Raspberry Pi used to hack NASA – Lack of basic security controls to blame.

Critical Path Security has spent quite a deal of time using Raspberry Pi devices for adversarially-based physical penetration tests, with the hope of compromising the client business network. It is one of the most successful tactics that are employed, as the devices are quite small and versatile. Using a battery pack and a small WiFi antenna, Critical Path Security has proven hundreds of vulnerabilities in some of the most well-defended networks in the world. This has led to increasing the security posture of our customers. When we read the most recent breach report, there was little surprise to find that NASA Jet Propulsion Laboratory (JPL) was unable adhere to the NIST standards, including the 1st requirement which is "Inventory and Control of Hardware Assets". It is a vast, interconnected network of 26,174 computer systems with 3,511 being servers. With the extensive distribution of legacy systems, the ability to breach a…

Comments Off on Raspberry Pi used to hack NASA – Lack of basic security controls to blame.

XENOTIME Now Targeting Electric Utility Companies

Xenotime, the hacker group that was first observed in 2017 when it sabotaged the safety equipment of an oil refinery in Saudi Arabia. At the time, it was able to access the ICS portion of the network through traditional lateral movement. It matters as Triton was designed to be not only destructive but to do so in a way that could harm or kill people. One Information Security group indicated that there are only three groups currently known to focus on this outcome, but Critical Path Security staff have observed more. Though we've worked with Electric Membership Organizations and observed several breaches, we can't definitively tie the incidents to Xenotime.  However, we're confident that their tactics would prove effective. Dragos has stated that "Trisis has been observed doing some of the slow, deliberate groundwork to launch an attack.". We believe that Industrial Control Systems are experiencing increased attacks due to…

Comments Off on XENOTIME Now Targeting Electric Utility Companies

Google Plaintext Password Warning

Google announced today that they have accidentally stored user passwords unprotected in plaintext. Google says that the bug affected "a small percentage of G Suite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords in a cryptographic hash. However, a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of the admin console. Google has disabled the features that contained the bug. Google is in the process of notifying G Suite administrators, and says that it will also automatically reset any impacted passwords that haven't already been changed. The company discovered the bug in April. Since all impacted passwords that haven't already been changed will be auto-reset by Google, you should focus on adding two-factor authentication to your G Suite account…

0 Comments

Urgent Security Vulnerabilities Released!

In the last 24 hours, Critical Path Security has seen a couple of critical vulnerabilities that could affect your IT infrastructure and employee communication streams. Here is what you need to know: Microsoft Remote Desktop Services Remote Code Execution Vulnerability Remote code execution vulnerabilities are considered to be the most effective means of breaching networks and spreading malware. It allows an adversary to compromise systems with relative ease. In most cases, this can result in circumvention of perimeter security technologies protecting internal corporate networks from attackers on the public Internet. Microsoft has released a patch which fixes a serious remote desktop services remote code execution vulnerability (CVE-2019-0708). This vulnerability affects Windows XP, Vista, 7, Server 2003 and Server 2008. The patch has been made available to currently supported operating systems, which are Windows 7 and Windows Server 2008. In a rare move, Microsoft is also releasing update for Windows XP…

0 Comments
Close Menu