Part 2 – Adapting Security Strategy to the Rise of Opportunistic Attacks
Over the past two years, we’ve seen a number of our clients’ security programs re-orient to prepare for potential ransomware incidents. Much of these preparations have focused on the controls and processes that would specifically help prevent and respond to a ransomware infection. While this is often effort well-spent, I’d like to suggest that many […]
Multi-Step Attack Vectors: When Vulnerabilities Form an Attack Chain
Praetorian’s approach to cybersecurity centers around a core belief that combining innovative technologies and the best people in the business leads to real results. In our experience, neither can fully solve cybersecurity challenges on its own. We therefore have designed our services organization and offerings to blend them seamlessly. We applied the same philosophy when […]
Part I – CyberSecurity is Adversarial, and What that Means for Security Strategy
I have an impression that in the course of the day to day grind, many security leaders have lost sight of a core tenant of cybersecurity: that it is adversarial. Ultimately, the core of most cybersecurity risks is defenders trying to stop attackers. Both sides are seeking to outwit each other. This contest is mediated […]
The Click Heard Around the World
On April 19, 1775, the American Revolutionary War began at Middlesex County in the Province of Massachusetts Bay. While it’s actually hard to define a specific “first shot”, Ralph Waldo Emerson immortalized his view of the event in the “Concord Hymn” which begins with the following familiar stanza: By the rude bridge that arched the […]
North Korean Lazarus APT phishing defense contractors
A new cyber attack campaign launched by North Korean APT Lazarus Group is targeting the military defense industry. Lazarus weaponized two documents related to job opportunities from Lockheed Martin in the spear phishing attack. The discovery was made January 18, 2022. Here’s what you need to know: What might the hackers be looking for? North […]
Log4j vulnerability: Lessons learned in a week
Introduction In this blog post, Praetorian reflects on customer challenges, successes, and lessons learned from our response to the Log4j industry-wide response. Background On the Friday evening of December 10th, Praetorian research and development teams sprang into action, confirming vulnerable systems or exposed vulnerable endpoints for a large number of organizations. It is our belief […]
Log4j Update: False Negatives and Additional Recommendations
We had a busy weekend here at Praetorian. Following the initial disclosure of the Log4j (Log4Shell)* vulnerability, we’ve added a capability to identify the issue to our attack surface enumeration tool. As we scanned production environments for the vulnerability over the weekend we’ve learned a lot more about how the issue can actually look in […]
Log4j: It’s worse than you think
On December 9th, 2021, a new 0-day vulnerability in the popular Java logging package log4j v2.x was announced. The vulnerability is particularly unpleasant as exploitation frequently requires only the ability to cause the system to log an attacker controlled string to a vulnerable logging instance. Thus, the routes of exploitation are broad and often require […]
CIS Controls Version 8 Overview: Bye-Bye “Top 20”
The Center for Internet Security (CIS) has just released Version 8 of their popular security controls. With this version, the “Top 20” moniker has been lost and the list of controls reduced to 18. The Version 8 is a major update to the Safeguards, builds on some of the new features in Version 7.1 (Implementation […]
Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers)
Introduction The OAuth 2.0 authorization framework is designed to improve security by delegating limited access to third-parties without sharing credentials. In our previous blog post on OAuth 2.0 we discussed how OAuth 2.0 implementations should be secured. Unfortunately, it is common for vulnerabilities to be introduced with OAuth 2.0 implementations, particularly on the side of […]