Expert(s):
CEO and Cofounderfeature_status*/ ?>
Edgescan

Comments Dotted : 15
January 19, 2021

Multiple Backdoors And Vulnerabilities Discovered In FiberHome Routers
The root cause appears to be nearly the same, default credentials on an unspecified port.

This is just another example of extremely poor IoT security, similar to how some of the Android BusyBox deployments got hacked in 2016, which later led to a rapid increase in the scale and bandwidth utilised during DDoS attacks.


Previously, this was referred to as a misconfigured admin panel, while now it’s described as a backdoor. The root cause appears to be nearly the same, default credentials on an unspecified port. Should these devices have this capability, who has access, and why do

.....Read More

This is just another example of extremely poor IoT security, similar to how some of the Android BusyBox deployments got hacked in 2016, which later led to a rapid increase in the scale and bandwidth utilised during DDoS attacks.


Previously, this was referred to as a misconfigured admin panel, while now it’s described as a backdoor. The root cause appears to be nearly the same, default credentials on an unspecified port. Should these devices have this capability, who has access, and why do they require access, are questions that need to be asked. This is especially important with the increase in remote working, as organisations may provide a secure laptop for remote work, but a poorly secured router would undermine such controls.


I would be concerned that these implementations would breach some of the laws that have recently been suggested in some jurisdictions, notably the UK’s recent laws which directly target poor implementations of devices such as the below example, with Digital Minister Matt Warman stating “It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.” It should be mandated by legislation, or the provision of a quality “Kitemark”, to signify that a device has satisfied the minimum security requirements in order to be rolled out for IoT.

  Read Less
January 15, 2021

Ring Is Testing End-To-End Encrypted Videos For Their Smart Doorbells
End-to-end encryption should be standard, not something people have to opt in to, in my opinion.

End-to-end encryption should be standard, not something people have to opt in to, in my opinion. Consumers who purchase IoT devices such as Ring may not be savvy enough to consider the implications of no end-to-end encryption. Vendors should provide strong security controls when it comes to the protection of consumers privacy, and these should be enabled by default. Not enabling end-to-end encryption in relation to physical security devices such as Ring may lead to unauthorised monitoring of

.....Read More

End-to-end encryption should be standard, not something people have to opt in to, in my opinion. Consumers who purchase IoT devices such as Ring may not be savvy enough to consider the implications of no end-to-end encryption. Vendors should provide strong security controls when it comes to the protection of consumers privacy, and these should be enabled by default. Not enabling end-to-end encryption in relation to physical security devices such as Ring may lead to unauthorised monitoring of consumers’ home and turn into a physical security risk.

  Read Less
June 22, 2020

Experts Reaction On Australia Targeted By ‘Sophisticated’ Cyber Attack – By ‘State-based’ Actor
Nation state actors will hunt for anything which will give them a foothold across the full stack of a network.
Nation state attacks are not uncommon and occur on a continuous basis so it’s interesting that this was highlighted by the Australian government. There is a general belief that government networks and systems, of which there are thousands, with network the scale of a huge enterprise, are underfunded and less secure than private corporation systems. Nation state actors will hunt for anything which will give them a foothold across the full stack of a network. The challenge for governments .....Read More
Nation state attacks are not uncommon and occur on a continuous basis so it’s interesting that this was highlighted by the Australian government. There is a general belief that government networks and systems, of which there are thousands, with network the scale of a huge enterprise, are underfunded and less secure than private corporation systems. Nation state actors will hunt for anything which will give them a foothold across the full stack of a network. The challenge for governments is trying to stay on top of the constant flow of new vulnerabilities that are discovered on a daily basis. When securing systems at such a large scale, continuous visibility is of paramount importance in order to detect and mitigate weakness in a timely manner. Continuous testing and vulnerability detection is also key. The days of annual, once-off pentesting just don’t scale to defend against industrial level hacking by nation states or large cybercrime groups.  Read Less
May 19, 2020

Industry Experts On Verizon DBiR 2020
Contributing to the Verizon DBiR helps us as an industry move the dial in a positive direction.
Contributing to the Verizon DBiR helps us as an industry move the dial in a positive direction. We can't improve what we can't see. The idea of "the great and good" in the industry contributing together provides a realistic snapshot of what matters In cybersecurity today. I'm very proud of and grateful to the folks in VDBiR for all their hard work.
May 14, 2020

Experts Reaction On DHS CISA and FBI share list of top 10 most exploited vulnerabilities
It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues.
The DHS report appears to align what we are seeing in the wild, detailed in the Edgescan Vulnerability stats report. CVEs are an attack vector which should be mitigated with good patching and/or maintenance procedures. It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues. Web application vulnerabilities should also be mentioned, as they open organisations up to code injection attacks and client-side browser attack......Read More
The DHS report appears to align what we are seeing in the wild, detailed in the Edgescan Vulnerability stats report. CVEs are an attack vector which should be mitigated with good patching and/or maintenance procedures. It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues. Web application vulnerabilities should also be mentioned, as they open organisations up to code injection attacks and client-side browser attack. Ultimately, attackers don’t care where the vulnerability is, which is why a full-stack vulnerability management approach is advised in such a fast-changing threat landscape.  Read Less
February 11, 2020

Dell SupportAssist Bug Exposes Business, Home PCs To Attacks
Obviously patching of systems on a continuous basis is also key to any robust cyber security posture.
Agents such as SupportAssist have access to users device in an autonomous way in order to monitor both hardware and software. SupportAssist agent’s minimum requirements are administration access privileges. This level of privilege combined with a vulnerability associated with remote code execution (RCE) could easily become widespread and very disruptive, and could potentially affects millions of PCs globally. In a corporate environment, I'd suggest removing SupportAssist from all machines. .....Read More
Agents such as SupportAssist have access to users device in an autonomous way in order to monitor both hardware and software. SupportAssist agent’s minimum requirements are administration access privileges. This level of privilege combined with a vulnerability associated with remote code execution (RCE) could easily become widespread and very disruptive, and could potentially affects millions of PCs globally. In a corporate environment, I'd suggest removing SupportAssist from all machines. It does not provide much value to corporate users. The idea of having agents enabled on a computer, running with administration access which can send data outside the corporate network, is a risk that should be removed. Obviously patching of systems on a continuous basis is also key to any robust cyber security posture. If you have never used SupportAssist, I would advise users to remove it. The same rule stands for any software on your computer. With more "moving parts" there are, the more complex it become to secure the attack surface and the larger becomes the risk.  Read Less
January 23, 2020

Jeff Bezos’ Phone Hacked By Saudi Crown Prince – Expert Comments
oram Golandsky is the VP of technologies and Infosec at the NSO group.
NSO develop spyware and malicious payloads for sale to the highest bidder. They sell to many nation states which have questionable human rights records and oppressive regimes. They are known for their Pegasus spyware, designed to deliver remote surveillance via infection of personal devices. Such software is used by nation states to undermine and monitor activists, journalists, free speech advocates and corporate espionage. The Israeli department of defence licensed the sale of Pegasus to.....Read More
NSO develop spyware and malicious payloads for sale to the highest bidder. They sell to many nation states which have questionable human rights records and oppressive regimes. They are known for their Pegasus spyware, designed to deliver remote surveillance via infection of personal devices. Such software is used by nation states to undermine and monitor activists, journalists, free speech advocates and corporate espionage. The Israeli department of defence licensed the sale of Pegasus to nation state but not private entities. Yoram Golandsky is the VP of technologies and Infosec at the NSO group, and spoke at OWASP AppSec Tel Aviv 2019, despite many objections. NSO are considered unethical by many in the cyber security community, given that they develop offensive technology which undermines many organisations’ cyber defences.  Read Less
December 09, 2019

CEO Comments On 44 Million Microsoft Users Reused Passwords In Q1 2019
Solutions such as multi-factor authentication help solve the password reuse issue.
Why do people reuse passwords? Because they have way too many to remember. Work passwords, utilities, banking, laptop account logins etc etc. How can an average person remember so many? Furthermore, a regular user does not use a password vault or storage solution, regardless of the recommendations. The rub with password reuse across many services is that if one service is breached, the disclosed password is often used in credential stuffing attacks that try to access other services and.....Read More
Why do people reuse passwords? Because they have way too many to remember. Work passwords, utilities, banking, laptop account logins etc etc. How can an average person remember so many? Furthermore, a regular user does not use a password vault or storage solution, regardless of the recommendations. The rub with password reuse across many services is that if one service is breached, the disclosed password is often used in credential stuffing attacks that try to access other services and websites. This type attack is becoming more and more common, and it bets on the widespread habit of users reusing their passwords. Solutions such as multi-factor authentication help solve the password reuse issue, as they also require a one time password at time of login which changes every time.  Read Less
December 03, 2019

Security Expert On Facebook Announces Innovation In Data Portability With A New Photo Transfer Tool
The data that can be ported is data which Facebook "observes" about the user.
Data portability recently became a legal requirement in certain places through laws such as GDPR and the California Consumer Privacy Act ("CCPA"). This is Facebook's attempt to address this requirement: California's new data portability provision will become effective in 2020, and governments in Asia and elsewhere may also soon pass laws supporting portability. The data that can be ported is data which Facebook "observes" about the user, not data that the service provider infers about them.....Read More
Data portability recently became a legal requirement in certain places through laws such as GDPR and the California Consumer Privacy Act ("CCPA"). This is Facebook's attempt to address this requirement: California's new data portability provision will become effective in 2020, and governments in Asia and elsewhere may also soon pass laws supporting portability. The data that can be ported is data which Facebook "observes" about the user, not data that the service provider infers about them (Metadata, Analytic data). This according to their privacy whitepaper on data portability. I'd guess once this is more available and commonplace, attacks in relation to "Slurping" individuals' data via data portability will occur, but the strength of technical controls to only supply such data to authorized individuals and third parties remains to be seen.  Read Less
November 22, 2019

Expert Insight On New Phoenix Keylogger Tries To Stop Over 80 Security Products To Avoid Detection
The malicious software is available to buy for $14.99 per month of $78.99 for a lifetime subscription.
The Phoenix keylogger is advanced and production quality. It can not only log keystrokes, but also capture screenshots. This could be used to defeat multi-factor authentication schemes. It leverages a CVE CVE-2017-11882, which is a Microsoft office vulnerability relating to Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016, and allows an attacker to run arbitrary code. The risks posed by this.....Read More
The Phoenix keylogger is advanced and production quality. It can not only log keystrokes, but also capture screenshots. This could be used to defeat multi-factor authentication schemes. It leverages a CVE CVE-2017-11882, which is a Microsoft office vulnerability relating to Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016, and allows an attacker to run arbitrary code. The risks posed by this vulnerability make a good argument for patching and maintaining current versions of internal systems and software. The malicious software is available to buy for $14.99 per month of $78.99 for a lifetime subscription. The quality of this malware is a true depiction of the maturity of the malware marketplace. It is recommended to maintain patching on internal machines and systems in order to help prevent infection. This malware also exfiltrates data via Telegram/FTP/SMTP protocols, which organisations may considered to block at the corporate firewalls from certain systems. Alternatively, stateful rules could be applied as a preventative measure.  Read Less