August 02, 2019
Avoiding the Capital One Breach: Defense in Depth
With the release of the criminal complaint in the recent Capital one breach we now have a better understanding of how Paige A. Thompson exfiltrated data from their cloud vendor. We don’t know all the details and can only make inferences based upon the information available. Deploying CloudGuard on AWSCase Study The complaint states that a GitHub file was […]
Read more
July 30, 2019
VxWorks Vulnerabilities: More Exposure Than You Think
Six of the URGENT/11 bugs can be exploited to achieve remote code execution (RCE). At least one bug affects each version of the OS starting with 6.5, while others can lead to a denial of service (DoS) attack. Well, while this is something you may not have heard of it is the real time operating system […]
Read more
March 05, 2018
Did You Order All These Large Packets?
This week GitHub became the victim of the largest DDOS attack ever recorded due to a new amplification attack being observed in the wild. This attack, which did not require building a botnet or compromising any servers, was able to generate 1.35TBps of data against the target. It leveraged UDP responses from memcached servers exposed to the […]
Read more
October 24, 2017
What’s KRACKing at HPE Aruba
Everything you need to know about KRACK(Key Reinstallation Attacks) What is it? Mathy Vanhoef, a technical security researcher, found what we are now calling “KRACK” to be a devastating security flaw in the relatively “secure” standard for wireless networks WPA. KRACK allows for attackers to eavesdrop on your personal data when authenticating to an access point. That’s […]
Read more
May 16, 2017
A Cybersecurity Engineer’s Perspective On Wannacry
A Cybersecurity Engineer’s Perspective On Wannacry When an otherwise routine crypto cash-grab becomes international news, it can make the most seasoned of us pause momentarily in reflection. At its core – WannaCry isn’t anything special. It has your usual components of a ransomware attack – the Bitcoin buy, scary pop-ups and flutter. It has the […]
Read more