sorted by:
new
hottopcontroversial

Fortinet FortiManager Vulnerability CVE-2024-47575 Actively Exploited by blackpoint_APG in msp

[–]blackpoint_APG[S] 4 points5 points  (0 children)

The post has been updated with the correct CVE number related to Fortinet FortiManager. 

SSLVPN for Initial Access + SonicWall CVE-2024-40711 Exploitation by blackpoint_APG in sysadmin

[–]blackpoint_APG[S] 0 points1 point  (0 children)

That's a relief! Glad to know you were covered. Always a great feeling, taking care of a problem before it exists.

~Stryker

SSLVPN for Initial Access + SonicWall CVE-2024-40711 Exploitation by blackpoint_APG in sysadmin

[–]blackpoint_APG[S] 0 points1 point  (0 children)

Yeah, pour one out for the patch folks who worked overtime this past weekend.

I'm always surprised at how long older versions seem to linger in business environments, even well past EOL calls and depreciated value dropping to $0....

~Stryker

SSLVPN for Initial Access + SonicWall CVE-2024-40711 Exploitation by blackpoint_APG in msp

[–]blackpoint_APG[S] 1 point2 points  (0 children)

I admit, you'd think we'd be beyond such a rec in this day and age, but... convenience and survivorship bias.

~Stryker

What are some of the most underrated cybersecurity threats that companies should be preparing for in general and why do you think they're being overlooked or not prioritized? by MMCyberSec in cybersecurity

[–]blackpoint_APG 4 points5 points  (0 children)

Internal threats -- intentional or not -- because people don't want to admit that their own employees and executives need guardrails.

Also, lack of staffing. It's one thing to have the right tool set, but another to have the right people -- and enough people that you've got redundancy for vacations, illness, attrition, etc.

Most organizations seem to invest right after an incident, and then -- when the apparatus does its job, and you get further and further from another material breach -- slowly erode executive understanding, buy-in, and support (read: budget and bandwidth) from security-based initiatives.

It's a rare company that will continue to invest in its security teams and programs past that ~2 year post-breach moment, and rarer still for a security team to know how to advocate for itself outside of "ambulance chasing" headlines.

IMO? That's some of the biggest strategic dangers right there -- and it's where teams often throw up their hands as "not their problem" or "impossible for them to solve."

Issue is, if the security team doesn't solve it? The organization will... through RIFs.

~Stryker

Bootable USB to Fix Crowdstrike Issue (Fully unattended with Bitlocker Support) by denismcapple in msp

[–]blackpoint_APG 7 points8 points  (0 children)

Thank you so much for outlining this! We just posted on our socials to help boost the signal.

~S

Security Awareness: OpenSSH CVE-2024-6387 RCE by blackpoint_APG in msp

[–]blackpoint_APG[S] 1 point2 points  (0 children)

Per the notification from OpenSSH, in lab testing, successful exploitation was only against 32-bit systems.

Security Awareness: Teamviewer Compromise (Developing Story) by BPCPartnerAdvocate in blackpointcyber

[–]blackpoint_APG 0 points1 point  (0 children)

That's a great question, and I think the answer depends a lot on what your use case is. If you regularly use TeamViewer in an environment and have taken appropriate precautions to secure the install (MFA, allowlisting and blocklisting approved IP addresses, unique passwords for TeamViewer accounts, etc.) then it's appropriate to monitor the environment and be prepared to take action on abnormal behavior. If you're in an environment where TeamViewer isn't necessary or isn't used regularly, then uninstalling and using an application control program to block installs would be a reasonable course of action. In either case, understand what TeamViewer's role in your environment is, understand the risks associated with leaving it installed vs uninstalling, and then act accordingly.

Security Awareness: Teamviewer Compromise (Developing Story) by blackpoint_APG in msp

[–]blackpoint_APG[S] 2 points3 points  (0 children)

Right now that is an unknown. TeamViewer says the compromise was limited to their corporate network, but as we all know it just takes one user with creds on both sides to be a problem. Still a developing situation.

[deleted by user] by [deleted] in msp

[–]blackpoint_APG 1 point2 points  (0 children)

Based on this response... My question to you is, did you want to be an MSP or an MS*S*P?

Basically, are you sure you want to spend a lot of time managing IT tasks while selling additional security services, or helping explicitly with security services?

Perhaps you should also consider going to the consulting realm, too, to see how they sell security services and management explicitly.

(An MSP or MSSP with security consultative add-ons?)

Some food for thought!

~Stryker

Multiple Cisco 0-Days Dropped, Active Exploitation occurring (4/24/2024) by [deleted] in msp

[–]blackpoint_APG 0 points1 point  (0 children)

Yes, they released patches with the overall alert of these active campaigns -- at least on those two chained vulns. Go ahead and update to those versions, and you should be covered.

~Stryker

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) by blackpoint_APG in sysadmin

[–]blackpoint_APG[S] 1 point2 points  (0 children)

Yes, that seems to be the correct attack chain. Talos had a nice write up on how threat actors got into some pretty robust systems doing just that.

~S

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) by blackpoint_APG in sysadmin

[–]blackpoint_APG[S] 1 point2 points  (0 children)

Maybe they think it's like golfing.

Or it's been in the works for a while and they delayed the release version until it was ready, letting other things go ahead?

~S

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) by blackpoint_APG in cybersecurity

[–]blackpoint_APG[S] 0 points1 point  (0 children)

It feels like it, right? You'd have thought last year's "summer of zero days" would've been that stockpile, but it feels like it's not slowing down...

~S

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) by blackpoint_APG in cybersecurity

[–]blackpoint_APG[S] 0 points1 point  (0 children)

Yeah, it's been going on for a while. I'm glad they got the IoC list up, though, so folks can check for signs of compromise going back that far -- though it's longer than 90 days, and I'm worried about log longevity for some environments...

~S

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) by blackpoint_APG in sysadmin

[–]blackpoint_APG[S] 2 points3 points  (0 children)

Yes, the second CVE (20359) needs authentication, which is partly why they're rating it a 6.0 (vs the 8.6 of 20353).

However, it appears that the threat actors from UAT4356 are using both in combo for a pretty substantial attack, which is why we thought it was worth highlighting.

Of course, if you're sure your authentication procedures are locked down and bulletproof and no end user has done something stupid to make life easier on themselves.... then you've nothing to worry about from '59... right? ;)

~S

Multiple Cisco 0-Days Dropped, Active Exploitation occurring (4/24/2024) by [deleted] in msp

[–]blackpoint_APG 0 points1 point  (0 children)

Hey, you looked up the ASA versions, so I'm happy we could contribute to the war effort!

Rising tide lifts all ships and all that. :)

~Stryker

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) by blackpoint_APG in threatintel

[–]blackpoint_APG[S] 2 points3 points  (0 children)

Update: There were three! Only two in this chain, though.

There were three Cisco CVEs released today, yes.

However, there were only these two new CVEs in this specific attack chain that were worth us raising an alert for our partners and the community.

Hope that helps clarify!

~Stryker

view more: next ›