Manoharan Mudaliar

Cyber Security Consultant

US-CERT Releases Malicious Cyber Activity Report

The US Computer Emergency Readiness Team, CERT, has released the analysis on (RAT) Remote Access Tool Malware variant. The variant has been identified as COPPERHEDGE.

“The Manuscript family of malware is used by advanced persistent threat (APT) cyber actors in the targeting of cryptocurrency exchanges and related entities. Manuscrypt is a full-featured Remote Access Tool (RAT) capable of running arbitrary commands, performing system reconnaissance, and exfiltrating data. Six distinct variants have been identified based on network and code features. The variants are categorized based on common code and a common class structure. A symbol remains in some of the implants identifying a class name of “WinHTTP_Protocol” and later “WebPacket.”

Malware Analysis Report Published by US-CERT on Trojan: TAINTEDSCRIBE

“The trojan is a full-featured beaconing implant and its command modules. These samples uses FakeTLS for session authentication and for network encryption utilizing a Linear Feedback Shift Register (LFSR) algorithm. The main executable disguises itself as Microsoft’s Narrator. It downloads its command execution module from a command and control (C2) server and then has the capability to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes, and perform target system enumeration”

Malware Analysis Report Published by US-CERT on Trojan: PEBBLEDASH

“This report looks at a full-featured beaconing implant. This sample uses FakeTLS for session authentication and for network encoding utilizing RC4. It has the capability to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration”.

CERT provides detailed information and recommended mitigation and techniques. Please follow the US-CERT website.



Cisco Releases Major Security Updates on Various Platform

Cisco Security Advisory team releases security updates that address a vulnerability in multiple products.


Most of the vulnerabilities in various products highlight that a remote attacker could exploit vulnerabilities to take control of the affected system.

Major Affected Software and Appliance

  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability[1]
  • Cisco ASA Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability[2]
  • Cisco ASA Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability[3]
  • Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability[4]
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability[5]
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability[6]
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability[7]
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities[8]


It is highly advised to review the Cisco Advisory for more information and apply the necessary steps.

For detailed information, please visit




Google Chrome Releases Critical Updates


Google released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. It addresses vulnerabilities that an attacker could exploit to take control of an affected system.

Risk Level: Medium


Recommend applying the necessary updates. Upgrade to version Google Chrome 81.0.4044.138 or later.

For detailed information, please visit:[1]

How to upgrade to the latest version[2]


The U.S. Department of Homeland Security (DHS), the United Kingdom’s National Cyber Security Centre (NCSC), and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint statement.

Cyber attackers are on the lookout for healthcare organizations and companies that are offering essential services to respond to the COVID-19 pandemic on a national and international level. Considering the situation of cybercriminal activities, the National Cyber Security Centre (NCSC), the Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning and a joint advisory to the organizations.

Ever since the coronavirus outbreak, the risk of Advanced Persistent Threat (APT) actors trying to gain unauthorized access to these organizations’ networks and obtaining confidential COVID-19 data has significantly increased. APT actors may attempt to gather information on international and national policies for the healthcare sector or breach critical research data related to the coronavirus.

APT actors have been using password spraying for the past many years. It’s a data breaching technique where the cyber attacker attempts to obtain access by testing out a few common passwords on several organizations’ accounts, assuming that at least one account must have a common password. APT groups use this method to gain forceful access into government organizations, law enforcement agencies, research and academic organizations, telecommunication companies, financial institutions, and retail organizations.

Oracle Server Web Logic Vulnerable CVE-2020-2883

Oracle released notification to users about the previously disclosed vulnerability CVE-2020-2883, however, as per the date entry created 20191210 comes with a disclaimer, seems to be resurfacing and proven to be considered as highly Vulnerable since malicious cyber actors are now targeting unpatched servers.

Known Affected version,, and


It is highly advised to review the Oracle Blog and the April 2020 Critical Patch Updates for more information and apply the necessary patches as soon as possible.

Weblogic RCE exploits explained and demonstrated by researcher


Cisco IOS XE SD-WAN Software Command Injection Vulnerability

Cisco released security updates to mitigate a vulnerability in IOS XE SD-WAN solution software.

As per Cisco Security Advisories “An attacker could exploit this vulnerability to take control of an affected device”

Cisco has categorized High impact; hence it is advisable to review the Bug ID: CSCvs75505 and apply the required updates.


The source of the bug reporting has credited to Julien Legras and Thomas Etrillard.

There are some interesting exploit examples, Please go through the exploit section.

Microsoft Office 365 security best practice and recommendation

U.S. Govt Issues O365 Security Practice and Recommendation


The majority of businesses are shifting to Microsoft Office 365 and other cloud services to amp up collaborations within their departments to fulfill the “telework” requirements. However, due to the rapid deployment of these cloud services, organizations may be ignoring the security factor associated with these third-party platforms.


There are various security best practices and recommendations available to deploy. I strongly recommend to fine-tuning based on the deployment and design architecture, and never one size fits for all. Due to COVID-19 current situation and becoming a new normal for every organization and most of the works are carried from home “WHF.”

Microsoft O365 provides cloud-based email capabilities, also, chat and other various cloud applications. While the abrupt shift to work-from-home may necessitate the rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy.

The below mentioned are the few best practice for O365 deployment;

Best Practices for O365 Deployment

Enable Multi-Factor Authentication for Administrator Accounts

Azure subscribers are, by default, assigned to the role of Global Administrator. These administrators have the highest privileges that permit them to modify every setting in your Azure Active Directory (AD) in an Office 365 environment. They can add new usernames and modify the old ones, assign tasks, reset passwords, manage licenses, and domain names. In an on-premise Active Directory environment, this is similar to the role of a domain administrator.

The Azure Global Administrator accounts are created before any other account so that they can start with tenant configuration and user migration. These Global Administrator accounts aren’t granted multi-factor authentication by default. Even the new feature “secure by default” also needs to be enabled by the subscriber first. This feature helps with effectuating administrators’ usage of Multi-factor Authentication. The Global Administrator accounts are open to the internet because they are cloud-based. Lack of security can make these accounts vulnerable to online attackers, and they can hack into customers’ accounts during user migration to Microsoft Office 365.

Assign Administrator Roles Using Role-Based Access Control (RBAC):

Given the privileges assigned to the Global Administrator’s role, these accounts should only be used when required. It’s best to use specified administrator roles for Azure Active Directory (AD) such as application administrator, application developer, authentication administrator, and others to avoid or at least minimize the assigning of high-level privileges.

Shifting to the less-privileged rule can minimize the risks of a data breach if any account of administrator is attacked. Administrators must be assigned permissions limited to their roles and tasks.

Enable the Unified Audit Log (UAL):

Unified Audit Log is a logging feature in Microsoft Office 365 that comprises events and data related to Exchange Online, Azure Activity Drive (AD), SharePoint, OneDrive, Power Bi, and other online services offered by O365. This event log allows administrators to keep an eye on any malicious activities or actions against organizational policies. To ensure maximum data protection, the Security and Compliance Center is allowed access to the Unified Audit Log.

While all users don’t have permissive privileges in an Office 365 environment, they can still access information that can be damaging for a business if retrieved by unauthorized personnel. Also, cybercriminals can breach into unauthorized user accounts via phishing emails. They can further breach into other organizations’ cloud system via the applications and features that the hacked user account has access to.

Disable Legacy Protocol Authentication When Appropriate

Azure Activity Directory (AD) is a feature that Office 365 uses to corroborate with its email service, Exchange Online. It is linked to a variety of devised protocols including:

  • Post Office Protocol (POP3)
  • Simple Mail Transport Protocol (SMTP)
  • Internet Message Access Protocol (IMAP)

However, these protocols do not support the modern multi-factor authentication features because they are used with the senior email clients. Subscribers and users have access to disable the legacy mail protocols at any given time. However, if senior email clients are necessary for a business, the legacy protocols won’t be deactivated if a tenant or user tries to disable it. This leaves email accounts with only a password and username as the principal method for authentication and increases the risk of internet attacks.

One way of handling this security issue is to create a log of all the user email accounts that still require the use of legacy protocol and only authorize those accounts to access the protocols. Using the policies of Conditional Access in Azure Active Directory can help minimize the number of users allowed to access and authenticate with the legacy mail protocols. Taking these measures will significantly decrease an organization’s risk of cyberattacks.

Enable Alerts for Suspicious Activity

Enabling alerts and Unified Activity Log (UAL) in a Microsoft Office 365 environment can largely enhance an organization’s effectiveness in pinpointing malicious activities happening within their cloud. It will alert the Security and Compliance Center whenever an abnormal event is identified. It’s advised for the organizations to at least enable alerts for suspicious logins, such as those from unrecognized IP addresses and user accounts that have exceeded the benchmark set for sent emails.

Incorporate Microsoft Secure Score

Microsoft also offers a built-in feature called the Microsoft Secure Score, which measures an organization’s security condition relative to the Office 365 services it uses and offers recommendations for improvements and upgrades.

Though the recommendations offered by this tool do not provide information on all aspects of security configuration, it’s still beneficial for organizations because Office 365 keeps upgrading and adding to its offerings. Microsoft Secure Score provides a centralized dashboard to organizations for timely tracking of activities and enhancing compliance and security within the Office 365 environment.

Combine Audit Logs With Current Security Information and Event Management (SIEM) Tool:

Organizations must integrate their existing log management and tracking solutions with their O365 Unified Audit Log (UAL). It will further enhance their ability to identify abnormal activities on-premises and correlate them with potential malicious activities in the Office 365 environment.  This will ensure that you can detect unusual activity in your environment and correlate it with any potential anomalous activity in O365.

It’s highly recommended that organizations practice the following measures:

  • Enabling multi-factor authentication (MFA). This is one of the most effective mitigations to eliminate the risk of credential theft of administrators and users in the O365 environment.
  • Securing Azure AD Global Administrators from cyberattacks and following the rule of “Least Privilege.”
  • Authenticating Unified Audit Log (UAL) in the Security and Compliance Center.
  • Enabling alerts for proactive actions against malicious logins and emails.
  • Integrate with organizational SIEM solutions.
  • Disable legacy email protocols, if not required, or limit their use to specific users.

Key benefits of cloud computing

The Evolution of Information Technology

Before we dive deeper into the world of cloud computing, let’s first examine the evolution of information technology.

Information technology went through a series of changes on its way to cloud computing. To understand where we stand today, we must be informed about where we stood in the past. This brief history will enable you to appreciate everything that makes cloud computing better and different than traditional Informational Technology (IT).

The age of computing began in the 1970s when businesses focused on significant infrastructures, including:

  • Mainframes
  • Big point-to-point networks
  • Centralized databases
  • Big batch jobs

By the end of the last decade, terminals were introduced into personal computers. During the same period, hierarchical systems were decentralized, with a broader, expansive collection of storage and computer servers dissipated throughout a company. Though batch jobs were still a norm, several programs became influential during this age, ultimately gaining better, more advanced, and user-friendly visual interfaces along the way. Infrastructure would, in general, be related to applications, and critical applications generally required costly infrastructure.

Additionally, this era also observed the ascent of databases, which were key to business growth, as they held critical data controlled by the applications in the implementation of business processes. This information was typically organized, graded, and firmly connected to the corresponding processes.

The excursion to cloud-based computing requires hefty investments throughout the company, with focus on all parts of the business, including the finances, compliance, legal obligations, internal policies, technological development, executive and corporate sponsors, risk mitigation, and strategy. Considering the large number of business components, it requires a generous amount of work and time to move everything to cloud computing.

Now that you’ve understood the background let’s explore the basics and general characteristics of cloud computing.

What’s Cloud Computing?

Cloud computing is a framework that enables businesses to have on-demand, pervasive, and convenient access to shared computing resources that can be quickly provisioned and disseminated with minimal efforts and interaction of the company’s management or service provider.

Understanding the basic characteristics of cloud computing is essential in picking the right cloud computing service for your business, or a cloud service could be fully utilized. Unless a solution or service aligns with the following essential characteristics, you can’t call it real cloud computing.

It refers to a process in which a user can access several computational properties, including communication networks, cloud services, and storage facilities. In cloud computing, the services are offered according to the performance of the infrastructure and the system responsible for the development and deployment of the cloud software. After the payment is made, the user can avail the following services:

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)

In simpler terms, cloud computing is the execution of all computing services needed on-demand, ranging from integrated applications to data storage and power processing. Cloud computing extends to the distribution of resources, software, and information via a single network. The data storage is performed on physical and virtual servers that are overseen by the service provider. For example, Amazon manages its cloud computing product, Amazon Web Services (AWS). Businesses can easily access the data stored on the cloud network using the internet, and they can utilize this information for making essential day-to-day decisions.

Essentially, cloud computing delivers countless benefits in the Information Technology landscape. It can decrease the IT expenses in an organization to a large extent, especially when it comes to maintenance of the systems and software. A cloud computing user can use the available resources in the cloud network, instead of worrying about purchasing costly IT systems.

Additionally, the operating costs of the IT department reduce significantly because of the following reasons:

  • The cost of purchasing a new system and software upgrades decreases.
  • You no longer need a large team of IT specialists to run the systems, resulting in reduces payroll expenses.
  • A quicker system eliminates delays in the fulfilment other business processes.
  • You require fewer IT employees and minimal use of personal computers, leading to a reduction in energy consumption and bills.
  • It and cloud computing must be interrelated to reduce expenses.

Governance Risk Compliance (GRC) Framework and Cloud Computing

Cloud Computing Governance

Cloud computing governance is an innovation in the paradigm of governance that is focused on responsibility, adjusting benefits, alleviating risks, and allocating resources to make profitable decisions. It established internal policies that offer a direction for appropriate control and investment in cloud computing services. Governance frameworks integrated with cloud computing can significantly improve an organization’s governance on an industrial level. Additionally, cloud computing governance can be integrated with the current standards of governance in an organization, allowing for better growth and flexibility.

Cloud Computing Risk and Compliance

Cloud computing plays a significant role in risk mitigation and compliance with internal policies and state laws. Every business has a different type of risk, but they are mostly related to finances. However, as mentioned before, cloud computing allows for a significant reduction in IT expenses, especially IT operations costs. Cloud computing risk works on ten primary principles. A better understanding of these principles provides a direction for businesses to migrate further into cloud computing. The four main principles of cloud computing risk are:

  1. Vision
  2. Visibility
  3. Sustainability
  4. Accountability

When businesses abide by these principles, it becomes easier for the managers to devise strategies that can alleviate potential risks associated with cloud computing.

Characteristics of Cloud Computing

The five essential cloud computing characteristics are:

  1. On-Demand Self-Service
  2. Broad Network Access
  3. Resource Pooling
  4. Measured Service
  5. Rapid Elasticity

Let’s have a closer look at each of the characteristics:

On-Demand Self-Service

On-demand self-service means that cloud computing allows for the delivery of resources wherever and whenever they are required. From the perspective of security, cloud computing has experienced some difficulties pertaining to the operation and delivery of cloud services. It may violate a company’s internal policies because you don’t need approval from the finance, purchase, or any other department in a company for an on-demand self-service. It implies that these services can be used by any individual who holds a credit card.

Self-service also suggests that a cloud computing user can manage, configure, or access the cloud services without the intervention of a cloud service provider after completing the user activities.

Access to a Broad Network

Cloud is continually operating and available, offering users broader and more flexible access to essential data and resources. Talk about feasibility! You can access whatever information, whenever you require it, and from any remote location if you have the applicable credentials. In principle, you will only require a stable internet connection and the accreditations to access any resource you require. Today’s digital landscape is highly dependent on smartphones, and other smart gadgets and organizations are shifting their infrastructures accordingly. Cloud computing is user-friendly for all such smart devices. However, non-standardization, device incompatibility, and failure to implement security controls can somewhat be a challenge in assessing some cloud services.

Resource Pooling

It is another benefit that cloud computing offers to businesses. We have been a period where we had to request the finance and procurement department to buy more computing capabilities to fulfil IT operations. On average, these computing systems could use 80 to 90 percent of the resources for limited hours and only once a week. Cloud computing allows for resource pooling on a broader landscape accessible to all the users and clients. These pooled resources are then modified and scaled according to the resource requirements of each user. Cloud service providers usually have a massive database of resources fetched from thousands of applications, network devices, servers, and other sources. An incredibly expansive resource base allows for efficient accommodation of a large number of clients and facilitating each client according to their resourcing needs.

Monitored Service

Cloud computing offers an extraordinary benefit that conventional IT systems struggle with. It allows the users to monitor, measure, and report their resource usage, leading to countless advantages, and better transparency between the client and the cloud service provider. Cloud services also allow businesses to keep tabs on their costs and control them. Businesses are only required to pay for the services they avail, and they can even ask for the breakdown of resource usage or a detailed invoice for any service. In addition to this, it allows proactive companies to monitor the resource usage by each business unit or department so they can quantify the costs accordingly, allowing IT and finance to quantify the exact usage and costs by department or by business function — something incredibly challenging to accomplish in a conventional IT environment.

Rapid Elasticity

This refers to cloud computing’s ability to quickly provide users with additional storage, compute power, data, and other resources, according to their changing and growing needs. Users may not be able to realize this benefit because the resources are continually added to the cloud for a seamless experience.

Also, since cloud computing operates on a “pay-to-go” structure, users only have to pay for the resources they use. They can monitor the costs of their additional resource usage and limit them in case of a negative ROI. This is especially beneficial for businesses that need to expand their operations during certain seasons, occasions, or festivals. For instance, a clothing business can reap the benefits of rapid elasticity during the Christmas sale season, when the sales rise exponentially. On the other hand, if this clothing business were to use traditional IT systems, it would have to spend a massive sum in capital expenditures to cope with skyrocketing demand.


In a nutshell, cloud computing is an incredible revolution in the world of technological advancements. It has helped businesses transform the strategies they once used to manage their data and ensure good governance and profitability. The advantages offered by cloud services are enormous for cost reductions, business growth, and smoother and quicker operations. Though many organizations seem to be concerned about cybersecurity when it comes to managing data on a vast landscape, cloud computing eliminates the risk of a security breach with its advanced tools.

What is IT-Governance Risk Compliance

Other than providing solutions in the form of quality products and services, a business’s primary purpose of existence is profitability. Yet, to make such profits, businesses need to have excellent administration. Organizations with great leadership and administration are observed to accomplish their objectives. Additionally, organizations need to have an effective risk alleviation plan. In the corporate landscape, risks are inescapable—each organization, regardless of whether a small startup or based on a large scale, has to experience different risks.

What makes them different is how they deal with these risks and manage to thrive. Also, organizations need to comply with the legal regulations and their policies. Businesses can only succeed if they operate in a disciplined manner. With these three factors consolidated, businesses increase their chances of achieving their short-term and long-term objectives.

If a business follows the framework of Governance Risk Compliance (GRC), it’s an indication that they have good governance and leadership, an efficient plan for risk management and mitigation, and abide by the country laws and state regulations.

What Is Governance Risk and Compliance (GCR)?

In the corporate world, the term Governance Risk and Compliance (GCR) suggests a company’s compliance with governance, risk alleviation, and laws. These three factors are focused on helping organizations accomplish their goals. It’s an organized approach to managing primary business operations, and if planned well, it can lead to handsome revenues and profits.

However, if this approach isn’t appropriately integrated within an organization, it won’t prove to be effective in goal achievement.

Let’s dive deeper into the basic concept of each factor.


This alludes to a business management approach utilized by senior officials. It guarantees that all company frameworks are in line with the company’s short-term and long-term goals. A company without good governance cannot completely execute the other two facets of GCR. This approach also ensures that every piece of information received by the senior executives is factual and error-free, so it can be used to make decisions critical for accelerating business growth.

Risk Alleviation

This factor refers to every activity that helps identify and analyze potential risks that may keep an organization from accomplishing its objectives and goals. Organizations have a wide range of risks that may influence their operations. However, the effect of these risks on an organization’s existing position will vary in general.


The last facet of the GRC framework refers to an organization’s compliance with its internal policies and state regulations and legal obligations. Here, the company’s management focuses on determining whether their organization is abiding by statutory and internal requirements. The management must also consider the potential repercussions of non-compliance with these prerequisites and devise remedial measures accordingly. Additionally, they must be informed about any changes in the laws on a national and state level.

Though every employee of a company is responsible for the execution of the GCR framework, it mostly depends on the top-level hierarchy. This is because they are required to regulate and monitor the business, establish realistic goals, and make critical business decisions.

What is Information Technology (IT) GRC?

It is a framework that focuses on authorizing the IT department of a company to help it move forward and accomplishing the goals by conforming to all its rulings. In simpler terms, IT GRC is the application of Information Technology in better management of governance, risks, and compliance on an organizational level. Many businesses are already utilizing this framework to boost their profitability to achieve their targets. A typical example of IT GRC is the use of a spreadsheet for data entry, storage, and analysis.

How Is IT GRC Beneficial for Organizations?

Other than the automation of regular business tasks, IT GRC offers the following advantages to companies:

Information Security

Cybersecurity is one of the significant benefits of implementing the IT GRC framework in an organization. Cybercrimes have surged significantly in the past few years, and the threat has prompted businesses to contemplate over their data security regulations. In the current corporate landscape, an effective cybersecurity system is a regulatory mandate.

Timely Analysis of All Business Reports

IT GRC enables businesses to generate updated reports on the organization’s operations and workflow. Reporting analysis is especially helpful when businesses want to observe how well a particular change in the policies has been implemented throughout the organization.

Ease of Information Collection

By automating the regular tasks, IT GRC makes it easier for businesses to assemble data. It allows management to circulate surveys and questionnaires electronically via the company’s email and collect all the responses. This is a hassle-free approach that costs significantly less and requires little time for data analysis.

Boost Business Profits:

Companies that deploy the IT GRC framework tend to operate more efficiently. They can extract useful information from their data in no time and implement useful insights to stay ahead of their competition. Furthermore, they promptly update their policies and operations according to the changing state laws, which leads to higher customer trust, and ultimately, improved revenues.

Efficient Allocation of Resources

With the IT GRC framework’s help, companies can identify the grey areas, including the non-functioning departments, projects, or product lines that are consuming excessive resources but aren’t profitable. Businesses can move their resource allocation from such areas to others that generate more revenues and profits.

Enhanced Communication Among Departments

IT GRC enables the top hierarchy to effectively communicate the company’s objectives to all the departments in an organization to ensure all of them work toward achieving a collective organization goal. They can further notify all employees about the recent changes via emails or other automated platforms.

Common Challenges Faced by Businesses That Implement IT GRC Framework

  1. Every unit and department of a company adopting the IT GRC framework has to conduct its own auditing because this approach lacks a centralized auditing policy.
  2. Though this framework is expected to secure the policies, strategies, and controls, the extensive auditing processes in large scale organizations may have affected it at some point, leading to compromised security.

Finding the Right IT GRC Tool for Your Business

Though every tool used in the IT GRC framework is useful in an organization’s success, the enormity of profits could rise exponentially if organizations choose the right IT GRC tool, attuned to fulfil their business requirements.

Here are some critical factors that companies must consider while choosing an IT GRC tool:

  • Is the tool user-friendly?
  • Is the data depository aligned with your company’s needs?
  • What are the tasks that the tool can automate?
  • Does the tool’s data modeling capabilities fulfil your business requirements?

If you’re able to pick the appropriate tool, you can reap the real benefits of IT-Governance Risk Compliance.