One of the most powerful weapons at an attacker’s disposal is the use of specialized tools designed to compromise network security. Mimikatz, BloodHound, and winPEAS are just a few examples of tools that can wreak havoc in your environment if left undetected. In this article, we’ll explore how malicious actors can exploit specialized tools to launch sophisticated attacks.

In today’s fast-paced global trade environment, the strategic value of a seaport is no longer determined solely by its geographical location or proximity to industrial hubs. Instead, the ability to leverage advanced technologies to boost operational efficiency and remain competitive is the defining factor. This shift in value is increasingly recognized across the maritime industry, as ports seek innovative digital solutions to manage complex logistics.

Recently, AWS expanded the scope of their AWSCompromisedKeyQuarantine policies (v2 and v3) to include new actions. This policy is used by AWS to lock down access keys that they suspect have been compromised. A common example of this process in action is when AWS automatically applies the quarantine policy to any keys found by scanning public GitHub repositories. This proactive protection mechanism can stop compromises before they happen.

There are lots of hurdles to jump when trying to set up and maintain a SIEM. Preparing infrastructure and installing the software components, getting logs ingested into the system, parsing and normalizing those log messages properly, configuring alerts for detection, etc. These are all large tasks that require thoughtful planning and a lot of work to get right. But let’s say you’ve managed to clear all those hurdles…in that case, great job!!

CVE-2023-2163 is a critical vulnerability in the Linux Kernel, specifically affecting kernel versions 5.4 and above (excluding 6.3). This vulnerability arises from incorrect verifier pruning in the Berkeley Packet Filter (BPF), leading to unsafe code paths being incorrectly marked as safe. The vulnerability has a CVSS v3.1 Base Score of 8.8, indicating its high severity. The consequences are arbitrary read/write in kernel memory, lateral privilege escalation and container escape.

Supply chain attacks are a growing concern, particularly within the financial sector, with attackers increasingly using key technology suppliers as a ‘jumpbox’ to pivot into their intended target organisation. Last year’s MOVEit breach for instance saw a single ICT supplier ultimately cause ~2,356 organisations to be compromised, with primary victims predominantly in the financial sector.

As modern organizations grow in size and complexity, managing secure access to computing infrastructure becomes a top priority. Teleport has introduced new features in Teleport Policy 16 aimed at making this easier and more efficient. With these enhancements, organizations can take a more proactive approach to security, ensuring better oversight and reducing potential risks.

Work from home (WFH) remains a common practice for many businesses worldwide. This working model has enabled companies to hire top talent across borders, boost revenue, and improve employees work-life balance. A new report by Tata Consultancy Services (TCS) claims that, by 2025, 40% of employees around the world will work from home. However, this growing trend also brings about a range of cybersecurity risks that could impact businesses significantly.

Our users secure products and services developed by dozens of distributed technical teams. They rely on tools like Detectify to prioritize and triage vulnerability findings onward to development teams to remediate. This process is anything but straightforward, which is why we’re excited to see our users utilize our integration platform in ways that help them work efficiently alongside their tech teams.