// Overview  Amaru's MDR is aware of an active ransomware campaign targeting unpatched VMware ESXi hosts facing the public internet. On February 3rd, 2023 the French National CERT first reported a threat actor campaign targeting VMware ESXi hypervisors with the aim of deploying ransomware. The initial access vector is CVE-2021-21974, a vulnerability that allows an attacker to remotely execute arbitrary code. A...

The name Simplify Security doesn’t capture our mission enough. And as a result, we’re rebranding to Amaru. Bigger mission, same vision, same values, same purpose. When I started this business in 2019, I wanted to help organisations grow better with more innovative, pragmatic and affordable security solutions at a global scale - that hasn’t changed.  When I take a look at the last three years, we have helped several...

Open-source intelligence (OSINT) is the practice of gathering, analyzing, and using information from publicly available sources. This can include data from websites, social media, news articles, government reports, and other sources that can be legally and ethically collected and analyzed. An OSINT exercise is a structured process of collecting and analyzing open-source information to support a specific goal or...

A penetration test, also known as a "pen test" or "ethical hacking," is a simulated attack on a computer system, network, or web application to identify and exploit vulnerabilities. The goal of a penetration test is to assess the security of a system by attempting to gain unauthorised access, and to identify and evaluate potential vulnerabilities. Benefits of a penetration test include: Identifying vulnerabilities:...

A checklist that you can use to help achieve SOC 2 compliance: Review and understand the SOC 2 Trust Services Criteria (TSC) and select the appropriate type of SOC 2 report (Type 1 or Type 2). Most organisations start with Type 1 and Security (mandatory), Confidentiality and Availability. Conduct a risk assessment to identify and evaluate the potential threats and vulnerabilities to your organisation's systems and...

  SOC 2, NIST CSF, and ISO 27001 are all different frameworks that organisations can use to improve their cybersecurity and data protection efforts. Each framework has its own set of requirements, and they all have different purposes, although there are some similarities among them. The differences SOC 2: SOC 2 is a set of security and privacy standards for service providers that handle customer data. SOC 2...

RESELLER NEWS is proud to announce the winners of the Innovation Awards in 2022, featuring a leading and diverse line-up of partners, vendors, distributors and individuals across New Zealand. The winners were selected from 2244 finalists (including 65+ individuals) which made the shortlist from a pool of over 100 organisations, spanning partner, start-up, telco, vendor and distributor businesses. Celebrated during...

It’s something we all know instinctively, if a whole load of new information is thrown at you, your recall of it will be somewhat cloudy one week later. This is exactly what German psychologist Hermann Ebbinghaus showed back in 1885 when he developed the forgetting curve. Though his research is over a century old now, the principle remains true today. Most of what you learn will be forgotten within an hour. This...

Since the news of this critical RCE (CVE-2021-44228) in Apache log4j was made public on Friday, Simplify Security's MTR team has been investigating activity to improve detection and response capabilities. As a quick summary, this vulnerability results from how log4j handles processing log messages when sent a specially crafted message by an attacker. This can result in loading an external code class and...

On December 9, 2021, the Apache Log4j project’s GitHub publicly disclosed a high severity vulnerability that impacts Apache Log4j 2 versions 2.0 to 2.14.1.   The vulnerability allows for unauthenticated remote code execution on Log4j 2, an open-source Java logging library used as a dependency by numerous enterprise applications and cloud services. Currently, there are reports of this vulnerability being exploited...

New Zealand’s privacy laws haven’t changed since 1993, but technology and the way we live our lives online has changed significantly since then. Around the world, privacy laws are being updated to cover the needs of our changing world, and now it’s New Zealand’s turn. The changes to the Privacy Act cover the addition of a new privacy principle, mandatory reporting on data...