Media Hub

We pride ourselves on being highly active in the cybersecurity community. CyBourn’s teams are continually taking part in conferences, speaking engagements, and professional association events. We also are committed to thought leadership and publishing of our work and ideas on the rapidly changing world of cybersecurity.

The Cybersecurity Express
News | 16 SEP, 2021
The Cybersecurity Express
CyBourn, is launching the Cybersecurity Express, bringing you trending subjects in sizeable chunks! Hop aboard and let us take you on a journey of what’s happened during the past days in the trilling world of Cybersecurity. Mind the gap and keep your limbs and heads inside the vehicle at all times, because we are passing at high speed through attacks, zero-day vulnerabilities and exciting news.,We are now arriving at our first destination:,Microsoft Releases patch for Office 365 zero-day attacks,You may be familiar with Microsoft disclosed vulnerability ,CVE-2021-40444,, in which Windows Server 2008 through 2019 and Windows 8.1 through 10 systems are susceptible to attack via a malicious ActiveX control used by a Microsoft Office document that hosts the MSHTML browser rendering engine.,A patch has been released on September 14,th,, this mitigation method being advised above all other workarounds proposed by specialists so far: having “protected mode” on, modifying registry keys etc. The widows updates are a must, after the mitigations proposed by Microsoft were bypassed successfully and the attack ,was carried out, even with files ,that have no MoTW, (Mark of the Web) flag, for which “protected mode” does not apply.,We can only hope this patch put an end to the ActiveX nightmare for good and eliminates all other bypass possibilities. See the ,vulnerability official page,, “Security Updates” section for more information on the cumulative updates, which also address other ,60 vulnerabilities, (86 including Microsoft Edge), fixing one bonus unexploited zero day: ,CVE-2021-36968, – Windows DNS Elevation of Privilege Vulnerability,Microsoft Azure’s “OMIGOD” and “ChaosDB” vulnerabilities,“OMIGOD”,Impacting Azure Linux virtual machines that use the ,Open Management Infrastructure, (OMI). This utility is intended to function similarly to Windows WMI service allowing for collection of logs and remote management commands. OMI is built to require authentication, binding commands to a user ID, but a bug allows for malformed requests that manage to skip the authentication phase and are interpreted as coming from root. Even worse, the tool can be configured for remote management, whilst running an HTTPS server on port 5986 which can be connected to with a standard HTTPS client like curl and receives XML-derived ,SOAP, protocol commands. A compromised system will allow the attacker to run arbitrary commands as root using OMI syntax. More so, if OMI is configured to  listen on a network port, the attacker can use that get control of other virtual machines on the same network.,CVEs issued being tied to this OMI utility exploit:,
  • [object Object], – Unauthenticated RCE as root (Severity: 9.8)
  • ,
  • [object Object], – Privilege Escalation vulnerability (Severity: 7.8)
  • ,
  • [object Object], – Privilege Escalation vulnerability (Severity: 7.8)
  • ,
  • [object Object], – Privilege Escalation vulnerability (Severity:  7.0)
  • ,Not all hope is lost, to mitigate this threat you can use your platform’s package tool to upgrade OMI, with commands such as: “,sudo apt-get install omi,”, to the the latest version ,v1.6.8-1, of the software. You can first check to see if you are vulnerable by connecting to your Azure VMs and run the commands below to see the OMI version installed:,
  • Debian systems: ,[object Object]
  • ,
  • Redhat systems: ,[object Object]
  • ,In the cases where OMI listens on TCP ports, limiting access to these ports via Linux firewall, is advised. A global firewall deny rule, with allow rules only for specific machines that need to access a given service is always a good measure.,“Chaos DB”,This may be old news, as it was reported to Microsoft back in August, still poses a major threat, because any Cosmos DB account that had Jupyter Notebook enabled could be compromised. Microsoft security teams took immediate action to disable the notebook service, right after the critical vulnerability was reported to them. Remediated or not, users are still required to perform mitigation steps due to the risk that their Cosmos DB primary keys were obtained by malicious actors.,Using a chain of vulnerabilities in the Jupyter Notebook feature of Cosmos DB, an attacker can query information about the target, obtaining a set of credentials that can be used to view, modify, and delete data in the Cosmos DB account.,Follow this ,Microsoft guide, to regenerate your Cosmos DB Primary Key, should this mitigation be applicable in your organization.,Approaching our final stop:,‘Azurescape’, a first Kubernetes container escape,Microsoft keeps making the headlines, with yet another critical vulnerability discovered, “the first cross-account container takeover in the public cloud” researchers say.,A malicious Azure actor could compromise the multitenant ,Kubernetes, clusters hosting ACI, establishing full control over other users’ containers, enabling him to steal customer secrets and images deployed to the platform, and possibly abuse ACI’s infrastructure for cryptomining. By deploying a ,WhoC, to ACI, researches managed to read the container runtime and were shocked to find ,runc, version v1.0.0-rc2, released way back in October 2016, known to be vulnerable to at least two container breakout CVEs. All that was left was to modify a PoC container image and deployed it to ACI to get a reverse shell running as root on the Kubernetes node. Once here, they monitored the traffic on Kubelet port 10250 for a request that includes a JWT token in the authorization header. Used the, az container exec, to run a command on the uploaded container, resulting in the bridge pod sending an ,exec ,request to the Kubelet on the compromised node. Finally, back on the node, they extracted the bridge token from the request’s authorization header and used it to pop a shell on the api-server. Voilà!,Consequently, Microsoft released a patch to ACI. The bridge pod no longer sends its service account token to nodes when issuing ,exec, requests, preventing the reported cross-tenant attack. Also the bridge now verifies that a pod’s ,status.hostIP, field is a valid IP before sending an exec request.,It’s been a rough month for Microsoft, but this is the way of the digital world today. Before we end, here are some mention worthy events:,
  • Apple fixes “zero-click”, iMessage zero-day exploited to deliver spyware (CVE-2021-30860)
  • ,
  • Russian ransomware Group REvil Back Online After 2-Month Hiatus
  • ,
  • Coincidentally, ransomware attack hit South African Justice Department and medical technology giant Olympus, however with no ties to latter mentioned group.,[object Object]
  • ,Thank you for riding in the Cybersecurity Express, please don’t forget to take any personal belongings and stay safe by installing updates and patches regularly. Thank you for hitching a ride on the ,CyBourn, Cybersecurity Express. Hope to have you on board for our next departure, soon!
    CyBourn Announces the Launch of Their New Website
    News | 15 APR, 2021
    CyBourn Announces the Launch of Their New Website
    We are very excited to announce the launch of our newly designed website.,After months of hard work and dedication from ,Insomniac Design,, we are delighted to officially announce the launch on 22 March 2021. We wanted to make the new website faster, easier to navigate, and more user-friendly.,As a leader in the cybersecurity industry, it is important for us to make information regarding our thought leadership, services, and trends easily accessible for our current and prospective clients. We endeavour to provide our clients with the most accurate, up-to-date information and share our knowledge and expertise in the field of cybersecurity, MDR, penetration testing and cybersecurity awareness training.,Our goal with this new website is to provide our visitors an easier way to learn about CyBourn’s services and to browse information based on their own choice of blogs, news, or press. The new website gives better access to information about our services, as well as improved pages for our partners and a forthcoming Knowledge Centre hub.,Our current and prospective clients will find useful information about our services on the homepage of our website. Amongst the new features the site contains integrated social media buttons for ,Facebook,, ,Twitter, and ,Linkedin, to foster improved communication on social media. We will be constantly updating our content with helpful information, cutting edge thought leadership, company announcements and client successes in the Blog, News and Press section.,We would also like to thank ,Insomniac Design, for their hard work and energy to make this site what it is – we wholeheartedly recommend them! If you have any questions, suggestions, feedback, or comments on our new site please ,contact us,.,
    null
    3 Simple Ways to Improve Your Cybersecurity Posture
    Blog | 17 FEB, 2021
    3 Simple Ways to Improve Your Cybersecurity Posture
    Cybersecurity is one of the most crucial aspects organisations today must deal with. Since the move to work from home a year ago due to the global pandemic, every day we are constantly feeding information about ourselves into our devices. If that information falls into the wrong hands it can be used to steal from us or mine our organisation’s data. This is a scary fact, and a very real one; without the right knowledge and precautions you could be one of the millions of people who is the victim of a cyber-crime this year. That is where CyBourn can help.,If you are looking to improve your cybersecurity and protect your data from hackers and fraudsters, here are the three easiest ways to do so:,Learn more,One of the easiest ways to improve your cybersecurity is to simply learn more about it. This knowledge will make you more aware of how you use your company devices, where you store critical business information and what to avoid. Learning about cybersecurity can be achieved on many levels; you could improve your cyber security awareness by taking a course. Additionally, you could watch documentaries, and read the small print of your device agreements carefully to understand exactly what happens to your data when you input it into your device.,Update your device,Many people avoid updating their devices to the latest software available. Do you avoid it? This happens because, frankly, it can be an annoyance to have to wait for your phone or laptop to update; plus, newer operating systems are often weightier on your storage. Nevertheless, updating your device at the earliest convenience is one of the simplest ways to increase the effectiveness of its cybersecurity. Every time an operating system is reinvented, its cybersecurity will be fortified; this is because the more developers learn about hacker behaviour, the more they can stand up to it. If your device doesn’t have the latest version of its operating system, it will be more easily attacked in a breach of your data.,Install an antivirus extension on your computer,Antivirus software can be expensive, but not as expensive as a potential misuse of your data! Installing antivirus software on your device means that the device will regularly be scanned for bugs, cookies and junk files. Not only does this type of program strengthen your cybersecurity, but it can also lengthen the life of your device by clearing junk, duplicates and cookies from its hard drive on a regular basis. This frees up storage space and helps your computer operate more efficiently.,If you are unsure about the cost of antivirus software, make sure to search for discounts and deals on reputable antivirus extensions. Usually, these extensions require an annual fee that can be broken down into more manageable chunks.,Final thoughts,To conclude, cybersecurity is of the utmost importance for anyone who uses smart devices for business, work or pleasure – and let’s face it, that’s most people! Use this advice to implement easy changes into the way you use your business devices and stay safe online!,At ,CyBourn,, we have a range of services that can help, giving you full peace of mind when it comes to your cybersecurity posture. We are a global cybersecurity company with a mission to address challenges in technologies and operations in cyberspace. We increase protection by providing forward-thinking transparent services for threat detection, prevention, and response.,To find out more, ,talk to us today,.
    The True Cost of Cyber-Attacks & How to Protect Your Business Against Them
    Blog | 9 FEB, 2021
    The True Cost of Cyber-Attacks & How to Protect Your Business Against Them
    According to a recent study undertaken by Barclays Bank the average cost of each cyber-attack is more than £1,000 per attack, and 29% of cyber-attacks and attempts against small businesses and SME’s are successful. What’s more, 10.6% of those who took part in the study revealed that they had been victims of a cyber-attack, and 8.58% of these had to make staff redundant to cover the cost of what happened to them. With 43% of all cyber-attacks and hacking attempts being against small businesses and SME’s, this is an area that is fast become one that can no longer be ignored.,What is a cyber-attack?,A cyberattack is any criminal act against computers and networks and is often called hacking. It can also cover more traditional crimes conducted through the internet. Some common types of cyber-attacks against businesses can include computer system attacks, malware, ransomware, business identity theft, phishing, web based and denial of service (DDoS) attacks.,These kinds of cyber-attacks have the potential to inflict enormous damage to growing businesses, especially those who operate on small margins. However, many small businesses and SME’s do not have this as one of their main priorities, with other areas such as HR, accounts and investor pitching often taking precedence.,The Growing Sophistication of Cyber-attack on Organisations Today,With cyber-attacks continuing to increase at an alarming rate and evolve beyond disruption towards specific objectives such as targeted data theft, they are now becoming more and more sophisticated. As such, traditional approaches to cyber-security are fast becoming ineffective. Perimeter based security, detecting and blocking what comes in and out of the environment, is no longer adequate in stopping cyber-attacks.,2021 is fast becoming the year in which CEO’s can no longer ignore the growing cyber threat. Cybersecurity and the prevention of cyber-attack is now everyone’s responsibility.,Securing your business from cyber-attacks,Regardless of what industry your business operates in or the size of your business there are some simple steps you can take to help safeguard against potential cyber-attacks.,Ensure your systems are up to date at all times, – While there are many valid reasons why small businesses and SME’s struggle to keep their systems up to date including the cost of doing this, ensuring you are running the latest version of Windows, Mac OS and other software is crucial. By updating your systems on a regular basis major issues are often fixed, and you are less likely to be compromised by a cyber-attack.,Ensure your systems are up to date at all times, – While there are many valid reasons why small businesses and SME’s struggle to keep their systems up to date including the cost of doing this, ensuring you are running the latest v$,Back up, back up, back up and back up again ,– while in the past backing up company data was a laborious process, cloud storage solutions today are affordable, simple and fast. There are huge benefits to storing your data on the cloud and while there is still a small risk that these can still be compromised your data will be protected against certain types of cyber-attacks such as ransomware.,Knowledge is Key: Educate Your Staff, – the more training and awareness that your staff have of cyber fraud, the better equipped they will be to safeguard against potential attacks. With small businesses and SME’s being more reliant and dependent on the internet than ever before, it is vital that you train all your staff to be cyber aware at a minimum.,Conduct regular risk assessments, – while there is much you can do to help protect your systems and business from cyber fraud internally, having regular risk assessments undertaken by a professional may highlight any areas that may have been overlooked. Cyber Essentials is a great place to start for this.,Introduce a password policy, – insecure passwords can often be an organisation’s weakest link, so review these regularly. Introduce a password policy that forces your employees to change their passwords frequently.,How is the cybersecurity industry developing its skill set to combat this growing threat?,Despite the cyber skills gap that exists today, the UK government and many leading organisations are working together to ensure the next generation of security professionals have the skills and expertise to stay one step ahead of hackers. Since the UK Cybersecurity strategy was rolled out in 2011, several measures and organisations have been developed and launched to help combat the growing cyber threat. These include:,The launch of the National Cyber Security Centre ,– in response to the ever-growing threat of cyber-attacks, the UK government in conjunction with GCHQ launched the National Cyber Security Centre. Based in London, the centre aims to be at the forefront of the cybersecurity industry by providing relevant, timely and up to the minute responses to the latest malware, ransomware, and other sophisticated cyber-attacks.,Training neurodiverse individuals for a career in cybersecurity ,– studies have shown that neurodiverse adults, such as those who are on the autistic spectrum, are well suited to a career in cybersecurity. In Worcester, Dr Emma Philpott has set up a Community Cybersecurity Operations Centre (SOC) which is being used as a training centre for neurodiverse individuals in cybersecurity. It also operates services to protect vulnerable adults who are commonly targeted by cyber criminals. By tapping into the neurodiverse community, the cyber skills gap can be addressed and opportunities given to these individuals to have a meaningful career that they wouldn’t have otherwise had.,Getting young people interested in cybersecurity and programming ,– the key to developing the cybersecurity professionals of the future is to get them interested in cybersecurity while at school, and to help with this the Cybersecurity Challenge was born. The Cybersecurity Challenge UK is a set of learning programmes, networking events and competitions that run all over the UK which are designed to identify leading cybersecurity talent and to encourage young people to be more cyber aware and consider becoming cybersecurity professionals. Through this medium the next generation of cybersecurity talent can be found, nurtured, and developed.,Ensure the cybersecurity supply chain is protected ,– everyone has a smartphone, tablet or computer and the components used to make these are very similar. As other devices are developed and made it is essential that security practices, operations and methods that supply chains use are audited and reviewed regularly. Cyber essentials is a great way to show that you’re your organisation takes cybersecurity seriously, and having this accreditation can open doors for companies to trade with the government, councils and the MOD.,Training, education and cyber awareness ,– the growing cyber threat cannot be combated without raising awareness of the seriousness of cybersecurity. It is critical that this is done without hype but also with the aim of ensuring that cybersecurity is everyone’s responsibility. Everyone should have access to tools that will help them to protect their homes, companies but most importantly of all, to protect themselves against potential cyber-attacks. Educating the general public about cyber-attack will help awareness about the growing cyber threat cascade into offices, schools, further education establishments and even further afield.,The development of a cyber workforce that is strong and robust, – if cybersecurity is to be at the heart of education it should be heavily promoted via science subjects, technology, engineering and mathematics (STEM subjects) to ensure that those with a strong interest in cybersecurity can develop and utilise their skills to enter a career in the cybersecurity industry. Utilising the strong talent that exists in hacker communities should be a top priority.,Final thoughts,The growing threat from cyber-attacks is not going to disappear any time soon, therefore organisations need to embrace this and ensure they are as prepared as they can be against cyber-attacks. With a few simple steps and training, you can successfully protect your business against cyber fraud.,At ,CyBourn,, we have a range of services that can help, giving you full peace of mind when it comes to your cybersecurity posture. We are a global cybersecurity company with a mission to address challenges in technologies and operations in cyberspace. We increase protection by providing forward-thinking transparent services for threat detection, prevention, and response.,To find out more, ,talk to us today,.
    EtherLast
    The versatile platform that allows you to promptly detect complex threats, analyse and respond to them from a single pane of glass.
    Dreamlab
    CyBourn's DreamLab pushes the boundaries of innovation in the cyberspace.
    Tags
    EtherLast
    The versatile platform that allows you to promptly detect complex threats, analyse and respond to them from a single pane of glass.
    Dreamlab
    CyBourn's DreamLab pushes the boundaries of innovation in the cyberspace.

    Tell us about your Cybersecurity needs

    We are strategists, engineers, analysts, and governance experts embedded in the world’s biggest cyber missions and trusted to advance them. Let us help you today.