Erick Galinkin – Noise

Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

Erick Galinkin — Thu, 09 Feb 2023 18:36:28 +0000

Rapid7 research has found that nearly 19,000 ESXi servers likely remain vulnerable to CVE-2021-21974, which is being exploited in the ESXiArgs campaign.

Leaked Android Platform Certificates Create Risks for Users

Erick Galinkin — Fri, 02 Dec 2022 21:45:15 +0000

A new report contains 10 different platform certificates and malware sample SHA256 sums where the malware sample had been signed by a platform certificate.

CVE-2022-42889: Keep Calm and Stop Saying “4Shell”

Erick Galinkin — Mon, 17 Oct 2022 20:36:16 +0000

CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input. The vulnerability was announced on October 13, 2022 on the Apache dev list. CVE-2022-42889 arises from insecure implementation of Commons Text’s variable

Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense

Erick Galinkin — Fri, 02 Sep 2022 13:15:00 +0000

Last month, the Institute for Security and Technology’s Ransomware Task Force launched the Blueprint for Ransomware Defense.

CVE-2022-27511: Citrix ADM Remote Device Takeover

Erick Galinkin — Thu, 16 Jun 2022 20:03:55 +0000

On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.

8 Tips for Securing Networks When Time Is Scarce

Erick Galinkin — Tue, 22 Mar 2022 15:44:09 +0000

In light of increased cyber risk surrounding the Russia-Ukraine conflict, we’ve put together 8 tips that defenders can take right now to prepare.

2022 Planning: Metrics That Matter and Curtailing the Cobra Effect

Erick Galinkin — Tue, 18 Jan 2022 15:53:09 +0000

Creating metrics in cybersecurity is hard enough, but creating metrics that matter is a harder challenge still.

Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List

Erick Galinkin — Fri, 14 Jan 2022 14:46:41 +0000

Like many organizations with big data problems, Santa has turned to machine learning to help him sort through his naughty and nice lists.

The Ransomware Killchain: How It Works, and How to Protect Your Systems

Erick Galinkin — Thu, 16 Sep 2021 13:30:13 +0000

How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.

Slot Machines and Cybercrime: Why Ransomware Won’t Quit Pulling Our Lever

Erick Galinkin — Fri, 06 Aug 2021 14:17:22 +0000

Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.

Why the Robot Hackers Aren’t Here (Yet)

Erick Galinkin — Wed, 14 Jul 2021 17:55:41 +0000

Over the years, we’ve seen security in general and vulnerability discovery in particular move from a risky, shady business to massive corporate-sponsored activities with open marketplaces for bug bounties.

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

Erick Galinkin — Mon, 12 Jul 2021 22:39:41 +0000

On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.

CVE-2021-1675 (PrintNightmare) Patch Does Not Remediate Vulnerability

Erick Galinkin — Wed, 30 Jun 2021 18:15:59 +0000

Vulnerability note: Members of the community including Will Dormann of CERT/CC have noted that the publicly available exploits which purport to exploit CVE-2021-1675 may in fact target a new vulnerability in the same function as CVE-2021-1675. Thus, the advisory update published by Microsoft on June 21 does not address