Insights

Throughout the evening, Critical Path Security was made aware of an attack on high-profile users of Twitter. This attack was used to facilitate the generation and collection of BitCoin and other cryptocurrency revenue. At this time, all indications point to this attack being one of unauthorized access to an internal management toolkit. The screenshots of this toolkit are shown below. What is undetermined at this time is if an internal employee was part of this attack. The following statements were made by the criminals to the Motherboard publication. "We used a rep that literally done all the work for us," one of the sources told Motherboard. The second source added they paid the Twitter insider." What is clear is the proper security around administrative tools at Twitter was insufficient for the risk they accepted by providing a social media platform to over 330 million accounts, including most of the 10…

Léargas Security has launched its most recent upgrade of Collector, a built-in feature of its Léargas SIEM platform, designed to bring comprehensive visibility into leaked data due to the increase of businesses operating in the work from home (WFH) era. Léargas Collector employs a vast array of scrapers, bots, and crawlers. Collector currently monitors over 22,000 TOR sites, social media, IRC, forums, and paste sites and continually extracts data for further investigation. Once an artifact is initially processed, NLP deep learning algorithms work to classify text and sentiment. All of that data is correlated and delivered to the platform. An important note is the platform now records and stores portions of the artifacts collected, both on the public web and dark web that Léargas believes are relevant to our clients as well as our mission to stop violent threat actors and prevent COVID-19 crime. Due to the shortened average lifespan…

Security researchers recently disclosed that they have discovered a handful of game-changing vulnerabilities that spell disaster for multitudes connected devices.  This past week, security company JSOF unveiled 19 CVEs – four of them critical remote code execution flaws – in a low-level networking software library that renders millions of devices vulnerable to exploitation. The researchers have labeled the set of vulnerabilities as Ripple20. The researchers have stated that the bugs will enable attackers to take control of internet-facing devices. Unfortunately, these vulnerabilities could lay dormant for years without bringing awareness to the consumer. As we've experienced with similar vulnerabilities, we expect these bugs to be leveraged in far widespread attacks, such as Mirai Botnet, or used as pivot points into corporate and home networks.  Critical Path Security and Léargas Security have partnered to deliver Suricata and Zeek detections to protect customers. Additionally, all Suricata rules will be updated and made available to…

One of the greatest challenges to organizations during the pandemic has been communications. When we send everyone home and the impromptu hallway meetings stop, what paths does information find to rebuild itself? As we've come to find, the resilience of corporate communication is akin to the flowing of a river. It will find the path of least resistance and move forward. Often, this comes in the form of email forwarding from the organization to personal email accounts. What does that mean? You likely have no idea where corporate information is ending up. Before the pandemic, Critical Path Security worked very closely with the Léargas Security team to visualize very specific information from the Azure and Office 365 platforms. In particular, email forwarding. Who's doing it? Why are they doing it? Why should you care? Your users may see this as a convenience. Unfortunately, you have no tracking capabilities of communication(s)…