Getting Started with Microsoft Security Baselines

12 May 2021 in Cyber Security

Ensuring your organization is secure has to start someplace. For most administrators this is a daunting task. Where do I start? What do I secure first? What would a Threat Actor look for? The sheer number of configuration capabilities in Windows Server and Windows 10 can make these questions hard to answer. This is where […]

Are The Notorious Cyber Criminals Evil Corp actually Russian Spies?

05 May 2021 in Cyber Security

Part 1 – The Ransomware Attack Truesec has documented how Russian ransomware gangs profit from being left alone by Russian law enforcement, but connections seem to go even deeper. Initial Attack and Takeover In October 2020, the Russian-based threat actor known as “Evil Corp” conducted a ransomware attack against a major corporation. The attack vector […]

Secure your VMware ESXi hosts against ransomware in three simple steps!

13 Apr 2021 in Cyber Security

We have recently seen an increase in ransomware targeting VMware vSphere ESXi hosts and encrypting all virtual machines at once. You can secure your ESXi hosts from ransomware by following these three simple steps, using TPM, Secure Boot and the ESXi setting execInstalledOnly.

Russia is part of the Ransomware Problem

30 Mar 2021 in Cyber Security

It is hard to determine who is the actual perpetrator behind cybercrime operations, with enough confidence for law enforcement to issue warrants for arrest. Even pinpointing which country the actors are operating from is hard to do with 100% certainty. At the same time, there are more than enough indices to say with relatively high […]

Tracking Microsoft Exchange Zero-Day ProxyLogon and HAFNIUM

07 Mar 2021 in Cyber Security&Infrastructure

This post contains information and data related to an on-going investigation of Microsoft Exchange Zero-Day ProxyLogon and associated vulnerabilities actively exploited and attributed to HAFNIUM. Any changes and edits made to this blog post will be noted at the top of the post. Update list 2021-03-08 16:29 CET – Added web shell details 2021-03-09 11:20 […]