Data Core Systems

04/12/2023

27/06/2023

https://datacoresystems.ro/the-rise-of-offensive-security/

19/06/2023

Descoperă lumea securității cibernetice cu acest atelier gratuit oferit de Data Core Systems, unul dintre principalii furnizori de cybersecurity din România. Experiența anterioară în cybersecurity nu e necesară, însă reprezintă un avantaj familiaritatea cu zona de IT.

Îți propunem un parcurs interactiv, ghidat de profesioniști experimentați în domeniu. Vei avea acces la laboratoarele noastre moderne și vei primi îndrumări utile pentru o carieră în cybersecurity.

Workshop-ul se va desfășura la sediul Data Core Systems, o ocazie excelentă de a intra în contact direct cu mediul dinamic al securității cibernetice.

La sfârșitul atelierului, vei avea o perspectivă mai largă asupra cybersecurity și, poate vei descoperi o nouă pasiune sau vei lua decizia de a urma o carieră în acest domeniu. O treime din participanții la ediția anterioară ne-au devenit colegi.

Durată: 10 prezentări a câte 3 ore, în perioada 17 iulie - 26 august 2023.

Locație: prezența fizică este necesară la sediul Data Core Systems din strada Gheorghe Țițeica 142, Sectorul 2, București

Înregistrarea are loc până în data 10 iulie 2023. Locurile sunt limitate.
Pentru a îți asigura un loc, te rugăm să trimiți CV-ul la adresa de e-mail: [email protected]

12/06/2023

Fortinet Addresses Critical RCE Vulnerability in Fortigate SSL-VPN Devices

A critical vulnerability has been identified in multiple Fortigate devices that have SSL-VPN enabled, making them susceptible to a remote code ex*****on (RCE) flaw.. Fortinet describes Fortigate as a next-generation firewall that offers "unparalleled AI-powered security performance and threat intelligence, along with full visibility and security and networking convergence."
Threat actors could use the vulnerability (CVE-2023-27997) to perform remote code ex*****on via SSL VPN, prior to authentication.
The patches were released last Friday for FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.
All versions are probably impacted, and confirmation is anticipated after the CVE is published on June 13, 2023. Before revealing critical vulnerabilities, Fortinet is renowned for releasing security patches, giving customers time to update their devices before threat actors can reverse engineer the patches.
All businesses are urged to install the latest patches right away and check their networks for signs of compromise.

09/06/2023

https://datacoresystems.ro/investing-in-zero-trust-cybersecurity-architecture-strengthening-your-companys-defense-against-cyberattacks/

15/05/2023

Data Core Systems /Trend Micro highlights commitment to cybersecurity excellence at CyberMAN 2023

We continue our tradition by participating in the CyberMAN 2023 cybersecurity contest. This event brought together participants from various institutions within the national defense system, public order, and national security.
Organized by the Cyber Defense Command of the Ministry of National Defense, CyberMAN 2023 took place online between May 8 – 11. There were present organizations such as the Ministry of National Defense, SRI, STS, SPP, MAI, as well as prominent academic institutions and industry leaders in cyber capabilities.
The contest featured a Capture-The-Flag challenge with different levels of complexity, ranging from easy to medium and hard, and a Red Team/Blue Team exercise.
Participants showcased their skills in various categories, including Web, Cryptography, Steganography, Networking, Forensics, Reverse Engineering, Buffer-overflow, and more.
At Data Core Systems, we firmly sustain continuous skill enhancement. Our participation in CyberMAN 2023 allowed us to test our expertise against various challenges. We are dedicated to staying at the forefront of the rapidly evolving threat landscape, ensuring that we can effectively protect our clients from emerging cyber risks.
We want to thank to the organizers, participants, and partners who made CyberMAN 2023 possible.
Stay tuned for more updates from Data Core Systems as we remain committed to delivering cutting-edge cybersecurity solutions and protecting your valuable digital assets. If you have any cybersecurity needs or questions, please don't hesitate to reach out.

06/04/2023

Unpatched critical vulnerability CVE-2023-1707 in HP printer firmware

This week, HP stated in a security bulletin that a critical vulnerability affecting the firmware of a few business-grade printers would take up to 90 days to fix. About 50 models of HP Enterprise LaserJet and HP LaserJet Managed Printers are affected by the security flaw, which has the tracking number CVE-2023-1707.
Utilizing the CVSS v3.1 standard, the company determined a severity score of 9.1 out of 10 and notes that exploiting it might result in information disclosure. Despite the high score, the exploitation context is constrained because the vulnerable devices require IPsec to be enabled and FutureSmart firmware version 5.6 to be installed.
The information disclosure vulnerability in this situation could give an intruder access to private data sent between the affected HP printers and other networked devices.
The following HP printers are affected by CVE-2023-1707:
• HP Color LaserJet Enterprise M455
• HP Color LaserJet Enterprise MFP M480
• HP Color LaserJet Managed E45028
• HP Color LaserJet Managed MFP E47528
• HP Color LaserJet Managed MFP E785dn, HP Color LaserJet Managed MFP E78523, E78528
• HP Color LaserJet Managed MFP E786, HP Color LaserJet Managed Flow MFP E786, HP Color LaserJet Managed MFP E78625/30/35, HP Color LaserJet Managed Flow MFP E78625/30/35
• HP Color LaserJet Managed MFP E877, E87740/50/60/70, HP Color LaserJet Managed Flow E87740/50/60/70
• HP LaserJet Enterprise M406
• HP LaserJet Enterprise M407
• HP LaserJet Enterprise MFP M430
• HP LaserJet Enterprise MFP M431
• HP LaserJet Managed E40040
• HP LaserJet Managed MFP E42540
• HP LaserJet Managed MFP E730, HP LaserJet Managed MFP E73025, E73030
• HP LaserJet Managed MFP E731, HP LaserJet Managed Flow MFP M731, HP LaserJet Managed MFP E73130/35/40, HP LaserJet Managed Flow MFP E73130/35/40
• HP LaserJet Managed MFP E826dn, HP LaserJet Managed Flow MFP E826z, HP LaserJet Managed E82650/60/70, HP LaserJet Managed E82650/60/70

15/03/2023

Microsoft advises users to immediately patch their systems against zero-day vulnerability (CVE-2023-23397)

Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) that was assigned a CVSSv3 score of 9.8. It was being used to attack European firms by a hacker collective affiliated with Russia's military intelligence service GRU.
The vulnerability (CVE-2023-23397) was discovered by CERT-UA (the Computer Emergency Response Team for Ukraine), and it is a major security flaw that affects Outlook and allows users to elevate their privileges without having to interact with the system.
By forcing the targets' machines to authenticate to attacker-controlled SMB shares, the hacker gang (identified as APT28, STRONTIUM, Sednit, Sofacy, and Fancy Bear) issued malicious Outlook notes and tasks to steal NTLM hashes via NTLM negotiation requests.
The compromised credentials were used to alter the permissions on the Outlook mailbox folders, which enabled email exfiltration for particular accounts.

Microsoft Outlook vulnerability CVE-2023-23397 mitigations

In order to temporarily mitigate the effects of the assaults, Microsoft advises users to immediately patch their systems against CVE-2023-23397, add users to the Active Directory group known as Protected Users, and restrict outbound SMB (TCP port 445).
To assist administrators in determining whether users in an Exchange infrastructure have been affected by this Outlook vulnerability, Microsoft also issued a specific PowerShell script.

03/03/2023

Two Buffer Overflow Vulnerabilities Discovered in Trusted Platform Module (TPM) 2.0 Reference Library Specification


The Trusted Platform Module (TPM) 2.0 reference library specification has been found to have two buffer overflow vulnerabilities, which can be exploited by attackers who have access to a TPM-command interface. By sending maliciously-crafted commands to the module, the attacker can read sensitive data or overwrite normally protected data that is only available to the TPM, such as cryptographic keys. The vulnerabilities have been identified as CVE-2023-1017 and CVE-2023-1018, and were reported by cybersecurity company Quarkslab in November 2022.

TPM technology is a hardware-based solution that provides secure cryptographic functions to the operating systems on modern computers, making it resistant to tampering. However, as cloud computing and virtualization have become more popular, software-based TPM implementations have also gained popularity.

To address these vulnerabilities, users should apply updates provided by hardware and software manufacturers through their supply chain as soon as possible. The Trusted Computing Group (TCG) has released an update to their Errata for TPM2.0 Library Specification with instructions on how to address these vulnerabilities. Updating the firmware of TPM chips may be necessary, and this can be done through an OS vendor or the original equipment manufacturer (OEM). In some cases, the OEM may require resetting the TPM to its original factory default values as part of the update process.

24/02/2023

Apple patches three vulnerabilities in iPadOS, iOS and macOS

Apple has updated the security advisories it issued last month to include three new vulnerabilities that affect iOS, iPadOS, and macOS.
The first flaw (CVE-2023-23520) was a race condition in the Crash Reporter component that could allow a malicious actor to read arbitrary files as root. Apple stated that it addressed the issue with additional reassurance.
The other two flaws, discovered by Trellix researcher Austin Emmitt, were in the Foundation framework (CVE-2023-23530 and CVE-2023-23531) and could have been exploited to gain code ex*****on.
Trellix classified the two flaws as a "New class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to privilege escalation and sandbox escape on both macOS and iOS," in its own report on Tuesday.
As a result, threat actors had the possibility to exploit these flaws to bypass the sandbox and run malicious code with elevated privileges, possibly providing access to the calendar, address book, messages, location data, call history, camera, microphone, and photographs.
Worryingly, the security flaws could have been exploited to install arbitrary software or even delete the device. Nevertheless, in order to exploit the flaws, an attacker had to first gain a foothold in the system.