Cymulate's News & Updates
Stay up to date with the latest & greatest news from our company.
- 26 Topics
- 9 Replies
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
New critical vulnerability out in the wild and we have validated that the vulnerability does not exist in the Cymulate App as well as the Cymulate Agent.A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j utility was disclosed publicly via the project’s page on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.This announcement summarizes analysis as well as other actions performed and any potential impacts to the Cymulate solution.Cymulate’s engineering and security teams have been working through the course of this zero day publication and continue to actively work on the analysis and any actions our users should perform, alongside identifying detection signatures that may be used to identify potential exploitation of the vulnerability.We have validated that the vulnerability does not exist in the Cymulate App as well as the Cymulate Agent are not susceptible to the remote code execution associated with this
New App Dashboard
SummaryThe objective of the change is to rearrange the app according to the new user flow for security validation, there is no functional change in Cymulate’s capabilities following this redesign.The app will be divided to 3 new different categories: Scenarios – Scenario-based validation is focused on security control efficacy and was design to test specific phases of an attack and validate the performance of the relevant security controls against these specific scenarios, this section will include all the following modules: Immediate Threat Intelligence Email Gateway Web Gateway Web Application Firewall Endpoint Security Data Exfiltration APT full kill chain scenarios (agent) Advanced Scenarios – The module formerly known as “Purple Team”, which was designed to allow for the crafting of advanced attack scenarios with specific TTP’s, executions, and configurations. While the “scenarios” section was designed to cover a wide range of attack methods in a specific assessment, Advanc
Cymulate Community Challenge: Share your best practices and win prizes!News
To celebrate reaching 2000 community members, we want to hear from YOU about the creative and effective ways you are using Cymulate to improve your cybersecurity posture. Whether it's a unique use case, an innovative solution, or clever automation, we want to hear about it.To enter, simply submit a brief description of your best practice along with any relevant screenshots (if possible). Entries will be judged on their originality, practicality, and overall impact on improving cybersecurity.The winner will get a 1:1 meeting with our CTO or VP Product, as well as exclusive Cymulate swag. Don't miss this opportunity to share your knowledge and expertise with the community, and learn from the experts in the business.You have until January 31 to submit
Overview of 2022 Cybersecurity Compliance Regulations and Planned 2023 RevisionsBlog
The recent adoption of DORA (Digital Operational Resilience Act) by the EU Council is only one of the cybersecurity compliance regulations to emerge or undergo a thorough update in 2022. The accelerated regulators’ activity in matters related to cybersecurity is a direct answer to the combination of cyberattacks’ rising frequency and escalating complexity. The resulting threat to the continued operation of critical services and the potential for major disruption of civilian lives are contributing factors to this flurry of activity. As 2022 is ending, it is appropriate to review the year’s compliance landscape evolution and prepare for planned regulation updates for 2023. New and Updated Cybersecurity Compliance Regulations in 2022The most heavily impacted sector in terms of cybersecurity compliance regulations updates this year was the financial sector, with the creation of the EU-wide new regulatory framework DORA and the revision or updates of PCI DSS and Swift requirements. DORA Req
New Hopper feature: Linux support for Active DirectoryBlog
The Hopper is now able to authenticate to Linux machines using Active Directory credentials via SSH.This capability allows the Hopper to use cleartext credentials to spread to Active Directory connected Linux machines during an attack.As we can see in the screenshot below, the Hopper is able to spread to a Linux machine using cleartext AD credentials via SSH:The Hopper can spread from a Linux machine to other Linux machines via SSH. The Hopper can spread back from a Linux machine to Windows machines via SMB.
Deprecation of the legacy agent and transition to service-based agent
We would like to announce the start of the deprecation process of the Cymulate (legacy) agent and the transition to the use of the service-based agent. Due to its scalable and modular architecture, the service-based agent offers users a better overall experience and improved performance for running assessments in the platform.The service-based agent offers the following benefits:With the service-based agent, the user will no longer need to be logged in to run assessments. Agents can have multiple profiles with different permission levels, offering more control over what each agent can test. Agents can be configured easily from the Agents page in the platform. The agent’s automatic recovery mechanism will continue running the assessment from where it left off in the case that an assessment crashes.When will this change take place?We will deprecate the legacy agent using a phased approach. The following timeline describes the phases of the legacy agent deprecation:November 20th, 2022 –
OpenSSL Advanced Scenario Test for latest OpenSSL Vulnerability
We have created an OpenSSL Advanced Scenario Test for latest OpenSSL Vulnerability. To use: 1. Open the Cymulate interface2. go to Advanced Scenarios 3. go to Resources4. search for “OpenSSL CVE-2022-3786”Note: the test will test for both CVE-2022-3786 and CVE-2022-3602
Microsoft Update - Deprecation of Basic Authentication
Microsoft has announced that as of October 1, 2022, they have begun the process of removing basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used. For more information on this announcement, see this article.How does this affect Cymulate users?Cymulate users that have configured the SMTP connection via Office365 basic authentication will need to reconfigure the SMTP connection. The previous Office365 option which supported basic authentication has been removed, and the Office365MFA option, which supports all Office365 accounts, has been renamed Office365.For more information on configuring the Office365 connection, see Connecting Office365 - Setting up the SMTP connection with the admin consent process.If the Cymulate agent has been allowed access via the Microsoft device login consent process, but you are still having issues connecting, it may be due to use of Azure AD's Tenant Restrictions f
Hi,Sunday (October 30th , 2022) we will perform a scheduled update to the platform.This update will include multiple items which require a maintenance window of about 2 hours.During this time access to some of the platform’s capabilities and assessments may be unavailable.The Maintenance time for Customers deployed at the EU Region are: 3:00PM GMT - 5:00PM GMT (30/10/2022) The Maintenance time for Customers deployed at the USA Region are: 4:00AM EST - 6:00AM EST (30/10/2022)Thank you! Cymulate Team
Text4Shell–Validate Detection and Protection now with CymulateNews
Maintained by the Apache Software Foundation (ASF), Apache is by far the most common web server run in the world. Doing a quick Shodan lookup as of this article’s publish date finds over 25 million Internet-reachable instances globally. Thus, the discovery of a remote code executable capable vulnerability this week in its Apache Common text library in its default configuration and dubbed Text4Shell should be taken seriously.The vulnerability discovered by cybersecurity researcher Alvaro Munoz was discussed in his blog post and tracked as CVE-2022-42889 with a CVSS score of 9.8 out of 10. It affects versions 1.5 through 1.9 of the Apache Common text libraries with only the latest 1.10 not having the issue. The issue can be found within its variable interpolation capabilities, specifically within its “script”, “DNS” and “URL” functionality. Apache has not provided a workaround for the affected variants but has recommended upgrading Apache Common text libraries to the latest 1.10.For inst
Gsuite connection changesNews
Google has updated their GSUITE API and no longer support basic authentication (username + password).It means that clients that has configured GSUITE connection in the agent will no longer be able to connect to it.All clients must generate ‘APP PASSWORD’ and use it instead of their account password.The agent UI is already updated.More details can be found here: Sign in with App Passwords - Gmail Help (google.com) (this link is also in the agent UI) The relevant part is this:
Continuous Security Validation Testing with Dr. Chase Cunningham
With threats changing constantly, new and existing vulnerabilities stacking up, and the dynamic nature of enterprises adding new misconfigurations and security gaps daily we must take a continuous approach to security validation testing to truly keep ahead. Join Dave Klein and Dr. Chase Cunningham as they discuss.Join this conversation to learn:• Why is it important to truly understand both technical and business impact when looking at outcomes?• What is the relation to segmentation, access and privileges, and cloud controls?• What is the importance of both continuous security validation and breach feasibility testing?• How does this help minimize threat exposure and validate Zero Trust?Dr. Chase Cunningham is a retired Navy Chief Cryptologist with more than 20 years of experience in Cyber Forensic and Analytic Operations and forensic analysis. He gained his operations experience by being "on pos" doing cyber forensics, analytics, and offensive and defensive cyber operations while func
Understanding the Differences Between IoCs (indicators of compromise) and TTPs (Tactics, Techniques and Proceedures).
We had a great conversation with @dan_lisichkin on truly understanding the differences between IoCs and TTPs. Really helpful in understanding how to better inoculate against attackers. What do you think? More importantly - what should we talk about next? Tell me! Even better if you want you can come join me on a broadcast if you want - no pressure on that but can do that too! 😃
Welcome new members!
We at Cymulate believe that when people come together, nothing can stop them.A core goal of the group is to create a global community of diverse professionals who will identify, challenge, and inspire one another through knowledge sharing, networking, ideation, and more.You are encouraged to share your knowledge, ask questions, participate in discussions, and become a key member of this community. I would appreciate hearing from you, answering any questions you have, or getting more involved by emailing me at email@example.com.Take a moment to introduce yourself and let everyone know who you are.
Cymulate’s Security Assurance
Our customers’ security is at the forefront of every decision, every updated feature, and every new initiativewe take as a company. Trust is never something we take for granted.That’s why we’re rigorous about requiring Cymulate employees to follow the latest in cyber hygiene. Westrive to be as informed and confident as possible in every decision we make when it comes to our customers data privacy.This brochure describes Cymulate Security Measures & Data Processing.
Four pillars of Extended Security Posture ManagementBlog
Addressing Log4j Vulnerability with CymulateBlog
Published on December 10th by NIST, the Apache Log4Shell or LogJam, AKA CVE-2021-44228, is a highly critical new vulnerability, ranked the most severe current security risk, as it affects a large number of services due to the popularity of Log4j. Log4J is a widely used Java-based logging library. Log4Shell is able to create a Remote Code Execution (RCE) by tricking a component of Java applications in web servers into executing commands without the authorization of the administrator and without a valid login to the targeted device/service/site. As Log4Shell has a high potential for escalation and is actively being exploited, it is critical to rapidly check the exposure of your environment, including the entire potential attack path. Cymulate provides four critical methodologies to determine if your organization is at risk and to determine if your security controls have the ability to deflect attempted Log4Jam/Log4Shell attacks. This in-depth detection is achieved with a combination o
Fight ransomware like a Jedi!
Until your security posture learns Jedi mind tricks (we’re working on it!), we all need to join forces in the fight against #ransomware.Fill out our confidential survey on how your company is approaching the growing threat of ransomware and you’ll be sent a free T-shirt and the complete report: https://hubs.li/H0XlSlM0
Already have an account? Login
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.