Blog

Cymmetria releases honeypots for two Oracle vulnerabilities (CVE-2017-10271, CVE-2018-2636)

Cymmetria has just released honeypots for the detection of two Oracle vulnerabilities that were recently made public: CVE-2017-10271 (Score: 7.5) Vulnerable: Oracle WebLogic 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 The honeypot will detect the reported RCE vulnerability by detecting the exploitation attempt, but will not allow commands to run or, as seen in the in-the-wild exploit, to …

Cymmetria releases honeypots for two Oracle vulnerabilities (CVE-2017-10271, CVE-2018-2636) Read More »

Marcus Alldrick, previously at Lloyd's of London, joins Cymmetria as Chief Risk Officer

It is my honour to write this blog introducing Marcus Alldrick, who is joining Cymmetria as Head of Risk. I first met Marcus in 2005, at a European CISO conference. At the time he was CISO for Abbey, following a long career in information security in the UK. In fact, he was the chair at …

Marcus Alldrick, previously at Lloyd's of London, joins Cymmetria as Chief Risk Officer Read More »

dashboard

A new year, a new version of the MazeRunner Community Edition!

2017 has been an exciting year for Cymmetria. We’ve seen deception gain popularity, and our products are now used by some of the world’s largest organizations, as well as many of the coolest smaller ones. While we’re focusing a lot of our efforts on deployment automation and overall scalability for enterprises, we are committed to …

A new year, a new version of the MazeRunner Community Edition! Read More »

Russian threat actors now widely targeting critical infrastructure

Russian threat actors have been prolific for some time now and while we cannot pinpoint significant technical changes, their operational goals and modus operandi seem to have shifted dramatically, from industrial espionage and intelligence gathering, to potentially building the infrastructure for a destructive critical infrastructure attack. We are not the only ones to note the …

Russian threat actors now widely targeting critical infrastructure Read More »

Linux SSH interaction

Unexpected challenges: Allow SSH service on Linux decoys to accept any user and password

When customers started using Cymmetria’s MazeRunner on an Internet-facing interface, we were a bit surprised. Perhaps we shouldn’t have been; after all, honeypots have been used that way since their inception. But modern cyber deception is about controlling the attacker’s path once they are already inside your network, and detecting them—fast. Thus, some of our …

Unexpected challenges: Allow SSH service on Linux decoys to accept any user and password Read More »

Legal Hack-Back

When Founder and CEO, Gadi Evron, told me Cymmetria was releasing a “hack-back” product for our customers, I had the same visceral response that every one of you is likely having right now: “Isn’t hack-back illegal?” The term conjures up thoughts of vigilante justice running amuck on the Internet. In 1994, while I was at …

Legal Hack-Back Read More »

Scroll to Top