open open

Log4J / Log4Shell – GYTPOL not only discovers but we repair it too!

Log4Shell . The latest vulnerability is causing a cybersecurity meltdown in the security community. It’s been 12 months to the day since FireEye announced that they were victim of the now infamous SolarWinds Supply Chain Attack. We have been talking about it all year and it has gone down in history as one of the most sophisticated and far reaching cyber attacks. And now, it is perhaps going to be trumped by Log4Shell vulnerability, and the attacks that will exploit it. What is Log4J? Log4J is an Apache open-source logging Java library. It is used in enterprise systems and web apps. It is so widely used that you can expect many of your applications, web apps and services are making use of it. What is the Log4Shell exploit? An attacker can simply send a malicious code string that gets logged by Log4j version 2.0 or higher. The exploit allows an ...
קרא עוד

Customer Testimonial CDW Corporation

Customer Testimonial: CDW Corporation Ruben Chacon, CISO at CDW Corporation talks about how GYTPOL solved his problem of how to deploy a Technical Security Baseline and simplifying the work of his team. https://www.youtube.com/watch?v=L1QtB34zaqc
קרא עוד

Safe Remediation

Managing configurations, patching, and updating system controls is one of the most notably difficult things that any CISO has to deal with.  But it is one of the most critical to manage, as a vulnerable system with an outdated patch level or an excessive access control is a prime target for a hacker.  Data from our research validates this point as known vulnerabilities in applications constitute the primary source of successful cyberattacks statistically. According to a prediction from the analyst firm Gartner – 99% of successful cyberattacks will continue involving vulnerabilities known to corporate executives and leaders.  In other words, almost ALL hacks are ultimately tied to a misconfiguration or lack of configuration management.  Even worse, the high severity flaws, which often go unpatched for years, are highly prone to error and often impossible to defend from ...
קרא עוד

Automated Fixes

Most often I have found that the issue of addressing the problem is more pressing than simply identifying the threat. We have a massive, multi billion dollar, industry dedicated solely to “seeing” threats in our systems but why aren't we fixing those problems at the scale we need to be effective? First, let’s break down what we must do, not what we think we “should” do. We must deal with vulnerabilities as they appear and we must address them just as an adversary or hacker would. After all, that's who is targeting us. To be clear, I'm talking about vulnerabilities and remediation. My simple definition for vulnerability remediation is the process of finding the security weaknesses in your digital infrastructure, then applying remedies to the most-critical issues as quickly as possible to reduce cyber risk. I know however that it is often not that simple. In fact it is ...
קרא עוד

Lateral Movement is the Key Issue

Black Hat USA 2021 was pretty sparsely attended but to be honest we enjoyed the show! Having finally gotten home it took me a week or so to decompress from all the travel and the meetings but I have some thoughts that I think I should share regarding the event. As Matthew Album and I traversed the show floor, we constantly heard the pandemic from users about how they had been driven to digitally transform much faster than they had ever thought possible. This was necessary but it really meant that most of the business suddenly became a digital enterprise, which also meant increased security threats, all coming from new avenues of exploitation. But what we did not hear was how those organizations were addressing the fundamental issue of most of those threats, misconfigurations. . One large enterprise CISO we chatted with noted that “We were forced to change and we did ...
קרא עוד

Misconfigurations – The Real Vulnerability

As a definition, a vulnerability is something, anything that an attacker can target and exploit in order to access an application or environment, or possibly a user.  Hackers in most instances are not much more than your garden variety burglar.  They just use digital methods of theft, instead of the physical ones.  But what they look to target is most often a misconfiguration, which is the same thing as a bank locking their vault door, but keeping the windows open.  One just has to crawl through the window to gain entry, game over. All a burglar, be it digital or otherwise, is a way in and then it is a matter of time and movement for the thief to be successful in their operation. More practically, however, the real difference between a misconfiguration and a vulnerability is that one requires an action to be present, and the other requires the absence of action. A ...
קרא עוד

AD Threats

Active Directory Threats Do threats against your infrastructure’s Active Directory security keep you up at night? Honestly, it should. Active Directory is critical as it controls access to your systems and data. Ensuring that your Active Directory is secure should be one of your main priorities. In this blog I have listed some of the most common Active Directory security issues that an organization most often faces. Do any of these look familiar to you? If so, you should start addressing these issues. 1. Excessive Administrator Accounts In this case “more” is not a good thing. When it comes to your AD system, if you have an overly long list of Active Directory users with Administrative rights and excessive privileges, it’s likely that there is the potential for privilege abuse, which is one of the leading causes of lateral movement for hackers. 2. Delegating ...
קרא עוד

Cyber Workout

Cyber Workout I like to work out! I got the bug when I was serving in the armed forces and it has stuck with me ever since.  I enjoy different and difficult types of exercise that challenge me physically and mentally.  It helps me think, makes me feel good, and over time I see the changes in my health that I value.  To be frank, exercise is critical to me personally.  I think it should be for everyone. I know right now you are thinking, isn't this a cyber security blog?  Why are we talking about exercising? Well let me break that down. My company deals with the fundamental issues that plague our customers.  The deeply entrenched, specific, inherent threats that they often ignore or don't deal with over a period of time, is what we fix.  I think it’s kind of the same thing in taking care of my physical health.  I have to put the work in and deal with the ...
קרא עוד

Cyber Soap

Cyber Soap As a follow on to our last write up about an effective digital vaccine we thought it would be worth pointing out a few facts about a critical topic in the health arena. Soap. Yeah, soap. Before you stop reading let me break down what we have been getting wrong about something as simple as washing our hands during the Covid19 fiasco and detail how that applies to our digital space if we think about it differently. Health bodies around the world recognize handwashing as one of the most important health care steps to prevent the spread of disease. Seriously, washing your hands effectively is noted as one of the most effective countermeasures to stopping the spread of viruses and diseases. The CDC estimates that about 30% of stomach illnesses and up to 20% of respiratory infections can be prevented through something as simple as handwashing: all you need is soap ...
קרא עוד

Stopping cyber pandemics with a digital vaccine

li { font-weight: 300; } Stopping cyber pandemics with a digital vaccine Let’s be honest, ransomware is a pandemic. A pandemic of epic proportions. Think about this WannaCry spread at a rate of roughly 140 computers infected every minute globally. And that single strain of malware infected machines in over 150 countries and caused billions of dollars as it wrought havoc across the globe. Even those organizations that were “protected” were brought to their knees in minutes once an infected machine began spreading that virus. And these types of infections continue to spread at catastrophic speed and are estimated to bring in billions of dollars for ransomware groups as they continue to cook up new methods and tactics for these digital diseases. But why can't we, or aren't we, stopping these infections from occurring? Is there something unique to ...
קרא עוד

Customer Testimonial Check Point Technologies

  Customer Testimonial: Check Point Technologies Jony Fischbein, Global CISO at Check Point Technologies talks about how GYTPOL is helping his organization protect their endpoints and infrastructure [contact-form-7 id="1882" title="Free Demo Form on Blog Page"]
קרא עוד

Customer Testimonial: New American Funding

  Customer Testimonial: New American Funding Jeff Farinich, SVP Technology & CISO at New American Funding talks about how GYTPOL is helping his organization protect their endpoints and infrastructure
קרא עוד

Scripts

 Scripts When you're missing a security check and decide to implement it yourself. Scripts The common method to gather some values when your current security products lacking. Scripts An untrustworthy and narrow implementation to plug a problem. Missing or unautomated REMEDIATION capabilities. A place for human error. Missing reports. Labor sink. When was the last time that you wrote a script? How about optimizing your time and get better results, by choosing the right product to do the job? Try  GYTPOL #scripts   #security   #misconfigurations   #trustnoone [contact-form-7 id="1882" title="Free Demo Form on Blog Page"]
קרא עוד

Identifying a problem does not fix it

    Identifying a problem does not fix it   Take a second and think about that simple statement.  Identifying a problem does not fix it.  Duh, right.  Anyone that has a brain in their head can understand that pretty easily.  It’s not a difficult concept to grasp.  But it is profound in the realm of cyber security.  As if you really take a minute and think about what we spend most of our time doing in this space, we identify a lot of problems but we don't necessarily fix them.  Let me explain a bit more here.   In cyberspace we have about every kind of technology that can be thought of to find and identify problems.  We have a multi billion dollar market built solely around the identification and analysis of threats, ever heard of a SIEM.  We have collective intelligence operations in the public space that rival those of many ...
קרא עוד

You can’t see the forest for the trees!

You can't see the forest for the trees! Did you know? EDR can turn into an attack vector. A very effective cyberbreach: when multiple EDRs are installed on the same computer. They act against each other, and leave the computer wide open! And perhaps even worse - the organization THINKS they only have a single EDR. Let  GYTPOL  find and remediate all those collisions in your network! #misconfigurations   #edr   #xdr
קרא עוד

I already have that in place….or do I?

Ask yourself this question. Most of the time when we talk to a potential client or partner about configuration management they immediately start to counter with “ what they already have in place ”.  Usually they have an approach of trying to shore up what they already know are cyber security fundamental problems by buying more shiny new technology that will fix the issue.  If they get “more” they eventually can fix the issue, is the thinking.  It’s wrong but it’s the most common issue we have to address. But what if we change that first response and instead get them to ask these two questions. What about how I am approaching the problem is fundamentally different than the thousands of other organizations that have failed here?  And is my approach and my technology more viable and more technically capable of limiting the risks that I know I will face? ...
קרא עוד

Strategic Cyber Process Part Three

Is the “problem” many “problems? As part of our process and strategic approach to the problem it is now time to be sure we totally understand the realities of the total problem space.  In other words we don't want to be looking through a microscope, we want a telescope.  We must be sure we have a comprehensive viable solution and we must understand what resources would be required to put that tooling into place. Having a full, clear mapping and visual understanding of what the totality of the problem is and understanding what technologies are in play that are actually enabling the spread of the problem is a key point of success.  This understanding also helps people that are non technical that are both inside and outside the organization quickly grasp the issue.  Here are some questions that should ask as you consider the use of tooling to help you develop ...
קרא עוד

Strategic Cyber Process Part Two

    Don't talk, act.  Don't say, show.  Don't promise, prove.   Justifying the Need to act The purpose of answering the questions in this step is to explain why your organization should attempt to solve the problem.   Is the technical effort aligned with the outcomes that sync with your strategy? In other words, will acting on the technical requirement serve the organization’s strategic goals  and better the business outcomes? It is not unusual in cyberspace for an organization to focus on solving a variety of technical problems that are not necessarily in sync with its overall strategy and is not truly in line with the expected business outcomes. If that is occurring then the question becomes, is the effort justified (the expense, effort, and technical capabilities, or should the entire effort be reconsidered?  If there is ...
קרא עוד

Strategic Cyber Process Part One

      “ If I were given one hour to save the planet, I would spend 59 minutes defining the problem and one minute resolving it, ” Albert Einstein said.   Abraham Lincoln also said “ give me six hours to chop down a tree and I will spend the first four sharpening the axe. ”   Those were wise words from wise leaders and visionaries, but from what I have observed, most organizations don’t really consider that when they think in terms of how to better defend their business and their cyber security infrastructure.    Data tells us that most companies aren’t sufficiently rigorous in defining the reality of the problems they think they must solve, and those that they MUST solve.  Often because of a variety of different factors, including everything from business issues, budgeting, threat proliferation, user ...
קרא עוד

Why is GYTPOL helping organizations with their security posture

    Odds are you have heard the wisdom that a defense is only as good as its weakest point.  Which makes sense.  After all, any strong defensive posture can only hold up if there are no fail points.  But is that really even possible?  Is it possible to be so well defended and so technically adept at addressing the almost enumerable avenues of compromise that an organization faces?     The answer, if we are honest, is no.  That adage about the strongest system having a fail point is accurate and has proven so ever since the Trojan horse brought down the impenetrable city of Troy.  Think about it.  Every major organization that has stated they have multi-million dollar investments in cyber defenses have been hacked.  Even major banks zoomand the DoD juggernauts have been compromised.  No matter how powerful they appeared to be, they all ...
קרא עוד

Moving to the cloud? Leave NTLM behind

In the modern Microsoft environment, NTLM (“NT Lan Manager”) is a security threat you should keep an eye on. Especially when it’s about the cloud environment, Microsoft warns you to deny it before accessing Azure resources. However, things have not always been that way. If you have been involved in Microsoft IT Systems for a long time, you will be familiar with the NTLM authentication protocol. In fact, NT LAN Manager was first introduced as far back as 1993 with the introduction of Windows NT 3.1. In 1994, it was updated to NTLM v2 as part of the NT 4.0 service pack 4 release with some security improvements to prevent replay style attacks. Given that NTLM is a legacy protocol, Microsoft does not recommend it to be used in applications. Kerboros protocol should be used instead. Still, Gytpol’s findings show that in 2020, NTLM is still widely used within enterprises. ...
קרא עוד

Missing OS Patches? Hackers don’t need the backdoor as the front door is now wide open

War is on. Attacks are becoming more sophisticated, hackers are becoming smarter, and so should be the defenders. The attacker eyeing your organization is looking for the misconfiguration that will let them in. So should you. At Gytpol we are always on the lookout for these misconfigurations, as they could be exploited by threat actors resulting in a cyber-attack such as ransomware. Common causes of misconfiguration are human error.  This is where the IT practitioner either lacks the correct skills for the tasks at hand, or they falsely believe that the task has been completed correctly. At Gytpol we frequently witness and report  Software-update  management mistakes. In this post we will cover some of the common ones, and how to find them. Keeping your OS and other applications up to date with the latest patches is important to ensure you have all the critical ...
קרא עוד

How a simple Group Policy setting can prevent a Privilege Escalation from becoming a Lateral Movement

In our  previous blog we wrote about the importance to monitor all endpoints in your organization for the existence of cached credentials. If present, hackers can easily reveal  their hash using Mimikatz. Then, the attacker can use the “pass the hash” technique to gain access to remote machines and services. What can you do about it? Mimikatz and similar tools are only able to access the credential hashes when run as a privileged user such as a local administrator. Mitigation action : minimize privileged user access where possible. Microsoft desktops and servers have a configuration known as the  Debug Privilege .  This is a security policy setting that allows users to attach a debugger to a process or to the kernel.  For example, with debug privilege, one can silently remove all the security agents installed on a device, without raising any alert.On many ...
קרא עוד

Cached credentials are everywhere. Learn how to be protected any time, any where.

When hackers are successful in accessing user credentials, they can access the resources of an organization and cause a lot of damage. This normally happens unnoticed as the platform trusts the user who has successfully been authenticated. Once authenticated, hackers can exploit other common weaknesses caused through misconfiguration and ultimately gain full domain admin access. This is a common attack technique and a challenge for organizations to detect and respond. In a Microsoft Windows environment, credentials are cached on the endpoint. This is sometimes known as cached logon data. This cached information is encrypted using a complex hash known as DCC2 (Domain Cached Credentials version 2). Attempts to decrypt the cache would take far too long, instead a hacking technique known as pass the hash is used. This technique uses the encrypted NTLM hash of the cache credential to ...
קרא עוד

Security Risks When Certifcates Expire

Have you ever wondered what happens when a certificate expires? Certificates are a critical component of keeping a platform operational and secure.   All organization’s assets use certificates.   Servers and Workstations have many certificates and are critical for continuous operations. Certificates expire over a period of time and need to be renewed.   There are no expiry warning messages and IT Admins need to remember to take care of it.  It is common that the renewal is forgotten about.  Why?  Well, except for a lack of good working procedures in an organization, a certificate normally has a duration of 3 years, while the average tenure of an IT professional in an organization is 2 years, it often gets overlooked. So, what happens when a certificate expires?  Whilst it can cause an operational outage for some ...
קרא עוד

What is Endpoint Configuration Security

Configuration. It seems obvious. We all have to do it when setting up and maintaining our environments. In fact, some would say it is the most fundamental and the basic building blocks required to ensure your platform works correctly and according to your organization’s needs. You might also think that performing configurations is not so complicated and why it is relevant to security and preventing cyber attacks on the endpoints of my organization. Before we answer this question, let’s get an understanding of your IT Platform. If your organization is based on a Microsoft environment (like over 80% of all organizations worldwide), then you are familiar with Domain Controllers, Active Directory and Group Policy Objects (GPO). Microsoft first released its NT Server in 1993. Today, the latest version is Windows Server 2019 (released in November 2018). The cloud based product ...
קרא עוד

Maintaining IT Security Compliance of Remote Employees & their Endpoints

The current world events with COVID-19 Coronavirus are unprecedented and has forced employees of businesses and organization to transition to work from home. Typically, a VPN would be implemented to allow remote workers to securely connect to their company network.  When using a VPN, the user would be able to gain access to the IT network and have access to Email, shared folders and other common applications which are deployed in the Data Center at the premises of the company. In recent years, more and more applications are now being hosted in the public cloud and offered as a managed service by the application vendor.  For example, companies are no longer using a Microsoft Exchange Server for their email service, instead they are using  Microsoft Office 365 , which is fully public cloud based offering. There are of course many such examples.  In fact today, most of the ...
קרא עוד