As threats in the digital realm evolve, the NIST Cyber security framework (CSF) 2.0 serves as a crucial resource to help businesses of all sizes, across industries to reinforce their defences against cyber security threats. This updated guidance focuses on a comprehensive set of standards, guidelines, and best practices and aims to streamline risk management and bolster information security frameworks [1]. The transformation from the original to the NIST CSF 2.0 illustrates a commitment to adapting to the shifting landscape of cyber threats, offering a meticulously curated toolkit that encompa ..read more

CrowdStrike’s new 2024 Global Threat Report has been creating some buzz around the latest trends in the cyberattacks, and we are here to make the key takeaways from the main topics that were talked about in the report more accessible to you. To summarise, the cyberattacks ecosystem have been increasing and here are certain figures to keep in mind- CrowdStrike recorded 34 new adversaries in 2023 with an increase of 75% in the Cloud environment intrusions and 110% cloud-conscious cases year over year mostly with financial motives. According to the data, the technology industry was most frequentl ..read more

AMARU would like to draw your attention to an advisory published by the UK’s National Cyber Security Centre (NCSC UK) which details recent tactics, techniques and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes or Cozy Bear. The NCSC UK and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services. The US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber National Mission Force (CNMF), the Feder ..read more

// Overview  On February 19th, 2024, ConnectWise released a security advisory for its remote monitoring and management (RMM) software. The advisory highlighted two vulnerabilities that impact older versions of  ScreenConnect and have been mitigated in version 23.9.8 and later. CVE-2024-1709 (CWE-288)— Authentication Bypass Using Alternate Path or Channel Base CVSS score of 10 (Critical) CVE-2024-1708 (CWE-22)— Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Base score of 8.4 (High Priority) Cloud hosted implementations of ScreenConnect, including scree ..read more

Amaru would like to draw your attention to a crucial alert we received from The National Cyber Security Centre (NCSC) regarding two zero-day vulnerabilities discovered in Microsoft Products. These vulnerabilities pose severe threats to the security of organisations and individuals alike. Vulnerability Details: 1. CVE-2024-21410 – Microsoft Exchange Server: CVSS Score: 9.8 Description: This vulnerability affects Microsoft Exchange Server, potentially allowing unauthenticated attackers to escalate privileges by accessing user credentials. These credentials can then be utilised to impersonate leg ..read more

Amaru would like to draw your attention to a crucial alert we received from The National Cyber Security Centre (NCSC) regarding two zero-day vulnerabilities discovered in Microsoft Products. These vulnerabilities pose severe threats to the security of organisations and individuals alike. Vulnerability Details: 1. CVE-2024-21410 – Microsoft Exchange Server: CVSS Score: 9.8 Description: This vulnerability affects Microsoft Exchange Server, potentially allowing unauthenticated attackers to escalate privileges by accessing user credentials. These credentials can then be utilised to impersonate leg ..read more

// Overview  Amaru’s MDR is aware of an active ransomware campaign targeting unpatched VMware ESXi hosts facing the public internet. On February 3rd, 2023 the French National CERT first reported a threat actor campaign targeting VMware ESXi hypervisors with the aim of deploying ransomware. The initial access vector is CVE-2021-21974, a vulnerability that allows an attacker to remotely execute arbitrary code. A patch for CVE-2021-21974 has been available since February 23, 2021. CVE-2021-21974 affects the following ESXi versions: • ESXi 7.x versions earlier than ESXi70U1c-17325551 • ESXi versio ..read more

The name Simplify Security doesn’t capture our mission enough. And as a result, we’re rebranding to Amaru. Bigger mission, same vision, same values, same purpose. When I started this business in 2019, I wanted to help organisations grow better with more innovative, pragmatic and affordable security solutions at a global scale – that hasn’t changed.  When I take a look at the last three years, we have helped several organisations of all sizes and industries grow and go global – I am proud of that. Thank you to all our customers for trusting us, and my team for being part of this journ ..read more

Open-source intelligence (OSINT) is the practice of gathering, analyzing, and using information from publicly available sources. This can include data from websites, social media, news articles, government reports, and other sources that can be legally and ethically collected and analyzed. An OSINT exercise is a structured process of collecting and analyzing open-source information to support a specific goal or objective. Benefits of an OSINT exercise include: Gathering intelligence on potential threats: An OSINT exercise can help organizations identify potential threats, such as criminal or ..read more

A penetration test, also known as a “pen test” or “ethical hacking,” is a simulated attack on a computer system, network, or web application to identify and exploit vulnerabilities. The goal of a penetration test is to assess the security of a system by attempting to gain unauthorised access, and to identify and evaluate potential vulnerabilities. Benefits of a penetration test include: Identifying vulnerabilities: A penetration test can identify and evaluate vulnerabilities in a system that may be exploited by an attacker, including known and unknown vulnerabilities. Prioritising risks: A ..read more