@isectech_ profile picture
iSECTECH @isectech_

Managed cybersecurity for busy IT teams & founders. We translate today's threats into 60-second actions — and take down the ones aimed at you. iSECTECH.org

Joined February 2018
  • Tweets 773
  • Following 3
  • Followers 90
86 Photos and videos
Pinned Tweet
iSECTECH@isectech_
28 Oct 2024
0:10
1
479
Your action list this week: 1) Patch Exchange NOW (CVE-2026-42897). 2) Update Veeam to 12.3.2.4854, isolate backup servers from AD. 3) Check ServiceNow logs for 51.159.98.241. 4) Update Chrome. 5) Audit AI agent permissions if you've deployed LLM email tooling. #CyberSecurity
69
The real attack surface isn't the headline CVE. It's the quiet ones: 27 spoofing flaws, BitLocker bypass, Kerberos KDC RCE, DHCP client RCE. Security programs that only chase CVSS 9 miss the lateral movement chain hiding in the 7s and 8s. #BlueTeam
33
June Patch Tuesday math: 206 flaws. 55 RCE. 65 privilege escalation. 19 security feature bypass. 30 info disclosure. Plus Exchange zero-day, RoguePlanet, Chrome V8, HTTP/2 Bomb, Ivanti, Veeam, Check Point VPN, ServiceNow, and Tchap. All in 48 hours. #SecurityProgram
90
Check Point Remote Access VPN — zero-day actively exploited by Qilin ransomware. CISA gave federal agencies 3 days to patch. Three days. Because attackers move fast. Does your org's patching SLA match that speed? Most enterprise SLAs say 30 days for critical. #ThreatIntel
28
Six flaws in protobuf.js (Proto6) — RCE and DoS in Node.js apps. protobuf is everywhere in microservices and most teams don't know it's in their dependency graph. Run 'npm ls google-protobuf' and check your exposure. Serialization libs are an attack surface. #DevSecOps
16
Ivanti Sentry — CVSS 10.0. Remote code execution as root. No authentication. Ivanti has been a revolving door of critical flaws since 2024. If you're still running it without detective controls, you're trusting a vendor with a documented broken track record. #CISA
6
Russia-aligned groups are actively exploiting a WinRAR flaw to deploy info-stealers against Ukrainian targets. WinRAR is on millions of endpoints. File archive utilities are not low-risk software. They parse attacker-controlled input and most orgs never patch them. #APT
37
HTTP/2 Bomb: you send a few kilobytes. The server allocates gigabytes. You manipulate flow-control to prevent memory release. Rinse, repeat. Pure resource exhaustion, zero auth needed. Mitigation: limit header count at the proxy layer (MaxHeadersCount). #WebSecurity
29
HTTP/2 Bomb — CVE-2026-49160. Tiny payload, massive server memory allocation. Confirmed against NGINX, Apache, IIS, Envoy, and Cloudflare. Attacker abuses header compression and flow-control to lock up memory indefinitely. No auth required. Microsoft patched it today. #DoS
80
Chrome CVE-2026-11645 — V8 JavaScript zero-day, exploited in the wild before Google patched it. This is the browser your team uses 8 hours a day. V8 flaws run code in the renderer with no user interaction beyond loading a page. Update Chrome now. #BrowserSecurity
62
Halfway through today's thread. The theme isn't "patch your stuff." It's: attackers moved first on Exchange in May, on Veeam this week, on ServiceNow for weeks. Detection gaps slow patch cycles are not bad luck. They're the business model for ransomware. Follow @isectech_ ⬇️
50
The OpenClaw finding should be on every CISO's desk. Your AI email assistant can be socially engineered. GPT-5.4 was more cautious. Gemini was eager to help. Neither validated sender identity. Zero trust for AI agents means: verify before acting. Always. #ZeroTrust
31
OpenClaw AI agent test: researchers sent phishing emails to an AI email agent with access to real data. It emailed AWS keys and a full CRM export to the attacker's Gmail. Strict mode failed too. AI agents inherit human attack surfaces — plus automated speed. #AI
39
The Tchap breach: 300,000 monthly users were told public rooms aren't encrypted. Nobody acted on it. The attacker didn't break crypto. They sent a convincing email and got a valid account. Encryption is not a security posture. Training humans is. #Phishing
1
20
France's Tchap government messaging app was breached via social engineering. One hijacked account. 650,000 messages exfiltrated. 73,000 employee records. 13.5GB of files. The attacker said every shared file was downloadable without a token from any server shard. #InfoSec
10
Your ITSM platform is a treasure chest. Every password reset, every troubleshooting ticket, every access request — attackers don't need your crown jewels. They just need one poorly configured REST endpoint and patience. ServiceNow proved it this week. #SOC
51
ServiceNow breach: unauthenticated API endpoint had requires_authentication=false. Attackers queried customer instances before June 5. ServiceNow stores IT tickets with credentials, tokens, SSH keys, internal docs. IOC: 51.159.98.241. Check your logs. #AppSec
90
Ransomware gangs go for backup servers first: steal data from tickets, block recovery, delete backups. Veeam runs in 82% of Fortune 500 environments. CVE-2026-44963 is domain-joined RCE with no special permissions. Isolate your backup infra from AD now. #VulnMgmt
38
Veeam Backup & Replication CVE-2026-44963 — any domain user can trigger RCE on your backup server. Ransomware gangs target Veeam first because killing backups guarantees payment. Your DR plan is only as strong as the server protecting it. Patch to 12.3.2.4854 now. #Ransomware
41
The RoguePlanet story matters beyond Windows. A researcher releases SYSTEM-level exploits because Microsoft keeps removing their repos and ignoring their disclosures. This is what bad bug bounty culture looks like. Vendor silence creates public zero-days. #VulnDisclosure
15
Load more