"Cymmetria’s MazeRunner platform lets you dominate an attacker’s movements from the very beginning and lead them to a monitored deception network."

Let me start off by saying that this is a wicked cool product!  It was really well thought out and it shows when you're bolting on each of the pieces to build your puzzle maze.  Despite this being the community version, it is very functional and gives you a really good idea as to how it can help protect your network.

The community version comes as an OVA.  After you spin it up, you are presented with the login page:

Read more: MazeRunner

Disclosure date:  9/23/19

Gila CMS 1.11.3 and possibly before are affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection.  This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Read more: Gila CMS 1.11.3 CSRF

The description states:  "nightfall is a born2root VM designed for beginners."

I have to say that I was sort of disappointed at the direction this went because I thought it was going one way and then it ended up going another.  I guess if I had given some attention to the description, I would have realized my direction is a little more than beginner but I guess that's also in the eye of the beholder.  Anyway, let's get after it...

Read more: Vulnhub sunset: nightfall Walkthrough

Watch your IoT devices watching you

"What is the purpose of the IoT Inspector project?"

"Many people use smart-home devices, also known as the Internet-of-Things (IoT), in their daily lives, ranging from bulbs, plugs, and sensors, to TVs and kitchen appliances. To a large extent, these devices enrich the lives of many users. At the same time, they may bring negative impact to their owners."

Read more: IoT Inspector

Disclosure date:  9/23/19

Grav CMS v1.6.16 and possibly before are affected by numerous Cross Site Script vulnerabilities.  This vulnerability can be exploited with or without an authenticated account.  

All things considered, this is fairly benign as far as I can tell.  There are a number of built-in protections and I think this is just a small hole that would be difficult (for me) to exploit.  That said, I like the exercise.  

Read more: Grav CMS XSS

I attended a business gathering the other day and someone asked me who our ideal customer would be.  Our ideal customer is a small business owner that is concerned about cybersecurity, wants to do something about it, but doesn't know what to do. 

The solutions we offer recognize that small businesses don't have endless dollars to throw at security.  With that in mind, I love Thinkst Canaries but $5000 for two of them immediately pushes up against that cost barrier.  As an alternative, we can use OpenCanary installed on some modest hardware and drive the cost down significantly.

In your arsenal of goodies, canaries are useful because unlike most other devices on the network which have thresholds, canaries alert off of a single hit.  And for a good reason because there's no reasonable explanation why this box should be touched unless someone is up to no good.  

Read more: OpenCanary