFARS?
Zuzana Vargova: I’m working in Digital Forensics and Incident Response department (DFIR). I focus on forensic analysis of Windows systems. This includes investigation of breaches, identifying attack vectors used by threat actors, investigation of persistence and lateral movement, data exfiltration analysis and other.
LIFARS: Can you tell us about your beginnings in cybersecurity? What made you what you are today?
Zuzana Vargova: I have studied Applied Informatics at Faculty of Electrical Engineering and Information Technology of Slovak University of Technology in Bratislava. I have decided to specialize in Security of Information Systems – mostly because I was not determined to become a full-time developer, and math and cryptography was not big issue for me at that time.
After finishing the university, I have started working for governmental CSIRT team. For first couple of years, I worked as a penetration tester – that means, security testing of various web sites hosted by governmental bodies. Later I worked on internal on-site penetration tests of infrastructures. From offensive side of security, I transitioned to digital forensics about 3 years ago, with most of my experience in the field gained in past year here at LIFARS.
|
|
Infoblox leads the way to next-level DDI with its Secure Cloud-Managed Network Services with 8,000 customers including 350 of the Fortune 500. Infoblox brings next-level security, reliability and automation to cloud and hybrid systems, setting customers on a path to a single pane of glass for network management. Next-level security helps protect against the rising flood of cyberattacks, leveraging 14 billion threat indicators and 30 plus API security integrations. Next-level reliability provides a Tier 1 foundation with five nines availability, delivered as software-defined services. Next-level automation reduces manual tasks by 70% and annual costs by more than $1 million. Please visit infoblox.com.
|
|
|
|
|
