JUSTFORTHESHELLOFIT

Hardware Supply Chain Risks

The need to deploy the latest server hardware in recent years has been increased due to risks that companies face because of security flaws in processors. These flaws are steadily increasing and affecting newer equipment at an alarming rate. Given the current state of dealing with the “Black Swan” event that is the COVID-19 pandemic,Continue reading “Hardware Supply Chain Risks”

BOLA is Super-Contagious

Given the choice of having IDOR or BOLA, which do you think is preferred? The correlation of Ebola Virus Disease aside, it should be noted that both IDOR and BOLA are one in the same. IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) are abbreviations reserved for manipulating object ID’s via API’sContinue reading “BOLA is Super-Contagious”

Cybersecurity Weapon Control

While gun control in the United States is a very passionate topic for some, cybersecurity weapons are freely available to those that have the inclination to obtain them. With the recent disclosure of several cybersecurity tools (including the paid for Cobalt Strike) this may spark another conversation of regulation of software. Should we be requiredContinue reading “Cybersecurity Weapon Control”

Security Responsibilities that are a Bit Cloudy

When it comes to securing data in a cloud environment, the responsibility for security can be a bit cloudy. While cloud providers do clearly state who is responsible depending on the level of service, ultimately the responsibility should be shared by all parties involved. Albeit in storage, transfer, or process, data security should be managedContinue reading “Security Responsibilities that are a Bit Cloudy”

BYON: The Next Big Security Risk

Bring Your Own Networking (BYON) appears to be the newest “Bring Your Own” fad given the drastic increase in remote work.  When one looks around there is not a lot of information out there. It is no wonder when considering how similar BYON and BYOD (Bring Your Own Device) are. They both can boost productivity,Continue reading “BYON: The Next Big Security Risk”

Don’t be a Bad Neighbor

This last Tuesday has come and gone and we are left with another high ranking vulnerability being patched by Microsoft during their monthly upkeep. CVE-2020-16898, aka “Bad Neighbor,” discloses an IPv6 vulnerability “which allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system” according to Steve Povolny and Mark BerezaContinue reading “Don’t be a Bad Neighbor”

ZeroLogon Required

Secura’s Tom Tervoort recently revealed the details for why you should have zero tolerance when patching ZeroLogon available in this white paper. There is also a proof of concept (POC) exploit now available on github. This vulnerability takes advantage of what is referred to as “a flaw in a cryptographic authentication scheme used by theContinue reading “ZeroLogon Required”