cybersecurity

Blog - Everything's gonna be alright

Everything’s Gonna Be Alright

At least if you get patching   The start of Autumn is always a quiet time for us Cyber bloggers. Presumably having taken time off over the summer to rest and recuperate on their islands with flip-top Volcano lairs or Yachts with a submarine, plane and another boat inside therm, we think that this must be planning … Read more

on
Chapter 1 - Classifying Malicious Domains

Chapter 1: Classifying domains using RDAP

Using TTP-based intel to classify malicious domains  Introduction  This blog series will show how Tiberium harnesses intel around attackers’ tactics, techniques, and procedures to classify malicious domains as part of our FROST and MYTHIC 24/7 MSSP services.  Preventative security is cool. Having the ability to think several moves ahead of an attacker, identifying their presence while they still think they are invisible, and manning the barricades … Read more

on
Epic - Faith No More

Epic – Faith No More

Domain Name Services – Friend & Foe  Every reader of this blog will know that the Domain Name Service is a program/component/server role (depending on how old you are and how you take your poison) which turns the names for Internet resources like websites, mail servers etc. into their registered IP addresses.  More technical readers … Read more

on
OMG header

OMG

Last week, cloud security outfit Wiz announced what they called a ‘secret agent’ group of vulnerabilities that enable takeover and privilege escalation of Linux servers in the Azure cloud.   These have now collectively been called ‘OMIGOD’ which has a logo. We all know that means serious. This is.  The issue is to do with the automatic installation of a software agent … Read more

on
Back Once Again header

Back Once Again

Those of you who have read more than one of these missives (thank you, thank you) may have noticed our fascination with the activities of the REvil ransomware group.  For those not up to speed, here is a REvil primer.  REvil (Ransomware Evil, see what they did there) is a Russian speaking cybercriminal gang that, as the name suggests, focus on encrypting, … Read more

on
Elastic fantastic

Elastic Fantastic

This week, Indonesia has had more than a few serious issues with its Cyber security.  After a month or so of communications and rectification, the Indonesian Government came clean, admitting that up to 13 Million records of travellers had been exposed to the public internet due to a poorly, or not at all, secured Elastic database, internet-facing, whoops.  The data exposed … Read more

on
Razor header image

Razor

It is always a bit of a shock when an easily exploitable way to gain SYSTEM or root-level privileges comes to light, especially for overworked, underpaid system administrators who have to get to work pronto before man+dog have a go.  And so our gast was flabbered this week by a Twitter post by ‘jonhat’ which showed that just by installing a … Read more

on
Poly blog post header

Poly

If you have been reading the security news, you will no doubt have seen the enormous crypto-asset heist from Chinese Blockchain outfit Poly. Initially relieving them of about $600 million worth of crypto goodies 2 weeks ago.  There have been many interesting reports of coins being returned, then not returned, reward and job offers. It … Read more

on
SOS header

SOS

Some of the unjustified and truly ancient at Tiberium HQ are so old that they know Morse Code. Several have actually passed tests in it and used it in either fear/anger or from the comfort of their floating Gin Palace.   Seems that Phishing/Hacking gangs or at least one of them have been using (amongst other techniques) none other than Morse Code to … Read more

on