Cyberis Blog
Reassuringly clear thinking.
- Detect and respond
- News
- Tools and techniques
Exchange Zero Day - CVE-2022-41040 and CVE-2022-41082
Microsoft Exchange is one of the most popular enterprise email products and runs on Windows Server operating systems. In August 2022, researchers at GTSC discovered a flaw in Exchange which allows attackers to obtain remote code execution on affected systems. Critically, this vulnerability affects fully patched Exchange Servers which renders this exploit as a zero-day vulnerability. These vulnerabilities have recently been confirmed by Microsoft as CVE-2022-41040 and CVE-2022-41082.
- Detect and respond
The Software Supply Chain
There are many different ways in which supply chain attacks can impact your cyber security resilience. We all appreciate that third-party service providers may have access to physical premises, or to technical infrastructure, and that a compromise of these providers can grant that access to an attacker. If you have smaller, or less-mature, suppliers in your supply chain, we know that they may have immature information security practices. Because we think about these areas a lot, most businesses have pretty mature processes aimed at managing these risks in their supply chains. One area where we often see weakness in our customers, however, is in management of the software inventory and their software supply chain.
- Detect and respond
- Red teaming
Using Red Teaming to upskill detection and response teams
When we talk about red teaming, it's quite easy for people to understand the benefits of using attacker techniques in our approach when it comes to exploring a particular attack pathway and to see the benefits of identifying the chains of vulnerabilities that allow a compromise to happen. Quite frequently, though, people underestimate how effective red teaming can be when it comes to upskilling detection and response teams. I'd like to give an example of how - run well - red teaming can be used to improve detection and response outcomes. This is, of course, an anecdote, but it certainly gives an idea of how performance changes when teams are challenged in the right way.
- Detect and respond
- Red teaming
Using Red Teaming to validate the performance of an outsourced managed service provider
Red teaming can provide assurance within a wide range of business scenarios. One interesting scenario we explored recently with a customer, a firm within the education sector, involved a situation where they had outsourced detection of security incidents to an external MSSP. As a result of a governance audit, our customer needed to determine whether the detective and corrective capabilities of the managed security services and associated internal technical controls functioned as expected across several lesser-seen compromise scenarios.
- Detect and respond
EDR: Is It Worth It?
When working with smaller businesses, sometimes we’re asked whether Endpoint Detection and Response solutions are worth the money, over and above traditional anti-virus. Much of the time, EDR is used in large enterprises in conjunction with a sizeable technical team of experienced professionals who engage in active response and threat hunting as their full-time job. It can be difficult for smaller businesses to see where EDR might fit in.
- Detect and respond
BlueKeep: Perimeter Assessments Remain As Important As Ever
The basic security principle of keeping the attack surface as small as possible is still as important as ever, however you define your perimeter. Keeping an eye on the attack surface of the network perimeter, is not an obsolete activity, it is as important today as it was twenty years ago.
- Detect and respond
- Research
Microsoft Exchange Client Access Server Information Disclosure
If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners. Until recently, this vulnerability went unaddressed by Microsoft for versions of IIS after 6.0 and before 10.0. The majority of advice provided by online resources suggests applying the latest patches, but as patches don't exist for version 7.0 to 8.5, this isn't an option.
- Detect and respond
After the storm
You’ve had an incident. You’ve managed the fall-out, contained the outbreak and restored normal service. Now is the time to sit down with your incident response teams, your operational teams and other stakeholders and work out how to prevent a recurrence.
Improve your security
Our experienced team will identify and address your most critical information security concerns.