The post Cyber Security for Smart Grids appeared first on Sense of Security.
]]>Integrated IT and OT systems like Smart Grids are becoming more popular because of their self-management abilities, ensuring continuous availability of power. The ease of operation is pulling more energy and utility companies to invest in these systems.
But along with the benefits, critical systems are becoming a prime target for cyber attackers to inflict serious damage and disruption.
Cybersecurity is all the more critical while implementing such systems compared to the traditional electrical grid.
Download the full whitepaper to understand the emerging cyber-attack scenarios in relation to the smart grid, its vulnerabilities and standards for cybersecurity assessment.
Get the full document here
[contact-form-7]
If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.
The post Cyber Security for Smart Grids appeared first on Sense of Security.
]]>The post Presentation: RSA USA 2020 – Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed appeared first on Sense of Security.
]]>Windows 10 is the platform of choice for large scale, corporate controlled, end user OS deployments. Referred to through many names incl Enterprise Roll-Outs, Standard Operating Environments (SOE), Golden Image deployment etc they all relate to the same thing. A standardized deployment that needs to be secured at creation and then managed for the lifetime in operation. Large corps & govt tend to use the same formula. Create an image. Add in some enterprise mgmt features, end point security & full disk encryption. Harden. Test it (maybe). Operate it in the field. Deal with any fall out. These are high cost, time sensitive, task management centric projects. Using an outsourced partner to design, implement & manage the process adds in an element of supply chain risk – making the entire solution susceptible to long term time-in-market attacks. This includes a timeless opportunity for total environment-take-over. It is our experience that organisations are short-changing themselves by doing very limited testing of the system prior to deployment. At best this is limited to a hardening review.
This presentation describes a case-study for why testing is required to address a stream of risks and how this saved a large corporate from deploying an image that was certain to result in 10,000+ machines being remotely controlled by an adversary.
To learn more download our presentation here. For more information call us on 1300 922 933.
The post Presentation: RSA USA 2020 – Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed appeared first on Sense of Security.
]]>The post Presentation: RSA USA 2020 – What Was Once Old Is New Again: Domain Squatting in 2020 appeared first on Sense of Security.
]]>A common cyber-attack technique is to lure a victim to browse to an attacker controlled website that is hosting malware or the like. One way to lure a victim is to register a DNS domain that resembles that of a major brand, and then either entice the victim to visit the website, for instance via an email message, or to simply wait for the victim to mistype or misspell the major brand’s website address. This registering of a similar DNS domain is commonly referred to as domain squatting. People are encouraged to be suspicious of emails received from unknown senders, but what happens when an email appears to come from a known person or organization, and the emails and its attachments are in line with the expected content. Again, research into similar topics isn’t new. However, by utilizing domain squatting the registering of DNS domains can be extracted by examining email flows, and the email content categorized by applying topic modelling on their contents. This allows for specifically crafted spear-phishing emails that match both the expected email sender and the topics of correspondence, which drastically increases the chances of a successful phish.
In this session, it will be demonstrated how old school domain squatting can be modernized to include OSINT gathering and the delivery of weaponized documents using email messages. The result is scarily accurate corporate relationship and supply chain mappings, as well as re-purposing actual business documents into spear-phishing attacks.
To learn more download our presentation here. For more information call us on 1300 922 933.
The post Presentation: RSA USA 2020 – What Was Once Old Is New Again: Domain Squatting in 2020 appeared first on Sense of Security.
]]>The post Three Sense of Security team members will be presenting at RSA USA 2020 appeared first on Sense of Security.
]]>Our Practice Manager Jeremy du Bruyn and our Head of Research Willem Mouton will be jointly presenting What Was Once Old Is New Again: Domain Squatting in 2020. In this session the presenters will demonstrate how old school domain squatting can be modernized to include OSINT gathering and the delivery of weaponized documents using email messages. The result is scarily accurate corporate relationship and supply chain mappings, as well as re-purposing actual business documents into spear-phishing attacks.
Also, our COO Murray Goldschmidt, who is ranked as a top speaker at RSA this year, will be presenting on Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed. A case-study for static and dynamic testing of Win10 enterprise rollout images. How this saved an organization from deploying an image that would have resulted in 10,000+ machines being remotely controlled by an adversary for ransom. Hardening reviews, configuration management, app whitelisting effectiveness, encryption recovery, and the ability to detect and defeat sleeper malware are described.
Jeremy and Willem’s presentation will be held on Thursday, February 27, 2020 from 8:00 am –8:50 am in Moscone West 3004. Murray’s presentation will be held on Thursday, February 27, 2020 from 2:50 pm –3:40 pm in Moscone West 2006.
For more information and to secure your spot for Jeremy and Willem’s presentation visit https://www.rsaconference.com/experts/jeremy-du-bruyn#upcomingsessions or for Murray’s presentation visit https://www.rsaconference.com/experts/murray-goldschmidt#upcomingsessions.
You don’t want to miss out
See you in San Francisco!!
The post Three Sense of Security team members will be presenting at RSA USA 2020 appeared first on Sense of Security.
]]>The post Security Awareness Training Program for Whole-of-Business appeared first on Sense of Security.
]]>Careless or uninformed staff are the second most likely cause of a serious security breach, second only to malware.
The current security threat landscape is rapidly changing. The threats you faced yesterday will not be the threats you face tomorrow. Today’s attackers are typically highly trained, financially motivated and possibly in the employ of nation states.
A whole-of-business approach to security awareness training is needed encompassing everyone.
Attackers are systematically adapting techniques to target the weakest elements in your business. Their attacks are wide and also targeted, with motivated attackers carefully perfecting their craft to get handsome returns on their investment in time.
People remain the weak link in the security of networks, applications and data. It is not only the rank-and-file employees who succumb to phishing scams who pose risks. Most businesses believe that the shiny new technologies they’ve acquired will protect them from everything while producing the reporting they need to comply with standards and regulations. However, human points of interaction have the potential to undermine even the most comprehensively designed systems through a simple mouse click.
Get the full document here
[contact-form-7]
If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.
The post Security Awareness Training Program for Whole-of-Business appeared first on Sense of Security.
]]>The post Red Teaming: A technical risk assessment conducted live and real-time. appeared first on Sense of Security.
]]>Red Teaming involves a comprehensive replication of the behaviour of a real cybercriminal. This simulation is conducted via a multilayer approach to security testing that not only exploits vulnerabilities in technology, but also exploits the flaws in people and processes within the organisation and its supply chain.
“Red Teaming” originates from a military terminology with the Red Team being the attackers and the Blue Team being the defenders. This approach simulates more closely how unconstrained real-world attacks take place from key threat actors such as state-sponsored attackers, terrorists, organised crime gangs, corporate spies and other nefarious individuals. Your organisation and any outsourced IT services should be operating as the Blue Team – ideally defeating the attack as it occurs.
The results of such a test will allow you to create an independent, neutral view of the effectiveness of both security controls and the team responsible for
Download the below datasheet and case study to get a better understanding of Red Teaming.
[contact-form-7]
If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.
The post Red Teaming: A technical risk assessment conducted live and real-time. appeared first on Sense of Security.
]]>The post Distributed Denial of Service testing services appeared first on Sense of Security.
]]>In recent times, Distributed Denial of Service (DDoS) attacks have continued to gain media attention. High profile organisations are coming under attack,
globally, regionally and locally, across the spectrum of Government, large corporates and any entity being hosted on cloud platforms.
Denial of Service attacks have evolved from singlesource (e.g. sending overwhelming volumes of email), which are relatively easily detected and
defeated, to attacks that come from many thousands of compromised agents (bots) acting on behalf of threat actors.
DDoS is now considered one of the primary threat types facing every industry and business that is exposed to the public Internet.
Download the below datasheet and case study to get a better understanding Distributed Denial of Service.
[contact-form-7]
If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.
The post Distributed Denial of Service testing services appeared first on Sense of Security.
]]>The post Security Awareness Training Program (SATP) appeared first on Sense of Security.
]]>The current security threat landscape is replete with aggressive, tenacious and pernicious threats. Today’s attackers are typically highly trained, financially motivated and possibly in the employ of nation states.
Our adversaries tend to have extensive monetary and human resources and the capability to deliver exceptionally well planned, fine-tuned and orchestrated attacks. Motivations now range from political influence, vandalism and theft of customer data and intellectual
property to ransom and extortion on an industrial scale.
A cyberattack can jeopardise operations and create reputational and brand damage, which causes irreparable harm to larger companies and threatens the very existence of smaller ones.
Cyberattacks can also bring public infrastructure to its knees.
Historically, organisations have invested extensively in mitigation through a myriad of hardware and software solutions, that despite their technical capabilities, are not alone adequate to solve the problem. Technology represents only one dimension of the response we can make to manage down cyber risk. We now have extremely capable adversaries who are adapting their techniques to exploit the weakest element in the environment. Invariably, this relates to the most valuable asset in the organisation – its people.
Threats like these require an approach that can meet this challenge and the people to lead and deliver confidence in the face of adversity.
Download the below datasheet and case study to get a better understanding of how Cyber Security Awareness Training can help your organisation.
[contact-form-7]
If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.
The post Security Awareness Training Program (SATP) appeared first on Sense of Security.
]]>The post Security Advisory – SOS-19-001 – XML External Entities Injection (XXE) in XNAT 1.7 appeared first on Sense of Security.
]]>Inteset Secure Lockdown Standard Edition – Privilege Escalation and Insecure Cryptographic Storage.
Release Date: 23-Oct-2019
Last Update: –
Vendor Notification Date: 09-Jul-2019
Product: XNAT
Platform: Linux and possibly others
Affected versions: 1.7.5.3 (confirmed) and possibly earlier versions
Severity Rating: High
Impact: System Access
Attack Vector: Remote with authentication
Solution Status: XNAT 1.7.5.4 Hotfix Release
CVE reference: CVE – 2019-14276
Details
An XML External Entity (XXE) vulnerability is an attack against an application that parses XML input. Importing an XML file that contains an XML external entity to the XNAT application permits an attacker to retrieve a local file from the web server. The attacker must be authenticated to the application. This attack occurs when XML input contains a reference to an external entity such as a local file on the web server. Common targets include configuration files, e.g. ASP.NET web.config or Linux password files, e.g. /etc/shadow.
The following URL is affected: /REST/search
Please refer to the PDF version of this advisory for proof of concept code examples.
Solution
Apply patch from XNAT 1.7.5.4 Hotfix Release.
Additional information is available at:
https://wiki.xnat.org/news/blog/2019/08/xnat-1-7-5-4-hotfix-release-now-available
https://wiki.xnat.org/documentation/getting-started-with-xnat/what-s-new-in-xnat/xnat-1-7-5-4-release-notes
Discovered By
Hamed Merati from Sense of Security Labs.
Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.
The post Security Advisory – SOS-19-001 – XML External Entities Injection (XXE) in XNAT 1.7 appeared first on Sense of Security.
]]>The post Sense of Security joins CyberCX as founding member appeared first on Sense of Security.
]]>Sense of Security Pty Ltd announces today that we are a founding member company of CyberCX – the nation’s first at-scale end to end cyber security services organisation.
CyberCX is the vision of technology and executive veteran John Paitaridis, the group’s CEO, and backed by Australia’s largest Private Equity fund – BGH Capital. This is a high-profile venture representing the most significant deployment of capital in the cyber sector in Australia’s history.
CyberCX will be staffed by equally impressive personnel such as Alastair MacGibbon, who has held leading roles in government and enterprise. MacGibbon was Australia’s National Cyber Security Advisor and most recently the head of the Australian Cyber Security Centre (Deputy Director General, Australian Signals Directorate).
Sense of Security (SOS), established in 2002 by co-founders, Murray Goldschmidt and Jason Edelstein, has grown to become one of the most respected firms in Australia, across the disciplines of Technical Assurance and Governance, Risk & Compliance services. With offices in Sydney and Melbourne, and over 50 professionals servicing the nation’s government and finest corporate establishments, the firm has been extensively sought after for assurance, trust and confidence.
SOS has developed a formidable brand and presence in the region. The company leads with innovative services delivered by the top consultants in the industry. The co-founders are highly credentialed, active contributors to the cyber community, and recognised leaders and industry visionaries. Edelstein is serving a second term on the CREST Australia board (the certification body for penetration testing expertise) and Goldschmidt is a substantial contributor to national, regional and international cyber security conferences.
SOS has a track record in development of intellectual property and employee capabilities. With a dedicated R&D function, the business has been committed to innovation since inception. This is a core value for the business and the reason why SOS has been so highly sought after for any professional seeking a career in cyber security. The platform that SOS operates from is one that imbues trust and confidence. This has resonated with clients and staff, seeing the company grow from strength to strength.
Becoming part of the CyberCX brand is an extension of the original vision of Edelstein and Goldschmidt – to operate the nation’s most trusted cyber security firm. That vision now has a national footprint and the delivery capability of over 400 committed and focused personnel.
This is an excellent opportunity for our staff because the group provides extensive horizontal and vertical growth options across the 7 domains of cyber security that are now being delivered as a unified entity: Consulting & Advisory, Security Assurance, Risk & Compliance, Integration & Engineering, Managed Services, Incident Response & Digital Forensics, Training & Education.
More info on CyberCX can be found at cybercx.com.au.
Our press release is available here
If you have any questions or would like to discuss your security awareness contact us today or call 1300 922 923.
The post Sense of Security joins CyberCX as founding member appeared first on Sense of Security.
]]>