Log4j: Letting the JNDI out of the bottle
If you haven't already seen it, we released a serious security advisory for Java applications using any version of the Log4j2 library less than or equal to version 2.14.1. How would you know whether or not your Java application is vulnerable? Well, chances are, if it uses Log4j2, accepts any ... Read More
Malware Analysis Part 3: The phases and roles of incident response
In Part 3 of this series, I’m going to cover incident response and the role it plays in malware analysis. If you haven’t had a chance to read the earlier parts of the malware collection, you can find them here: Malware Analysis Part 1: How does it work? Malware Analysis ... Read More
Malware Analysis Part 2: What benefit does it serve?
In Part 1 of this blog series, we covered a (somewhat) brief introduction to malware analysis. We learned how malware analysis is performed in general and the various types of analysis–triage, dynamic, and static analysis. It's all well and good that there are so many niches and disciplines that tie ... Read More
Malware Analysis Part 1: How does it work?
Malware analysis is one of my favorite subjects. It's as broad as it is deep because there is no end to the amount of bad stuff available on the internet. Today, let’s start with the basics and work our way up from there. As you read this blog, please bear ... Read More
Malware Triage: Dissecting Threats to Your Security
Malware analysis is an incredibly broad topic. Because of the near-limitless number of operating systems, system architectures, scripting languages, and services out there, the potential for delivering malware and defining its behavior is nearly limitless as well. This means any conversation about analyzing and mitigating malware must also, necessarily, be ... Read More
Any Port in a Storm: Ports and Security, Part 2
In part one of this series, we had a crash course in port numbers and why they matter for network connectivity. Now, let's put things into perspective: Why does this information matter for cybersecurity? All Hands on Deck Being able to identify port numbers for common services is somewhat important ... Read More
Any Port in a Storm: Ports and Security, Part 1
Dropping Anchor When IT and Security professionals talk about port numbers, we're referring to the TCP and UDP port numbers a service is running on that are waiting to accept connections. But what exactly is a port? Think of your computer and its assigned IP address as a large building–such ... Read More
Security Advisory Regarding Remote Code Execution in MSHTML
CVE-2021-40444 Details Summary of Vulnerability On September 7th, a security advisory from Microsoft regarding a remote code execution in MSHTML was published by MSRC. According to the advisory, the vulnerability relies on specially crafted Microsoft Office documents in order to be exploited. Since the announcement, there have been a few ... Read More
Security Advisory Regarding Atlassian Confluence
On August 25th, Atlassian published a Security Advisory for Confluence–server and datacenter releases–described as a "web-based corporate wiki". To put it simply, Confluence typically serves as a centralized documentation repository. On the eve of Labor Day weekend in the US, US-CERT is warning against an increased surge of malware and ... Read More
Security Advisory Regarding ProxyToken
As we rapidly approach the end of August, another advisory regarding Exchange and OWA rears its ugly head. Microsoft Exchange has had a really rough go of it this past year–ProxyLogon (used by the threat group HAFNIUM much earlier this year), ProxyShell, and now, ProxyToken. As the names sort of ... Read More
