Importance of OT Security and Why It's Matters?
#security #operationaltechnology #cybersecurity #cyberheroes #firewallsecurity #tekginger

https://tekginger.com/importance-of-ot-security-and-why-its-matters/

While I am at it anyway; #Phishing meets #SMB: Exploiting network trust to capture #NTLM hashes (#pentesting fun)

One effective phishing method leverages SMB connections to capture #NetNTLM hashes for offline #cracking, providing attackers with credentials for the next phase (for example social engineering or other tech attacks). Oh; BIT B.V. (bit.nl) did send my a set of abuse mails, … sorry 😆 … but very nice and thx 🙏🏼, anyway;

Exploit Path: Initial Phishing Vector: The attack starts with a phishing email or download website or something something, containing a payload (e.g., a malicious document or shortcut file, whatever, choose your poison).

The payload initiates an SMB request to the attacker-controlled server (`\\<C2IP>\share`), tricking the victim’s system into authenticating with it. Modern browsers like edge won’t fly; you need to get a bit more creative to execute this and no it’s not a hyperlink. Think Java. Or macro (although; meh).

Then we have SMB Request Redirection: Tools like Responder on the attacker’s C2 server capture NetNTLMv2 hashes during these authentication attempts. This works over IPv4 and IPv6, with IPv6 often prioritized in networks and less monitored. Hence #mitm6. But that’s another story.

Captured hashes are cracked offline using tools like #Hashcat, potentially giving credentials for further attacks. It’s also an excuse for my new RTX 5090 card. 😉

Observations from recent penetration tests where I executed this attack;

-Firewall Rules: not excisting … at all. 🥹
Many environments have outbound 'any-any' rules on firewalls, even on critical nets like Citrix farms. This unrestricted outbound traffic allows SMB authentication requests to reach attacker-controlled servers on the internet. And there is something with remote workers and open internet access lately…
-#Azure and #2FA Gaps, here we go again (see https://lnkd.in/g2ctMEDG); 2FA exclusions are another common issue:
- Trusted locations (e.g., `192.168.x.x` or specific IP ranges) configured to bypass 2FA/MFA.. intended to improve usability, such exclusions can be exploited once an attacker gains access to these "trusted" locations; simply put a VM inside a 192.168 range and chances are…. Good.

These misconfigurations reduce the effectiveness of otherwise robust security measures like MFA and firewall segmentation, giving attackers unnecessary opportunities.

The Takeaway: Attackers thrive on overlooked gaps in configuration. Whether it's outbound "any-any" firewall rules or MFA bypasses for trusted locations, these lapses provide unnecessary pathways for compromise. By combining phishing, SMB exploitation, and tools like Responder, we can target foundational weaknesses in even hybrid environments. I’ve seen soc’s only respond after mission target; because most are monitoring just on the endpoint (EDR/XDR), poorly.

#CyberSecurity #Phishing #SMB #NTLM #MFA #FirewallSecurity #infosec

The meme is absolutely intended as shitposting. Sorry 🤣

💡 Did you know that SQL injections remain one of the top vulnerabilities in web applications? Cisco’s October 2024 Security Advisory highlights critical flaws that can lead to unauthorized data access and system modification.

What’s your best practice for protecting against SQL injection attacks? Let’s share strategies!

Learn more about these vulnerabilities and how to secure your systems in our latest post: https://guardiansofcyber.com/cybersecurity-news/cisco-oct-2024-advisory/

#Cybersecurity #SQLInjection #DataProtection #GuardiansOfCyber #FirewallSecurity #VPN #InfoSec #CybersecurityTips #Cisco #Guardians

🚨 Did you know 37% of organizations struggle to detect threats hidden in encrypted traffic? 🚨 In today’s multi-cloud world, having the right Firewall Security Manager is essential for staying secure and compliant.

💡 A centralized firewall management tool can streamline security policies, automate compliance checks, and improve visibility across your cloud infrastructure.

🌐 How do you manage your network's security policies? Share your thoughts and tips!

Check out our full guide here: https://guardiansofcyber.com/solutions-best-practices/firewall-security-manager-how-to-choose-best-guide/

#Cybersecurity #FirewallSecurity #GuardiansOfCyber #DataProtection #CloudSecurity #ThreatDetection #Compliance #MultiCloud #SecurityManagement

Not sure if a traditional firewall is for you? Next-generation firewalls are like firewalls with superpowers. However, they come with challenges. The feature that allows most of their advanced functions is decryption, and that has lots of potential downsides. Knowing your environment, users, and use cases is key in deciding what your next firewall will be.

#firewalls #NGFW #howToChooseAFirewall #firewallSecurity #negativePID

https://negativepid.com/how-to-choose-a-firewall-for-your-business-traditional-firewalls-vs-next-generation-firewalls/

"🔒 Sophos Backports RCE Fix: Proactive Response to Firewall Vulnerabilities 🛡️"

Sophos addressed a critical code injection vulnerability (CVE-2022-3236) in their firewall's User Portal and Webadmin, facilitating remote code execution. Originally fixed in Sep 2022, Sophos proactively backported this fix to unsupported EOL firmware after recent exploit attempts. This move underscores the risk EOL devices pose and highlights the importance of timely updates. Sophos' swift response with an auto-applied hotfix for 99% of affected systems showcases a strong commitment to cybersecurity. 🚨🖥️

For those unable to update, restricting WAN access and using VPN or Sophos Central is advised. Stay vigilant and keep your systems updated!

CVE-2022-3236 Details: A code injection vulnerability allowing remote code execution in Sophos Firewall versions up to v19.0 MR1.

Article by Bill Toulas BleepingComputer🔗

Tags: #Sophos #Cybersecurity #FirewallSecurity #VulnerabilityManagement #RCE #CVE20223236 #InfoSec #EOLRisk #SystemUpdates 🌐🔑🛡️

https://redbeardsec.com/firewall-security-a-vital-component-of-your-cyber-strategy/

Just like a castle needs walls to keep enemies out, your computer needs a firewall to keep cyber threats at bay. #FirewallSecurity #CyberStrategy #StayProtected #cybersecurity #cyberawareness #dataprotection #datasecurity

Secure your network with a firewall! #FirewallSecurity is essential for protecting your data and systems from malicious activity. #CyberSecurity #ProtectYourData #SecurityAwareness

https://redbeardsec.com/firewall-security-a-vital-component-of-your-cyber-strategy/