Cymulate's News & Updates
Stay up to date with the latest & greatest news from our company.
- 24 Topics
- 8 Replies
New critical vulnerability out in the wild and we have validated that the vulnerability does not exist in the Cymulate App as well as the Cymulate Agent.A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j utility was disclosed publicly via the project’s page on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.This announcement summarizes analysis as well as other actions performed and any potential impacts to the Cymulate solution.Cymulate’s engineering and security teams have been working through the course of this zero day publication and continue to actively work on the analysis and any actions our users should perform, alongside identifying detection signatures that may be used to identify potential exploitation of the vulnerability.We have validated that the vulnerability does not exist in the Cymulate App as well as the Cymulate Agent are not susceptible to the remote code execution associated with this
SummaryThe objective of the change is to rearrange the app according to the new user flow for security validation, there is no functional change in Cymulate’s capabilities following this redesign.The app will be divided to 3 new different categories: Scenarios – Scenario-based validation is focused on security control efficacy and was design to test specific phases of an attack and validate the performance of the relevant security controls against these specific scenarios, this section will include all the following modules: Immediate Threat Intelligence Email Gateway Web Gateway Web Application Firewall Endpoint Security Data Exfiltration APT full kill chain scenarios (agent) Advanced Scenarios – The module formerly known as “Purple Team”, which was designed to allow for the crafting of advanced attack scenarios with specific TTP’s, executions, and configurations. While the “scenarios” section was designed to cover a wide range of attack methods in a specific assessment, Advanc
The Hopper is now able to authenticate to Linux machines using Active Directory credentials via SSH.This capability allows the Hopper to use cleartext credentials to spread to Active Directory connected Linux machines during an attack.As we can see in the screenshot below, the Hopper is able to spread to a Linux machine using cleartext AD credentials via SSH:The Hopper can spread from a Linux machine to other Linux machines via SSH. The Hopper can spread back from a Linux machine to Windows machines via SMB.
We would like to announce the start of the deprecation process of the Cymulate (legacy) agent and the transition to the use of the service-based agent. Due to its scalable and modular architecture, the service-based agent offers users a better overall experience and improved performance for running assessments in the platform.The service-based agent offers the following benefits:With the service-based agent, the user will no longer need to be logged in to run assessments. Agents can have multiple profiles with different permission levels, offering more control over what each agent can test. Agents can be configured easily from the Agents page in the platform. The agent’s automatic recovery mechanism will continue running the assessment from where it left off in the case that an assessment crashes.When will this change take place?We will deprecate the legacy agent using a phased approach. The following timeline describes the phases of the legacy agent deprecation:November 20th, 2022 –
We have created an OpenSSL Advanced Scenario Test for latest OpenSSL Vulnerability. To use: 1. Open the Cymulate interface2. go to Advanced Scenarios 3. go to Resources4. search for “OpenSSL CVE-2022-3786”Note: the test will test for both CVE-2022-3786 and CVE-2022-3602
Microsoft has announced that as of October 1, 2022, they have begun the process of removing basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used. For more information on this announcement, see this article.How does this affect Cymulate users?Cymulate users that have configured the SMTP connection via Office365 basic authentication will need to reconfigure the SMTP connection. The previous Office365 option which supported basic authentication has been removed, and the Office365MFA option, which supports all Office365 accounts, has been renamed Office365. Reconfiguring the Office365 connection (Service-based agent)To reconfigure the SMTP connection, follow the instructions below.Open the CMD and enter: For Client type, enter 3 to select Office365. If an interactive browser is found on your system, it will automatically open and prompt you to log in to your account. Otherwise, continue with the
Hi,Sunday (October 30th , 2022) we will perform a scheduled update to the platform.This update will include multiple items which require a maintenance window of about 2 hours.During this time access to some of the platform’s capabilities and assessments may be unavailable.The Maintenance time for Customers deployed at the EU Region are: 3:00PM GMT - 5:00PM GMT (30/10/2022) The Maintenance time for Customers deployed at the USA Region are: 4:00AM EST - 6:00AM EST (30/10/2022)Thank you! Cymulate Team
Maintained by the Apache Software Foundation (ASF), Apache is by far the most common web server run in the world. Doing a quick Shodan lookup as of this article’s publish date finds over 25 million Internet-reachable instances globally. Thus, the discovery of a remote code executable capable vulnerability this week in its Apache Common text library in its default configuration and dubbed Text4Shell should be taken seriously.The vulnerability discovered by cybersecurity researcher Alvaro Munoz was discussed in his blog post and tracked as CVE-2022-42889 with a CVSS score of 9.8 out of 10. It affects versions 1.5 through 1.9 of the Apache Common text libraries with only the latest 1.10 not having the issue. The issue can be found within its variable interpolation capabilities, specifically within its “script”, “DNS” and “URL” functionality. Apache has not provided a workaround for the affected variants but has recommended upgrading Apache Common text libraries to the latest 1.10.For inst
Google has updated their GSUITE API and no longer support basic authentication (username + password).It means that clients that has configured GSUITE connection in the agent will no longer be able to connect to it.All clients must generate ‘APP PASSWORD’ and use it instead of their account password.The agent UI is already updated.More details can be found here: Sign in with App Passwords - Gmail Help (google.com) (this link is also in the agent UI) The relevant part is this:
With threats changing constantly, new and existing vulnerabilities stacking up, and the dynamic nature of enterprises adding new misconfigurations and security gaps daily we must take a continuous approach to security validation testing to truly keep ahead. Join Dave Klein and Dr. Chase Cunningham as they discuss.Join this conversation to learn:• Why is it important to truly understand both technical and business impact when looking at outcomes?• What is the relation to segmentation, access and privileges, and cloud controls?• What is the importance of both continuous security validation and breach feasibility testing?• How does this help minimize threat exposure and validate Zero Trust?Dr. Chase Cunningham is a retired Navy Chief Cryptologist with more than 20 years of experience in Cyber Forensic and Analytic Operations and forensic analysis. He gained his operations experience by being "on pos" doing cyber forensics, analytics, and offensive and defensive cyber operations while func
Understanding the Differences Between IoCs (indicators of compromise) and TTPs (Tactics, Techniques and Proceedures).
We had a great conversation with @dan_lisichkin on truly understanding the differences between IoCs and TTPs. Really helpful in understanding how to better inoculate against attackers. What do you think? More importantly - what should we talk about next? Tell me! Even better if you want you can come join me on a broadcast if you want - no pressure on that but can do that too! 😃
We at Cymulate believe that when people come together, nothing can stop them.A core goal of the group is to create a global community of diverse professionals who will identify, challenge, and inspire one another through knowledge sharing, networking, ideation, and more.You are encouraged to share your knowledge, ask questions, participate in discussions, and become a key member of this community. I would appreciate hearing from you, answering any questions you have, or getting more involved by emailing me at email@example.com.Take a moment to introduce yourself and let everyone know who you are.
Our customers’ security is at the forefront of every decision, every updated feature, and every new initiativewe take as a company. Trust is never something we take for granted.That’s why we’re rigorous about requiring Cymulate employees to follow the latest in cyber hygiene. Westrive to be as informed and confident as possible in every decision we make when it comes to our customers data privacy.This brochure describes Cymulate Security Measures & Data Processing.
Published on December 10th by NIST, the Apache Log4Shell or LogJam, AKA CVE-2021-44228, is a highly critical new vulnerability, ranked the most severe current security risk, as it affects a large number of services due to the popularity of Log4j. Log4J is a widely used Java-based logging library. Log4Shell is able to create a Remote Code Execution (RCE) by tricking a component of Java applications in web servers into executing commands without the authorization of the administrator and without a valid login to the targeted device/service/site. As Log4Shell has a high potential for escalation and is actively being exploited, it is critical to rapidly check the exposure of your environment, including the entire potential attack path. Cymulate provides four critical methodologies to determine if your organization is at risk and to determine if your security controls have the ability to deflect attempted Log4Jam/Log4Shell attacks. This in-depth detection is achieved with a combination o
Until your security posture learns Jedi mind tricks (we’re working on it!), we all need to join forces in the fight against #ransomware.Fill out our confidential survey on how your company is approaching the growing threat of ransomware and you’ll be sent a free T-shirt and the complete report: https://hubs.li/H0XlSlM0
Setting the Record Straight on Breach & Attack Simulation, Purple Teaming and Continuous Security Validation
As a twenty-plus year cybersecurity professional I can count on a single hand the times I had to respond to a vendor who made crazy, unsubstantiated claims. As practitioner in Breach and Attack Simulation (BAS) and Purple Teaming, I wanted to counter some really misleading “marketecture” that I heard another vendor make. I am going to take the high road and not call that vendor out by name and set the record straight by giving my experience with specifically the Cymulate Continuous Security Validation Platform that includes BAS and Purple Teaming solution. What is Cymulate Breach and Attack Simulation?BAS is using real world exploits and techniques along the entire kill chain to test enterprise environments real security controls, environments, and people. By doing such you get the most accurate picture of how the enterprise would respond to a real attack. Starting with reconnaissance these solutions moving onto mail, web, application reverse proxying and spear fishing techniques. Th
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.