Categories
Security

MyIP.is: Tool for IP Address Insights

MyIP.is, a handy online tool designed to instantly provide users with their public IP address and additional related information.

One of the cool features of this website is that they are actively involved in managing larger pages, collecting and analyzing IP data, and then compiling a list of malicious players on the web, which is available for free download.

Categories
Security

SANS Internet Storm Center – API

Even as a long-time listener of the daily newscast from SANS Storm Center, I never knew they offer a free API with useful information. The downside is that the API is rather slow, but still useful for IP intelligence.

Categories
Azure Security

Azure Front Door configuring  SSL/TLS cipher 

After a recent penetration test on an Azure website, I received a report stating that I need to disable CBC ciphers in my TLS configuration. I was able to reproduce the issue.

https://www.ssllabs.com/ssltest/analyze.html (2024-04-25)

However, I found that on Azure Front Door Standard and Azure Front Door Premium, it’s not possible to configure the cipher order or the selection of ciphers. All of this is fully managed by Microsoft.

Categories
Atlassian Security Sitecore

Exploring CVE with CVEMap Command Line Tool

CVEMap is a user-friendly, open-source command-line interface (CLI) tool engineered for seamless exploration of Common Vulnerabilities and Exposures (CVEs). Its purpose is to provide a smooth and intuitive platform for delving into vulnerability databases. However, the tool relies on a free cloud service.

Categories
News Security

NoName057(16) DDoS January 2024

Before the World Economic Forum in January 2024 in Davos Switzerland, Chinese Premier Li Qiang arrived in Switzerland on Sunday and was officially received with military honors. On the same day, Ukrainian President Volodymyr Zelensky visited the Swiss Parliament Building in Bern. The World Economic Forum began in Davos on Monday. By Wednesday January 17th 2024, the first public reports appeared regarding DDoS attacks against websites in Switzerland, attributing them to the group NoName057(16).

Categories
News Security

Stay on top of Cyber Security Alerts

It’s important to stay on top of new discoveries and vulnerabilities, following up on products. Knowing is the first step, evaluation and taking action is the second step.

Cyber Security Alerts

Vendors

Another crucial step is to sign up for security advisories with all your key vendors to significantly reduce the response time to newly released security advisories from the supplier.

For example like:

  • Atlassian
    • If you are using Atlassian products, especially Data Center or perhaps an outdated server version, I recommend signing up for the Atlassian Security Advisory mailing list. They have recently started sending monthly updates and sometimes even more with crucial information regarding patching and vulnerabilities. In my opinion, it is an absolute must to follow. (2024-01-18)

Categories
News Security

Terrapin Attack, SSH protocol vulnerability

I had to evaluate the risk of a potential Terrapin attack.

  • CVE-2023-48795: General Protocol Flaw
  • CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
  • CVE-2023-46446: Rogue Session Attack in AsyncSSH

The Terrapin attack can target connections secured with ChaCha20-Poly1305 or CBC-mode ciphers with Encrypt-then-MAC. There is a theoretical vulnerability in CTR-mode ciphers combined with Encrypt-then-MAC, but it is not currently exploitable in real-world scenarios.

The attack requires an active Man-in-the-Middle.

OpenSSH and other vendors have implemented a strict key exchange countermeasure, but for it to be effective, both client and server must support it. Connecting a vulnerable client to a patched server, or vice versa, still results in a vulnerable connection.

Categories
Security

SharePoint Developer Toolbar Warning

This warning is present on all SharePoint and is designed to prevent people from being tricked into copying and pasting malicious code into the developer console of their browser.