Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
A serious vulnerability affecting the Secure Shell implementation library, Libssh versions 0.6 and above, have been identified [1]. Exploitation of the vulnerability is trivial and allows threat actors to gain access to affected servers without any authentication. The vulnerability is being tracked as CVE-2018-10933 and is due to an authentication error in the server code which allows threat actors to change the request message. There is a high confidence rating that threat actors will quickly target this vulnerability due to the simplicity to exploit.
Vulnerable servers expect the message SSH2_MSG_USERAUTH_REQUEST, when an unauthenticated user tries to access them. CVE-2018-10933 allows threat actors to gain unauthenticated access into affected servers by sending an SSH2_MSG_USERAUTH_SUCCESS message to a server.
The attack surface appears to be relatively small with at least 1700 potentially vulnerable servers appearing in Shodan results. Servers that are not internet facing are still potentially vulnerable and require patching.
A major initial concern was that the web-based hosting service GitHub would be affected. GitHub has confirmed that both the open GitHub and GitHub enterprises Libssh but are not affected by the breach due to server configuration [3].
References:
[1] Authentication bypass in server code CVE ID#: CVE-2018-10933
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
[2] The SSH library
https://www.libssh.org/
[3] While we use libssh, we can confirm that http://GitHub.com and GitHub Enterprise are unaffected by CVE-2018-10933 due to how we use the library.
https://twitter.com/GitHubSecurity/status/1052317333379723265