There’s trouble in Hong Kong…

Further to last week's blog posting on user-agents, we are examining some of the malicious attempts seen crafted against a non-critical web-asset that our SOC monitors. Looking through our machine data using the dashboards that we have developed in this instance using Splunk, we are able to rapidly identify anomalies with low effort. We n...
Quarterly Patches are out for Juniper. New Alerts for Rittal, Micro Focus, IBM, FreeBSD, and Linux. F5 has updated the mitigation for the TMUI RCE vulnerability again. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. http...
Our cyber security recruitment team in conjunction with our own veterans, have put together a short video about which military leavers taking a civilian cyber security role Recruitment CND are also the UK's oldest independent cyber security recruitment agency, specialising in global security recruitment since 2004. We work with both contract a...
Monthly Patches are out for Qualcomm and Palo Alto Networks. New Alerts for Grundfos, F5 (more exploits), Citrix, Mozilla, Qualcomm, IBM, Zyxel, and Linux. We have dropped the India:China GeoPolitical alert to Guarded, as they are working on a disengagement process. F5 has updated the mitigation and IOC guidance in the TMUI RCE bulletin.  And ...
Our cyber security recruitment team in conjunction with our own veterans, have put together a short video about which military leavers taking a civilian cyber security role Recruitment CND are also the UK's oldest independent cyber security recruitment agency, specialising in global security recruitment since 2004. We work with both contract a...
Monthly Patches are out for Google Android, Pixel, and Samsung. New Alerts for HPE, Belden, and Linux. Although the Google Monthly Patches for Android are out, with Qualcomm patches, Qualcomm hasn't published their monthly bulletin yet.Xen has three vulnerabilities embargoed and due out today, but not out yet.Talos has put out Snort rules for the F...
New Alerts for F5 (active exploits) and Linux. There are reports of active exploitation of the TMUI RCE vulnerability reported June 30. Patch if your control plane is on the Internet. Better yet, move your control plane off the Internet... Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerabili...
New Alerts for OpenClinic GA, Nortek, Mitsubishi Electric, IBM, Mozilla Thunderbird, and Linux. - The Mitsubishi Electric bulletin is for their TCP/IP Stack in GOT2000 HMI devices, but it doesn't appear to be associated with Ripple20.- Nortek is Security Management and Access Control equipment, it's a CVSSv3 score of 10 so access is open...- O...
New Alerts for Cisco, Wireshark, NetApp, Mozilla, Samba, and Linux. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com
At CND our SOC analysts are inquisitive by nature; digging a little bit deeper and the further exploration of a lead in data is what we like to do. It's a bit like a prospector looking for that tiny fleck of gold that reveals a giant nugget; the detail is what matters and exploring it often leads you to threats you didn't even realis...
New Alerts for Microsoft OOB patches, PowerDNS, F5, Dell, and Linux. The US has published a notice that foreign actors will be using the Palo Alto Networks CVSSv3 10.0 vulnerability reported yesterday.  Patch ASAP.Yesterday we raised an alert for India:China, and other countries seem to be joining.The US has identified Huawei and ZTE as threat...
New Alerts for Palo Alto Networks, Mitsubishi, IBM, and Linux.We have raised a GeoPolitical Alert for India:China after India puts 59 Chinese products on a banned list for National Security reasons.Moxa and Boston Scientific have put out their Ripple20 bulletins, neither are affected.  HMS has updated their bulletin to list a few more products...
New Alerts for IBM, PuTTY, NetApp, Sophos, Squid, and Linux. Sierra Wireless and Huawei have published their Ripple20 bulletins.  F5 appeared to have several new bulletins but the actual bulletins weren't there.  Maybe tomorrow. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerabilit...
New Alerts for ENTTEC Lighting Controllers, Apache Tomcat, Hitachi, Dell, and Linux.  ENTTEC is looking into their vulnerabilities.  Apache Tomcat has fixed a DoS.  CentOS Web Panel has multiple 0-day vulnerabilities. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability deta...
Insider Threat  If you are anything like me you will find the creation and maintenance of security policies a little tedious, though I cannot stress the importance of them enough. A UK case was recently reported by North Yorkshire Police, which could have been prevented on many levels through effective cyber security controls. Danielle Bulley ...
New Alerts for Microsoft Edge, Dell, HPE, Cisco, NetApp, IBM, and Linux. McAfee has published their Ripple20 bulletin, listing several products as "Vulnerable and Not Exploitable".  The Cisco bulletin is about a vulnerability reported in February that involves persistent Telnet.  The mitigation is switch to SSH until there's a patch. ...
New Alerts for VMware, Mitsubishi Electric, Honeywell, IBM, QNAP, Draytek, and Linux. Eaton, Schneider Electric, Aruba, and HMS have published their Ripple20 bulletins. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. htt...

Find Out More

© Computer Network Defence Limited 2020
For The Latest Updates Please Subscribe to Our Feed
Or Follow Us on LinkedIn