Showing items from external attack surface

3 Ransomware Precursors Laid Bare in a Cyber Truth or Dare

Recently, with my vulnerability researcher hat on, I was thrilled to get confirmation that three serious security vulnerabilities had been used as initial access vectors in ransomware attacks. Of course I was not gleeful or happy that this had happened to the victims, far from it, but what excited me was that I happened to know an antidote for these particular attacks and many like them. Neither was my elation due to the fact that each of the vulnerabilities is on the CISA Known Exploited Vulnerabilities Catalog (KEV), which Jussi Eronen brought up in his earlier post on exposure assessment. What pushed my buttons, was that post mortem analyses of three ransomware attacks had revealed the root cause for each incident to be the exploitation of a publicly exposed known vulnerability. In other words, the incident responders had discovered the smoking guns, plural. To put it bluntly, each incident could have been avoided had the service not been directly exposed to the Internet in the first place.

Continue Reading

How to Identify Attack Surface that Must be Addressed

Some time in January 2022, I promised to Lari to write up some thoughts on attack surface management. I thought I’d perhaps have material for a single blog post. Now two posts later, we will still have to dig into some of the most difficult problems in the process. If you haven’t read my earlier posts, the first covered asset discovery and the second focused on exposure assessment. Should you have adopted an attack surface identification process such as the one I have outlined in my previous posts, by this point you will have a lot of data. In a larger assignment, I usually end up using a couple of online services, half a dozen open source tools, and numerous ad-hoc scripts. The result is a hot mess of JSON files, tool-specific text files, files with HTTP headers, and HTML content. Some integrated scanning frameworks or third-party services might make things easier for you.

Continue Reading

WordPress Version? Make Sure You're Running the Latest Supported

It all started with Miles Davis in 2004, when WordPress 1.0 was released that is. Since then, the popular open source content management system’s releases have been named after a prominent Jazz musician. Researching this topic from a security perspective makes it quite clear why Jazz musicians are apt denominators for releases, since securing WordPress and keeping it secure over time must indeed feel like a jamming session at your local Jazz club. What does this mean in practice? Quoting WordPress Codex: The only current officially supported version is WordPress 6.1.1. Previous major releases before this may or may not get security updates as serious exploits are discovered. Which means that if you’re a WordPress admin, you should bookmark the WordPress Codex supported versions page to check which actual release contains the latest and greatest fixes. This is important, as from the project’s standpoint only the latest named release and its subsequent minor releases are guaranteed to get the appropriate security fixes.

Continue Reading