Fortalice Solutions continues to monitor a pro-Russia hacking group, known as “KillNet,” that is targeting U.S. hospital systems and executing distributed denial of service (DDoS) attacks. Fortalice wants to offer a follow-up advisory for our clients given that KillNet has significantly modified and escalated its approach and tactics. There are proactive measures to counter possible attacks that hospital systems across the United States can adopt immediately.
“KillNet” – a pro-Russia group known for distributed denial of service (DDoS) attacks in nations opposed to Russia’s invasion of Ukraine – attacked at least 14 websites of prominent hospital systems in the United States, knocking their public-facing websites offline temporarily. Impacted organizations have noted only short-term disruptions to their websites and no impacts to the targets’ operations. DDoS attacks can be caused when an organization’s websites are flooded with incoming network traffic, thereby overwhelming the system.
T-Mobile announced on January 19 that it was reviewing a November 2022 data breach, potentially impacting 37 million accounts through one of its APIs. This advisory is intended to help our clients understand the urgent need to understand and review their API security, while also summarizing recent T-Mobile breaches.
There are many facets to preparing your organization for a major cyber incident. Incident response playbooks, proper network hardening, and multiple levels of employee cyber hygiene training are par for the course. In theory, these solutions should ensure you’re ready for any cyber threat. But how can you be sure all of that will pay off when you’re faced with a real-world scenario? Enter, tabletop exercises.
For a newly minted chief information security officer (CISO), the first 90 days are a time of both peril and possibility. If CISOs move too fast or push too hard, they risk alienating the organization. Move too slowly and new CISOs risk squandering their momentum and honeymoon period. Experienced CISOs tell Endpoint how they navigated their first few months on the job. Here’s how to navigate your new role.
Two vulnerabilities for hosted Microsoft Exchange servers (CVE-2022-41040, CVE-2022-41082) have been identified as currently being exploited in organization environments. The vulnerabilities only exist within hosted (on premise) exchange servers and Microsoft reports the Microsoft Exchange Online has protections in place. Many clients have migrated their user base to Exchange Online or Microsoft Office365 but there may still be Exchange servers operating in the environment, being used for mail relays and other IT functions.
Fortalice Solutions is proud to announce it has signed on as Champion for Cybersecurity Awareness Month 2022. At Fortalice Solutions, we believe preparation is the best strategy to protect organizations from cyber threats and crime. We transform a reactive security model into a proactive, results-based model of protection. Fortalice Solutions, led by the first woman to serve as White House Chief Information Officer, Theresa Payton, is comprised of passionate practitioners who provide organizations with clarity of priority, approach, and security design.
Fortalice Solutions CEO and Founder, Theresa Payton has announced the promotion of Bridget O’Connor and Melissa O’Leary to the position of Partner of Fortalice Solutions.
Back in when I was getting started as a junior pentester, I vividly remember reading @byt3bl33d3r's 2017 post: Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). I still recommend checking this out if you haven't already - it will cover the basics of NTLM relaying and background on some of the confusing pieces ([Net]NTLMv1/2 anyone?) that there's no need for me to repeat here. There's also a plethora of other great NTLM relay blogs and resources that I'll try to link to throughout this post, while I attempt to touch on the ever growing library of NTLM relay uses after 2021 introduced several new relay vectors.
The notification provided to Mimecast from Microsoft indicated that several certificates issued by Mimecast had been compromised by a sophisticated threat actor.
Fortalice CEO & Founder Theresa Payton discusses the Fortalice difference and her new book, Manipulated Inside the Cyberwar to Hijack Elections and Distort the Truth.