Posts

Showing posts with the label Cyber Attacks

Effective Vulnerability Management

Vulnerability Management forms the core of cyber security be it infra or applications. Infrastructure layer vulnerability creates more challenges as it is connected to more internal networks and forms a backbone of organization business sustenance. While all organizations do vulnerability management, some internal with their own team, some through third party vendors, but still during attacks or security breaches, it is found more and more systems are prone to cyber attacks.  There are multiple solutions in the market from OEM to open source who claims to provide the hawk eye view of business security challenges, however still business owners finds it difficult to perform effective vulnerability management. We are listing here possible measures to ensure vulnerability management program is effective Discovery of Assets : - This forms the first steps and core of this program. If the assets are not tagged or discovered, then entire exercise goes in wrong direction. Any

Vulnerability Exploitation Techniques

Post exploitation involves securing ana elevating the control on target machine Few post exploitation process/techniques to achieve above are mentioned below Uploading File/Tools Elevating privileges Installing backdoor Cleaning up evidence of attack Expand attack to additional network or system. Keep visiting....for more...

Huge "PETYA" Cyber Attack

A new Ransomware attack has been detected and is in progress. Few information is available right now ; the investigation is still in progress. This alert will be updated when further information will be available. Description *********** Several information report this ransomware as a variant of Petya and Misha (also known as GoldenEye). The actual main targets are in Ukraine and Russia. Only few sample have been recently detected in France. There are verified facts: - it uses EternalBlue as an attack vector (CVE-2017-0143 [3]) - spreading via SMB post-exploitation Post-exploitation, the ransomware perform the following actions:  * downloads the main binary at hxxp://185[.]165[.]29[.]78/~alex/svchost[.]exe  * clears the windows event log using Wevtutil (wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D %c:) - writes a message to the raw disk partition - reboot the syste