
The important bit to understand is that there are hundreds of ways to download code on a windows system, of which finger is just one in the lot. The technique as such is called LOTL, or Living Of The Land, essentially attackers have minimal code that attempts to use as many tools and features as possible when attacking a system to evade detection. The use of finger, or any other such existing binary, is not the cause of the initial infection, or a vulnerability, the code execution occurs when
.....Read More
When we researched Ring equipment when they hit the market, they carried all the hallmarks of IoT technology rushed to market, including undocumented possibilities to extract the Wi-Fi passwords from the devices and a range of other risks privately disclosed to Ring at the time. It is good to see that those issues are long gone and that the vendor is pushing forwards to increase the control over information it offers to its users. It should be noted however that adding encryption for the feeds
.....Read More
Usually when you talk about hacking, you talk about vulnerabilities, which are flaws in software, and we talk about configurations or the human element. In this case, the flaws we see are all related to users configuring those servers leaving files exposed and software misconfigured. Those are flaws in usage, not flaws in software. It is in parts further concerning as those systems were internet exposed, and in turn, held credentials for other systems. With access to some of the indicated
.....Read More
It is a basic security control to change the vendor default passwords whenever a system is deployed. From the nature of the content, this should be a production system and reviewed prior to having the source code uploaded. This basic control forms part of most organizations ISMS standards, i.e. ISO27001 policies and regulations internally. As Nissan Japan had their 9001 certificate revoked in 2017 by authorities it is not the first time the successful implementation of good plans and strategies
.....Read More





