NetmanageIT CTO Corner

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility,

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using

NetmanageIT CVE Database and Alerting Platform now live!

General Musings

NetmanageIT CVE Database and Alerting Platform now live!

We now have a Public facing CVE lookup and alerting platform for general/public use! You can search for any vendor, CVE, keyword etc. The great thing is, anybody can sign up quick for an account, verify their email and be on their way to subscribed CVE alerts! Once you

Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations.

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container,

2FA/MFA not living up to the hype?

General Musings

2FA/MFA not living up to the hype?

This post might ruffle some feathers, and full disclaimer right off the bat. 2FA/MFA is good, and should be used, its better than not using it. I am starting to see an alarming trend across the internet, forums, security folks, MSP's all chanting in unison, 2FA! 2FA! Framing it

Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities

Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits

5G is a game changer for mobile connectivity, including mobile connectivity to the cloud. The technology provides high speed and low latency when connecting smartphones and IoT devices to cloud infrastructure. 5G networks are a critical part of all infrastructure layers between the end user and the end service; these

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. There is no

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.

Daniel Bender CTO guest on Prophets of IT Podcast

General Musings

Daniel Bender CTO guest on Prophets of IT Podcast

Jim Punzenberger had me on as a guest on his podcast. Short good little episode, check it out!

Free PDF Tools by NetmanageIT

General Musings

Free PDF Tools by NetmanageIT

Another great site we setup for our customers, I am making available to anyone who wants to use it, is our https://pdf.netmanageit.com site. This site is extremely easy to use, and has many features and PDF manipulation tools that you usually only see in the Pro version

How To use our Free Password Pusher Secure Site

How-To Articles

How To use our Free Password Pusher Secure Site

Password Pusher, what is it you ask? It is a secure way to send Passwords to a person in an email without actually having the password itself in the email body where it is not secure. DO NOT EVER send passwords in an email or via SMS or any other

NetmanageIT's Dedicated Speed Test Site

General Musings

NetmanageIT's Dedicated Speed Test Site

While many use Ookla speedtest, one of the best, and there is nothing wrong with that. I spun up our own dedicated speedtest site in our NYC Datacenter. The site is hooked to a 2gbit connection. If you want a second opinion, or the speed test site you like to

Server Room Cooling Tips for SMB's

General Musings

Server Room Cooling Tips for SMB's

One often overlooked part of SMB IT Infrastructure is the Server Room / Wiring Closet and the HVAC implications. Often times we see SMB's especially prone to totally ignoring this very important aspect of your Network. We are talking about the one centralized room that houses and safeguards all your premise

General Musings

The Cloud...

The Cloud... lets just say I am torn a bit. Its a love hate relationship, there are some good things about the ever growing momentum and push to the cloud. There are also some bad things, many not even noticed in the obvious sense, until some NOC tech fat fingers

The Hive 5 & Cortex HowTo

How-To Articles

The Hive 5 & Cortex HowTo

Credit: Some of the screenshots in this article have been taken from Official documentation from Strangebee, some are my own custom screenshots to make the writing of this article easier. Let's start with a little background, The Hive and Cortex have been around for a few years, more detailed information

OpenCTI Threat Intel from another Planet?

How-To Articles

OpenCTI Threat Intel from another Planet?

So I thought I would post what OpenCTI can show us, visually, the correlations and the cool benefits of when you setup your own OpenCTI instance. Just how neat of a platform it is, compared to MISP or Yeti for comparison. It is a real time, dynamically updated, powerful database

OpenVAS Vulnerability Scanner Setup

How-To Articles

OpenVAS Vulnerability Scanner Setup

In this article, I am going to show you how to setup your own dedicated Vulnerability Scanner Platform in a Linux VM with VPN for anonymity. NOTE: VPN setup is outside the scope of the article, although its very easy, just follow the VPN providers setup instructions for your Linux

Nikto Web Vulnerability Scanner

How-To Articles

Nikto Web Vulnerability Scanner

Nikto, what is it? Its one of my favorite CLI driven Web Vulnerability scanners to check thousands of best practice setup variables and vulnerabilities. It is used to proactively check and give insights on what you need to change to secure that website to the highest level you can. While

OpenCTI Installation HowTo

How-To Articles

OpenCTI Installation HowTo

UPDATE 3/15/2023 : New Part 2 of the article is down towards the bottom. Part 2 is for optionally setting up OpenCTI to be served over Nginx Reverse Proxy using Certbot and LetsEncrypt. The OpenCTI project (Open Cyber Threat Intelligence) is a platform meant for processing and sharing knowledge