The recent disclosure of the SolarWinds Orion supply chain attack is just the latest widespread vulnerability that has targeted clients across the globe. This issue is still in the early stages of analysis by the cybersecurity community, and RSM is actively monitoring the situation and providing updated information on our War Room blog ... READ MORE
SolarWinds Orion Supply Chain Attack
On December 13, 2020, FireEye reported a major intrusion into several high-visibility targets stemming from malicious code inserted into SolarWinds Orion software update packages. An external nation-state-level threat actor compromised the network of the SolarWinds IT management software company, allowing them to insert their own code into legitimate digitally signed update ... READ MORE
FireEye Intrusion – Red Team Tools Stolen
There is a saying in the security community that it is not if an organization will suffer a cybersecurity event but when. Current events prove that this statement stands true even for sophisticated security firms such as FireEye. We are closely monitoring the situation and wanted to share our perspective at this point. I share the opinion of at least a few of my peers who ... READ MORE
Vulnerability scanning your Android apps
A lesser known feature of the Mobile Secuirty Framework scanner MobSF from 'https://opensecurity.in/' is its ability to quickly scan a folder of APK files. This isn't normally something most users would need if they were only targeting a single app but if you're trying to assess the security of a device you might find it necessary to look at every piece of software, from the ... READ MORE
Distributed Security: Advancements in IT Governance using Multi-Party Computation (MPC)
Imagine never having to remember a password again. To some this might sound crazy, but by combining time-tested cryptography and new technological advancements, this far-fetched proposition is possible. Multi-party computation (MPC) protocols allow users to eliminate the need to remember passwords and potentially much more while simultaneously enhancing data security. MPC works ... READ MORE
SAP RECON CVE-2020-6287
On July 13, 2020, SAP software released a patch impacting the SAP NetWeaver Application Server Java versions 7.5 and earlier. The vulnerability dubbed RECON (Remotely Exploitable Code on NetWeaver) Specifically targets SAP NetWeaver Java while Advanced Business Application Programming (ABAP) stack systems remain unaffected. This vulnerability is operating system (OS) and ... READ MORE
Office 365—Magic Logs Uncovered
The Dark Ages According to the FBI’s 2019 IC3 report, the IC3 unit received 23,775 business email compromise (BEC) complaints with losses of over $1.7 billion (FBI IC3 Report[1]). We have found that, first and foremost, threat actors are trying to leverage compromised email accounts to perpetrate financial fraud. Though perhaps unintentional, a fraudster will likely access ... READ MORE
Using EDR as an Incident Response Tool
What is EDR? Endpoint detection and response (EDR) has been a buzzword in the world of cybersecurity for the last couple years, but what does that really mean? EDR tools are designed to continuously monitor systems for anomalous or malicious activity. A monitoring agent runs in the background, ideally on every endpoint in the environment, and the end user experiences little ... READ MORE
Enumerating Emails via Office.com
On a recent penetration test, I discovered that manually attempting to log into Office.com would give an indication as to whether an email address exists or not. Both of the techniques I was familiar with for Office365 username enumeration, using the Autodiscover API and ActiveSync, have both been fixed so this was definitely something worth exploring. I captured a few ... READ MORE
Socially Susceptible – Augmenting phishing with machine learning classifiers
Crafting sophisticated phishing campaigns is a necessary part of offensive tradecraft for testing security conscious and complex environments. The old adage goes "a chain is only as strong as its weakest link". Historically this chain has been people, but with increased resources and focus on testing, attackers have worked to find ways to increase their chances of gaining a ... READ MORE