7th installment of Milton's Q&A, addressing the what and how of attack vectors: What are attack vectors? How do hackers use attack vectors? What kind of impact can attack vectors have? How do we use attack vectors against malicious actors?
6th installment of Milton's Q&A, this time diving deeper into data collection through our Milton Argos Collection Engine (MACe)
In an effort to strengthen and broaden the ability to support customers, Milton announces the launch of a new range of on-demand Expert Services.
5th installment of Milton's Q&A. This week we answer the question: How does incident response work?
4th installment of Milton's Q&A regarding the question of whether we can work with a client's tools.
Personal information is being shared across the internet, but not only by hackers.
3rd installment of Milton's Q&A. This week we are looking at the difference between MSSPs and MDR.
This is the second in a 12-part series where we crowdsource questions around cybersecurity basics and answer them in an attempt to increase knowledge and awareness around network attacks and data security.
This is the first in a 12-part series where we crowdsource questions around cybersecurity basics and answer them in an attempt to increase knowledge and awareness around network attacks and data security.
It has been 14 days since the public announcement of the Exchange Vulnerabilities. It has also been one of the busiest periods for almost all IT shops, across every size of organization because of the patching, the forensics, the mitigations, etc.
Today in Spokane Washington Federal Court, the US Government unsealed indictments against two Chinese citizens for numerous charges related to hacking, gaining illegal access to systems, wire fraud, identity theft, and theft of trade secrets.
13th Anniversary of the founding of Milton Security !!!
FULLERTON, Calif., December 27, 2018 -- Milton Security Group, Inc.®, a leading cybersecurity company that offers 24/7 monitoring, threat hunting and incident response, is pleased to announce the appointment of two Vice Presidents and one Director.
History as we know it, is recorded; somewhere by someone or something. We learn from these historical documents. They are entered as evidence in legal proceedings. We use these documents and pictures as a means of learning and education, to ensure we do not repeat past failures. To find the flaws and to correct as we go. There are careers around collecting evidence, storing it, and interpreting it. There are history classes, from ancient history to 20th century history, to teach others what, how and why something occurred.
Of course when Jim was writing his last blog post, the embargo was ending on two major vulnerabilities within a range of CPU processors (aka Spectre & Meltdown). With Spectre & Meltdown (all three current variants), we are looking at a vulnerability possibly as far reaching, if not worse than heartbleed and bash bug. At its basis, it appears this attack can advance the chips prediction processes out of order, forcing a wrong process and permitting access to a process that wouldn’t intentionally have occurred.
First, this is not one of those far reaching blog posts full of marketing speak, fear, uncertainty or doubt to get you to buy blinky lights. My personal goals for 2018 include, writing, sharing, and helping others more often. This past weekend, I started thinking about how I would accomplish this in 2018, when a Talking Heads song popped into my head, and I found it very apropos. Growing up in the 70s and 80s I was introduced to a lot of great music (some call it classic rock, but it is just great music). The song that came to me was “Once In A Lifetime” and I found so many corollaries to Cyber Security in this song, I felt I should share with you.
An average organization has more than 50 technologies deployed that assist in keeping its most valued assets protected against a variety of attacks and adversaries but not enough experts to manage them. Moreover, how do organizations align their compliance efforts, defensive controls, and other security efforts with the business' goals?
A vulnerability was found by James Forshaw of Google Project Zero in January that exploits a bug in Windows COM Aggregate Marshaler that an attacker can use to elevate privileges. It gave Microsoft 90 days to patch, which they have with last month’s security updates.
It is 2017, and gaining unauthorized access to systems is getting easier and easier. Seems a Biker Gang gained access to a key database for Jeep vehicles. Using this database they were able to look up VIN's for 150 Jeep Wranglers in San Diego county, duplicate their keys, and make off with the vehicles which wound up in Mexico.
Much like the EternalBlue exploit that was released in April 2017 after being stolen from the NSA, Samba was discovered to have a remote code execution vulnerability as well. Dubbed ‘EternalRed’ by industry-types, this vulnerability dates as far as 2010. So even if you chose the red pill thinking Linux was a safer alternative, for 7 years you were just as vulnerable as those using Windows. Samba version 3.5.0, the version that introduced the flaw, was released in March 2010. The bug causing this vulnerability is in the is_known_pipename() function. The Samba project maintainers wrote an advisory on May 24th urging anyone running a vulnerable version (3.5.0 - 4.5.4/4.5.10/4.4.14) to install the critical patch as soon as possible or risk certain pwnage.
In Early April, an advisory was released for CVE-2017-0199, the vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files.Patches that were released included mitigation for Office 2007/2010/2013/2016 and Wordpad for Windows versions Vista/7/8/2008/2012. It's related to the Windows Object Linking and Embedding (OLE), it can be exploited through a Microsoft Word RTF (Rich Text Format) file, which contains an embedded OLE2link object. The code sends an HTTP request to a remote host and retrieves a .HTA (HTML Application) file. HTA files have been around since 1999 and have the ability to run scripting languages such as VBScript or JScript. For all intents and purposes they are essentially treated as an executable file when opened. Microsoft Word and Wordpad uses the file handler for application/hta through a COM object, which causes mshta.exe (Microsoft HTA application) execute the malicious script.
A few weeks ago ShadowBrokers released a dump of NSA/EquationGroup tools used to exploit various machines that they previously tried to auction off unsuccessfully. One of the exploits was for Windows SMB RCE which allowed an unauthenticated attacker to gain System-level privileges on target machines remotely by sending a specially crafted packet to a targeted SMB server. Microsoft quietly patched this as MS17-010 a month before, in March, before the dump was even made public. Although the dump was supposedly stolen around 2013, this affected Windows machines from Win2k up to Win2k16. Most reliable targets were Win7 and Win2k8 R2.
Preface: You likely don’t know me, and that’s ok. In fact, it’s generally how I like it to be. I want to change the world, not just plaster my name all over it as some sort of gratuitous ego stroke.
Security is a big field that continues to grow year after year. Companies around the world keep innovating and creating products that are prime for hacking. When you take a hard look at how to protect yourself, you begin to feel like this is just a big game of chess, moves and countermoves. Luckily though, you can turn this game of chess into a team sport. Adding a chess grandmaster to your team only seems fair.
Lately my focus has been on looking at traffic. Whether it’s the traffic visiting the AsTech website, traffic at a client site that seems to indicate they are under attack, or traffic on a LAN segment, traffic is flowing all the time. So, I started to wonder, what is all this traffic?
There are many tasks for a development team to take on in the cyber security world, some are small and extremely complex while others are simpler but far larger in scope. One item in this later group is a process of what I like to call augmentation, or third party support, and it can be truly grueling in its own fashion. For us, augmentation is the need to support and provide checks and balances for other security measures by using our position as the access and admission control arbiters.
I read articles almost daily about the skills gap and lack of qualified personnel within the Information Security profession. Just recently, Forbes ran an article that stated by 2019 there will be a shortage of 2 million cyber security jobs. Entrepreneur ran an article entitled “Why you Should Consider Outsourcing Computer Security.” In that article Edward Ferrera states “security is so hot that good people are hard to find.”
I had a couple of weeks of transition and I was talking with my friend Jim McMurry and he was telling me he could hardly believe he started his company, Milton Security, 10 years ago. Wow! 10 years I thought, from an idea and a desire to a company that has had ups and downs and seen competitors come and go. 10 years of growing a business into something that he is still proud of and that hasn't lost its family feeling, and that feeling isn't going anywhere. Jim invited me to come out and see the new building and his new project, and just be yet another security guy to walk through the door and be embraced by Milton.
This is an important year for me personally, and for the Milton family. Since starting Milton Security in 2007 I have always tried to make every new hire, and every new customer, a part of the Milton Family.
German Prosecutor Office in Cologne and the German Federal Police announced today they have arrested a British National who they are accusing of being the mastermind behind last years Internet of Things attack (MIRAI attack).
Over the past 10 years that we've grown Milton Security, our strategy has always been to assist our clients in mitigating risk, securing their assets and to go above & beyond expectations. Now we are improving our strategy to include a SOC Service.