Last month, the United States’ National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report (CTR) detailing the security hardening they recommend be applied to Kubernetes clusters, which is available here. The guidance the document contains is generally reasonable, but there are several points which are either incorrect or … Continue reading NSA & CISA Kubernetes Security Guidance – A Critical Review
This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, “Overview of Open-Source Cryptography Vulnerabilities”, to be presented at the International Cryptographic Module Conference 2021 (Virtual – Sept 3 2021) Robert Seacord, “Secure Coding”, to be presented at Auto ISAC Analysts (Virtual – Sept 7 2021) Erik Steringer, … Continue reading Conference Talks – September 2021
In the summer of 2018, Google engaged NCC Group to conduct a security assessment of the Android Cloud Backup/Restore feature, which premiered in Android Pie. This engagement focused on a threat model that included attacks by rogue Google employees (or other malicious insiders) with privileges up to and including root-in-production. The Android backup/restore feature is only one … Continue reading Public Report – Android Cloud Backup/Restore
Introduction At NCC Group, we routinely assess the configuration of our clients’ cloud environments. These reviews aim to ensure that the environments are in line with security best practice and provide appropriate protection for sensitive information and resources. Google Cloud Platform (GCP) has grown steadily since 2011 – both in features and in adoption. This … Continue reading Securing Google Cloud Platform – Ten best practices
This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, “Bug Bounty: Why is this happening?” presented at Nullcon Goa (Goa, India – March 3-7 2020) Rob Wood, “[Panel]: CSIS Security Panel Discussion,” presented at OCP Global Summit (San Jose, CA – March 4-5 2020) Rory McCune, “[Training]: … Continue reading Conference Talks – March 2020
This post describes the techniques, tactics and procedures we observed during recent LAPSUS$ incidents.
NCC Group CIRT has responded to a large number of ransomware cases where frequently the open source tool Rclone being used for data exfiltration. We provide some techniques for detection.
This post is a technical discussion of the underlying vulnerability of CVE-2020-15257, and how it can be exploited. Our technical advisory on this issue is available here, but this post goes much further into the process that led to finding the issue, the practicalities of exploiting the vulnerability itself, various complications around fixing the issue, … Continue reading ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again
Category: Reduction/Prevention Overview Document macros have gone in and out of style since 1995 as a deployment method for malware. Netskope’s latest ‘Cloud and Threat Report: July 2021 Edition’ points out that in Q2 of 2021, Microsoft Office macros accounted for 43% of malicious Office document downloads, compared to just 20% at the beginning of … Continue reading Disabling Office Macros to Reduce Malware Infections