Confirmed Zero-Day vulnerabilities in Microsoft Exchange Server

Cyber security update: Confirmed Zero-Day vulnerabilities in Microsoft Exchange Server

As of 4th October 2022, Microsoft have confirmed that two Zero-day vulnerabilities affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Microsoft have stated that Exchange Online customers do not need to take any action, however if you have a Hybrid Exchange infrastructure this advice still applies.

Further updates and details on the potential vulnerability can be found here

In addition to Microsoft guidance, Solace Cyber recommend that the mitigation be further tightened by altering the URL block string:

.*autodiscover\.json.*Powershell.*

Solace Cyber are offering an initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

This update is correct as of 12.23 GMT on 4th October 2022. The situation continues to develop rapidly, so please contact the team for an initial conversation with the latest advice.

Determine if you have been affected by Windows Exchange vulnerability

Receive a free initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

Military deployed in Ouagadougou

At around 0400 local time, gunfire and explosions were reported from military bases inside Ouagadougou. Eyewitnesses and social media also reported gunfire from the vicinity of the Presidential Palace and Camp Baba Sy, where the current transitional government headquarters are located. Multiple roads inside the capital are reportedly blocked and military personnel have deployed on the streets. Local media claim that the immediate vicinity of the national television offices (RTB) is inaccessible due to military roadblocks. Images posted to social media appear to indicate state TV outages in Burkina Faso, although this has not been confirmed.

Heavily armed personnel are now reportedly present along the “strategic axes” of Ouagadougou, although no further details regarding their exact location are currently available. The current whereabouts of Burkina Faso’s President Paul Henri Damiba, who came to power after a military coup in January 2022, are also unconfirmed, although he reportedly remains inside the capital.

Sporadic gunfire continues several hours after the initial reports of violence. The situation remains highly volatile, with violence ongoing throughout the capital, and the current tactical situation remains unclear due to difficulties obtaining accurate information from the ground. Burkina Faso has rapidly become the epicentre of the violence that began in neighbouring Mali in 2012 but which has since spread across the Sahel region south of the Sahara Desert. The Burkina Faso military has been conducting a series of operations against Islamist militants across the country’s East and Sahel regions in recent months, with military forces claiming to have killed over 100 militants in the past month alone.

Although not yet confirmed, this incident bears all the hallmarks of an attempted military coup. Burkina Faso last experienced a military coup in January 2022 and has been under transitional military rule since then. During the January coup, gunfire was reported from military bases across the capital and soldiers were reported to have seized the Sangoulé Lamizana barracks and surrounded the RTB offices. Soldiers subsequently appeared on national TV to announce the overthrow of former President Roch Kabore. Around eight days later, the military junta restored the constitution and appointed Paul-Henri Sandaogo Damiba as interim president.

Control of state television apparatus appears to be a reliable coup indicator. In 2021, soldiers appeared on national television in Guinea to announce a military coup which deposed longstanding President Alpha Conde. In this way, further reports of soldiers entering the RTB offices in Ouagadougou should be considered likely indicators of a confirmed coup attempt.

Although unclear, ‘strategic axes’ of the capital very likely refer to the Boulevard des Tensoba, the area around the US Embassy and Presidential Palace near Boulevard Muammar Kaddafi, Avenue Kadiogo and Avenue de la Nation.

The situation in the capital comes just 24 hours after protests against President Damiba, blaming him for the deteriorating security situation in the country, and just days after at least ten soldiers were killed and 30 injured in an attack on a military convoy near Gaskindé. These incidents follow a sustained pattern of violence in the north of the country which appears to be spreading to the capital, as security forces battle to contain an expanding Islamist militancy. On 7 August, the government were forced to deny reports that they intended to sign a truce with militant groups until their planned transition to democracy was complete.

It therefore remains likely that elements within the Burkina Faso military have attempted to launch a coup against the current junta. The situation will almost certainly remain delicate and highly volatile in the immediate term.

Solace Global Advice

• Widespread unrest and violence remain possible in the short term. Travellers should avoid all ongoing military activity and any large public gatherings as the security situation may deteriorate quickly and without warning.
• In the event of a significant security development, travellers in Burkina Faso should follow any instructions issued by the government or military authorities.
• If violence escalates inside the capital, consider departing from Ouagadougou whilst commercial options are available.
• Key military and political infrastructure inside the capital are very likely to remain focal points for violence. You should be particularly vigilant in these areas and follow any specific advice from the local
security authorities.
• Expect significant travel disruption and an enhanced security force posture inside Ouagadougou in the short term.
• Always follow all instructions and orders from security forces. Where possible, avoid areas of active conflict and remain inside a secure location away from windows.

• Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.
• Emergency services may be unable to support you in the short term. Be aware of what consular support may be available to you in-country.
• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
• Monitor the Solace Secure platform and trusted local media for updates.

Election violence in Kenya

Situation Summary of Election Violence in Kenya

On 15 August, violence erupted at the Bomas of Kenya in Nairobi, as the Independent Electoral and Boundaries Commission (IEBC) had been scheduled to release the results of the Kenyan general election. Live footage from the venue showed physical altercations breaking out between attendees, with military
personnel intervening to break up the violence.

Earlier on 15 August the IEBC had announced a delay in releasing the results, although did not specify a reason for the delay. Separately, four commissioners of the IEBC held a press conference at the Serena Hotel in Nairobi, in which they stated that they could not “take ownership of the results” due to concerns over their opaqueness. As the violent scenes emerged and news broke of the division within the IEBC, it
was announced that riot police across the country had been placed on standby, with Kenya’s highest bishop calling for calm and peace to prevail.

In the days since the 9 August election, the IEBC has been verifying the vote tallies provided by the country’s polling stations. In this interim period, both main presidential candidates have alluded to voting irregularities and of fighting the result in courts. Meanwhile, the delay between voting and the announcement of a result had only led to further speculation and disinformation around the legitimacy
of the vote.
Around 20 minutes after the initial chaotic scenes at the Bomas of Kenya, and despite four of the seven IEBC commissioners stating they could not back the results, the IEBC announced that William Ruto had won the election with 7,176,141 votes – amounting to 50.49 percent of the total valid votes. The pre-election favourite, Raila Odinga, received 6,942,930 votes – representing 48.85 percent of the votes cast.

Solace Global Comment

In 2007, post election violence resulted in more than 1,500 civilian deaths, whilst in 2017 at least fifty were killed and the election result was seen as so contentious that the country’s Supreme court ruled the vote should be re-run. Odinga has run for president on five occasions and has lost each time he has run.
He has also disputed the final election result following each loss, which set the conditions of suspicion and mistrust, and ultimately precipitated previous outbreaks of post-election violence. Given that Odinga was seen as the favourite to win the Presidency during the 2022 election, the closeness of the declared result and the inconsistency from the IEBC on 15 August, it is highly likely that he will once more
attempt to contest the election results.

Regardless of whether Odinga officially disputes the result, it is highly likely that his supporters will rally against the result. Any such unrest is highly likely to become violent. The city of Kisumu, which is home to a large pro-Odinga voting bloc, has already begun to see protests break out against alleged vote rigging, whilst in the Kibera area of Nairobi there are reports that riots have begun to break out. Further
unrest is likely to remain centred on the political centres of gravity in Nairobi, with the State House, Central Business District, and Serena Hotel all probable areas of unrest in the short term.

It is noteworthy that this was the first election in which there was no candidate from Kenya’s largest tribe, the Kikuyu. As a result, if election violence and unrest begins to spread across the country, there is a realistic possibility that it will avoid the traditional split along ethnic and tribal lines. Consequently, post-election violence may occur more widely across Kenya, as it would not be centred on tribal population centres, although it may be less extreme than levels observed during previous elections in which a Kikuyu candidate was participating.

Solace Global Advice

• Widespread unrest and violence remains possible in the short term. Travellers should avoid all demonstrations and large public gatherings as they may escalate quickly and without warning. Immediately vacate the area if caught in unrest.
• In the event of a significant security development, travellers in Kenya should follow any instructions issued by the Kenyan government or local authorities.
• Areas where political figures are known to gather are likely to be focal points for political activism and unrest, especially sites associated with the Presidential office or known protest hotspots. You should be particularly vigilant in these areas and follow any specific advice from the local security authorities.
• Expect localised travel disruption and an enhanced security force posture in the short-term. Allow for additional time when travelling in-country, as protest action and increased security force presence may result in road closures or blockades.
• Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.

• Make sure you are familiar with contact details for the emergency services in Kenya – dial 999 / 112 / 911 to request police, medical assistance or fire brigade.
• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
• Report any suspicious items and behaviours to the nearest security or police officials.
• Monitor the Solace Secure platform and local media for updates.

Support for operations in Kenya

Our team of risk management specialists and intelligence analysts, combined with on-the-ground security support from our global partner network can help secure your operations.

Learn more about how we can secure your operations

HIGH RISK LOCATION SECURITY

US speaker Nancy Pelosi visits Taiwan

Situation Summary

A delegation of American politicians, including House Speaker and senior Democratic politician Nancy Pelosi, landed at Taipei Shongshan Airport in the Republic of China (ROC, or Taiwan) on 2 August. The visit to Taiwan comes amidst an ongoing tour of the Asia-Pacific by the high-profile delegation, which has been conducted for the purpose of reaffirming American commitments to the region. Countries such as Singapore, Malaysia, South Korea, and Japan were included on the official itinerary list, but the visit to Taiwan was hidden, likely out of concerns that any official confirmation would prompt a harsh response from the People’s Republic of China (PRC, or China).

Intelligence suggesting that Nancy Pelosi would visit Taiwan prompted a series of warnings from the Chinese government and state media broadcasters. China warned that any visit to Taiwan would be considered as a provocation that would necessitate a diplomatic and, in some communications, military response from Chinese authorities. Speculation of Nancy Pelosi’s visit prompted China to engage in aggressive military maneuvers in the Taiwan Strait during the morning of 2 August, including the positioning of warships and aircraft along the contested Median Line. A Distributed Denial-of-Service (DDoS) attack was later recorded against the website of Taiwan’s presidential office.

Four US Navy warships, including the USS Ronald Reagan aircraft carrier and the USS Tripoli amphibious assault ship, have been operating east of Taiwan. US officials have stressed that their positioning was prompted by a “routine deployment”, but US military authorities remain on high alert due to the increased risk of miscommunication and miscalculation stemming from the elevated number of both US and Chinese military assets in the region.

In response, Chinese authorities announced three-day military drills will commence near Taiwan from 4 August.

Solace Global Comment

Nancy Pelosi’s visit to Taiwan represents the most senior visit by a US official since the visit of House Speaker and Republican politician Newt Gingrich to Taipei in 1997. Newt Gingrich’s visit prompted irritation within China but was tolerated at the time. Since 1997, however, China’s role in the global economy has grown exponentially, and China has begun to exercise a more assertive role in both regional and global diplomacy. There is now an increased willingness within the Chinese government to adopt a more hawkish stance towards Taiwan, which is actively considered to be one of China’s core national interests, alongside increasingly bellicose rhetoric regarding reunification.

Taiwanese self-governance and the perception of Taiwan as an integral territory of China has prompted the Chinese government to enforce a ‘One China’ policy in its global relations; a practice which the US has acknowledged since President Richard Nixon’s decision to thaw relations between the US and China in 1972. Despite this, the incumbent Chinese Foreign Minister Wang Yi has accused US President Joe Biden of conducting a “fake” One China policy, and Chinese President Xi Jinping has warned the US “not to play with fire” over the legal and diplomatic status of Taiwan.

Although an invasion of Taiwan remains highly unlikely in the near-term due to the complexity of an amphibious assault across the Taiwan Strait, geopolitical and economic impact, and the potential for US involvement in the conflict, Nancy Pelosi’s visit is certain to escalate tensions further and will very likely lead to an increased Chinese military presence in the region over the coming weeks. Chinese officials have likely calculated that there is a need to reassert Chinese credibility over their red lines in Taiwan, given the current trajectory of US-Taiwan relations. A further military response remains realistically possible, such as live-fire exercises, significant naval and aerial posturing off Taiwan, or potentially missile tests in the vicinity of the Taiwan Strait. A Taiwanese response should be anticipated, and the potential for miscalculation should not be ruled out. China may also seek to conduct retaliatory actions towards the US through economic levers.

Solace Global Advice

•In the event of a significant security development, travellers in Taiwan should follow any instructions issued by the Taiwanese government.

•Political tensions may disrupt airspace in both China and Taiwan. It is advised to monitor flight information and check with your travel provider if you are unsure of the status of your flight.

•Instances of civil unrest within Taiwan cannot be ruled out. Travellers should avoid all demonstrations and large public gatherings as they may escalate quickly and without warning.

•Areas where political figures are known to gather are likely to be focal points for political activism and unrest, especially sites due to be attended by Nancy Pelosi or other delegates. You should be particularly vigilant in these areas and follow any specific advice from the local security authorities.

•Expect localised travel disruption and an enhanced security force posture in the short-term as Taiwanese authorities increase measures to protect the US delegation.

• Be aware that China may seek to retaliate for Nancy Pelosi’s visit within the economic, cyber, and diplomatic domains, which could place additional restrictions on business operations and travel within China, Taiwan, and the wider region.

• Make sure you are familiar with contact details for the emergency services (in Taiwan – dial 110 for the police, 119 for medical assistance or the fire brigade).

• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.

• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.

• Report any suspicious items and behaviours to the nearest security or police officials.

• Monitor the Solace Secure platform and local media for updates.

Understand the situation with bespoke intelligence

Be in the know with intelligence reports built directly around your operational requirements.

BESPOKE THREAT ASSESSMENTS AND INTELLIGENCE

Alert Plus – Ecuador Protests – June 2022

SITUATION SUMMARY On 12 June large scale protests were organised by the powerful Confederation of Indigenous Nationalities of Ecuador (CONAIE). These protests are about Ecuador’s rising cost of living and high inflation, in particular the rising cost of fuel. The country has seen demonstrators block roads with burning tires and barricades of sands, rocks and tree branches. Routes in and out of the capital city, Quito, have been blocked, whilst in the capital police vehicles have been set alight. The protests have been severe enough to disrupt some public services and the functioning of some economic sectors. For example, state oil company Petroecuador has had to halt operations at its facilities as a result of the unrest. On 14 June it was reported that the President of CONAIE, Leonidas Iza, had been arrested on charges of “inciting protests” and “sabotage”. His arrest only further inflamed the situation with a spokesperson for CONAIE stating that there would be a “deepening of the struggle” and a “radicalization of the great indigenous and popular uprising”. The arrest saw hundreds of indigenous activists gather outside a military base in Latacunga where he had been taken. After riot police clashed with protestors, overnight on, it was announced on 15 June that Mr Iza had been released. He will still be charged and will face up to three years in prison. Despite his release, CONAIE are continuing to call for widespread protests across the country to continue. At the time of writing the protests have affected at least 10 of Ecuador’s provinces plus the capital. SOLACE GLOBAL COMMENT As stated, the protests were called for by CONAIE, to protest the rising cost of living, and in particular the rising cost of fuel. Recent months have seen Ecuador face mounting economic issues, such as rising inflation, rising unemployment, and rising poverty. In tandem to this, protestors are also aggrieved that the government has yet to address issues with the country’s price controls on agricultural products and have not acted on electoral promises to rollback mining concessions granted in Indigenous territories, create more jobs, and renegotiate farmers’ debts with banks. Given that over one million people in the country are indigenous peoples, CONAIE can be a powerful political and social force. Indeed, protests organized by CONAIE have directly led to the downfall of three Ecuadorian presidents between 1997 and 2005. In recent years to try and stave of that fate, the current Conservative government led by President Lasso has held several rounds of talks with CONAIE on some the economic and social issues. These talks have ultimately produced little of substance for either Lasso or CONAIE, and this combined with the mounting economic problems have led to the calls by CONAIE for protests and demonstrations. In at least releasing Mr Iza less than 24 hours after his arrest, the government likely realized that was a course of action which only served to inflame the situation. It is unlikely that the government will be able to swiftly create better economic conditions, and as such discontent is likely to continue into the short to medium term, however the threat of further protest action could be dissipated through good faith offers of talks and negotiations between the government and CONAIE. SOLACE GLOBAL ADVICE

Be aware that demonstrations are currently widespread and may lead to a significant deterioration in the security environment.
Large gatherings can escalate into violence with little or no warning. As such, avoid all gatherings or immediately vacate the area if caught in unrest.
If currently in the country, especially the capital, minimise all travel and remain indoors in a secure location.
If carrying out necessary travel, Allow for additional time when conducting journeys, protest action and the increased police presence may result in closed or blocked roads.
Avoid all political and governmental buildings across the country, but in particular Quito, due to the likelihood of unrest and clashes.
Follow local news sources to keep abreast of developments
Ensure that you carry personal identification documents at all times. Consider making photocopies of important documents in case of confiscation, theft or loss.
If you find yourself in the vicinity of a protest, seek to leave the area immediately and adhere to all instructions issued by authorities.
Anticipate a heightened military and police presence throughout the country with additional security being reported near all major political and media buildings.
Exercise vigilance and follow all official directives.
Monitor the Solace Secure platform and local media for updates.
If travelling to or currently in Ecuador ensure that you monitor for the latest news for the progress of protests as well as monitoring any political developments.
Additionally, ensure contingency measures are in place in case of a sustained period of instability occurs or if violence escalates. This includes evacuation plans.

Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services. For further details please contact +44 (0) 1202 308 810 or email us.

Alert Plus – Berlin Vehicle Incident – June 2022

SITUATION SUMMARY On 8 June at approximately 10:15 local time, a silver Renault Clio vehicle left the road at the corner of Kurfürstendamm and Rankestraße, mounting the pavement and striking pedestrians. The vehicle stopped as it crashed into a Douglas store on Tauentzienstrasse, where it remains at the time of writing. Berlin police have not yet confirmed whether the incident was caused by traffic accident or is being treated as a terrorist attack. The driver however has been arrested. Eyewitnesses have reported several casualties, with the fire department establishing a patient treatment area on the corner of Kurfürstendamm and Rankestraße. Local media are reporting at least one killed and up to 30 injured. Armed police and emergency services remain at the scene, with many roads nearby cordoned off. SOLACE GLOBAL COMMENT At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack. Vehicle ramming attacks are relatively unsophisticated and do not require a great deal of pre-planning. As such, they have become an increasingly valuable tactic for terrorist organisations operating in Europe – where access to firearms is severely limited and armed police are able to interdict attacks with bladed weapons. Indeed, the Islamic State (IS) group released an audio message in April 2022 announcing a renewed campaign of attacks in response to the killings of the group’s leader and spokesman. The message encouraged IS supporters to carry out knife and vehicle ramming attacks specifically, across both the United States and Europe. It therefore remains likely that this represents a lone actor terrorist attack. Recent terrorist attacks in Europe have been conducted by individuals with violent Islamic ideology, extreme right-wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred outside of a protestant chapel (Kapelle der Kaiser-Wilhelm), near to the site of the 2016 Christmas Market terror attack – in which an Islamist terrorist drove a truck into a crowded Christmas market. There remains considerable potential for subsequent attacks in the greater Berlin area. The city is a particularly target-rich environment given the abundance of high-value infrastructure and the high population density. Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow-on attacks. SOLACE GLOBAL ADVICE

In the event of a terrorist attack those in the area are reminded to RUN – HIDE – TELL – FIGHT.
Terrorists are highly likely to try to carry out attacks across Europe. The possibility of further attacks in the immediate term cannot be ruled out.
Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel, civilians, transportation networks, and high-profile locations.
Areas where large groupings of residents or tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
Make sure you are familiar with contact details for the emergency services (in the EU – dial 112).
Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
Expect localised travel disruption and an enhanced security force posture in the short term.
Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
Report any suspicious items to the nearest security or police officials.
Monitor the Solace Secure platform and local media for updates.

Crescent Yamaha WorldSBK join forces with Solace Global

Solace Global have become official risk and security management partners of Crescent Yamaha for the WorldSBK series, and will be reducing the risk of disruption to races from cyber attacks, along with ongoing travel risk management to keep the team safe. Advanced risk management technology will be integrated into defending 2021 FIM Superbike World Champions, Yamaha, and their official operations, with technical ownership undertaken by Solace Global’s 24/7/365 Security Operations Centre. Solace Global’s team of highly trained security specialists, including ex-military personnel and cyber security experts, will be actively preventing potential security disruptions throughout the season. Crescent Yamaha will be safeguarded against organisational risks by Solace Global, as well as adopting an advanced technological ecosystem to protect against the latest cyber threats.

Protecting Yamaha’s racing team with cyber security services

In addition to managing the risk and security landscape, Solace Global will provide an external data repository that is immune to data loss, corruption and cyber attacks. This means that if a successful cyber attack were to take place, Crescent Yamaha would experience minimal disruption to operations while the team travels to 12 different WorldSBK race venues in 2022, as Solace Global would initiate a full managed recovery while business operations are restored. This mitigates the risk from cyber threats, hackers and ransomware, and ensures the team’s future is secure. Some of the biggest organisations in motorsport trust Solace Global to manage all business-impacting risks. All operations are supported by a solid foundation of security, privacy and compliance with ISO 27001:2013, ISO 9001, ISO 45001 and ISO 14001 accreditations.

➜ VIEW CYBER SECURITY SERVICES

➜ BOOK A FREE RISK ASSESSMENT

“Each year, digital and real-world threats to global racing events have become more problematic. It’s never been in our nature to watch and wait, so we are honoured to be working with an incredible team in Crescent Yamaha to help build a greater culture for security in racing. The goal is to make security technology easier to use and accessible for every race team and organisation. We believe it’s now more important than ever to ensure racing championships are unhindered by external risk, so events can thrive and continue for years to come. We look forward to supporting Paul and the Crescent Yamaha WorldSBK Team off track, so that they can continue to win races around the world. It is a pleasure to welcome Solace Global to our championship-winning Yamaha WorldSBK Team with Crescent.”

“We work in a fast-paced environment that requires military-level precision to be able to fight for race wins and championships, and we require protection from outside threats as well as those posed by our competitors on track” said Paul Denning, Team Principal of Crescent Yamaha WorldSBK Team. “By partnership with Solace Global, it gives me both peace of mind and security that our operations are protected against the risk of cyber threats and data corruption so that we can focus on our main goal at circuits around the world – defending our WorldSBK Championship title in 2022.”

To celebrate the partnership, you can win 2 tickets for the 2022 Donington round of WorldSBK series when you book a free cyber risk assessment. Terms and conditions apply. Applies to risk assessments booked until June 10th 2022. Non-transferrable for cash value.

Alert Plus – Brooklyn Subway Incident – April 2022

SITUATION SUMMARY On April 12 at around 08:30 am ET, gunfire and explosions were reported at the 36 th Street subway station in Sunset Park, Brooklyn. Either an explosive or smoke/incendiary device reportedly detonated before an individual opened fire, although it is currently unclear if the attack commenced on a train or at the platform. At least six individuals with gunshot wounds have been reported, with several other casualties being treated for smoke inhalation and panic related injuries. Several unexploded devices were also reportedly left at the scene, although the NYPD has since claimed that there are currently no active devices at the station. Armed police and emergency services are currently at the station, with NYPD reportedly in pursuit of at least one suspect. Explosive Ordnance Disposal units also remain at the scene. Imagery from social media shows multiple casualties and smoke visible in the air, amid unconfirmed reports that the perpetrator was wearing a construction outfit or high vis jacket and wearing a gas mask. Police have now closed roads and subway stations in the vicinity of 36th Street station, whilst the R, D and N train services have been suspended in both directions in Brooklyn and at some Manhattan stations. Local schools are in shelter in place mode. SOLACE GLOBAL COMMENT At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack. Combinations of explosive devices, weapons and attempts at clothing concealment almost certainly indicate a considerable amount of pre planning for this attack, which appears to be more sophisticated than a typical mass shooting incident. The attack has been deliberately timed and targeted to inflict large numbers of casualties at a peak time in a busy subway station with large numbers of commuters. Similarly, the ensuing chaos would provide an excellent opportunity for perpetrator(s) to extract from the scene. It therefore remains realistically possible that this represents a lone actor terrorist attack. Recent terrorist attacks in the US have been conducted by individuals with violent Islamic ideology, extreme right wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred during the holy month of Ramadan and in the days immediately preceding the Easter holidays. Given that the perpetrator(s) have not yet been detained, there remains considerable potential for subsequent attacks in the greater New York area. New York City is a particularly target rich environment given the abundance of high value infrastructure and the high population density. Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow on attacks. SOLACE GLOBAL ADVICE

In the event of a shooting or explosive incident those in the area are reminded to RUN – HIDE – TELL – FIGHT.
Terrorists are highly likely to try to carry out attacks in the US. The possibility of further attacks in the immediate term cannot be ruled out.
Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel , civilians, transportation networks, and high profile locations.
Areas where large groupings of residents or tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
Make sure you are familiar with contact details for the emergency services (in the US dial 911).
Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
Expect localised travel disruption and an enhanced security force posture in the short term.
Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
Report any suspicious items to the nearest security or police officials.
Monitor the Solace Secure platform and local media for updates.

Alert Plus – Escalating violence in Israel – March 2022

SITUATION SUMMARY At least five people were killed in a mass shooting in a Tel Aviv suburb on 29 March. The attack occurred in the ultra Orthodox Jewish area of Bnei Brak and began shortly before 20:00 local time. The perpetrator, identified as a 26 year old Palestinian man from Ya’bad in the West Bank, was shot dead by Israeli police several minutes after the attack began. Footage of the incident was posted on social media and showed the gunman firing indiscriminately at apartment balconies and passers by in the vicinity of Bialik, Hertsel and Ha Shnayim streets. Among the victims were local residents , including a rabbi, as well as a responding police officer and two Ukrainian nationals. The death toll would almost certainly have been greater had the assailant’s rifle not malfunctioned on at least two occasions, as reported by eyewitnesses and survivors of the attack. The attack was quickly declared an act of terrorism and triggered a large scale response from emergency service personnel and Israeli security forces. A heightened Israeli police and military presence was deployed to the scene amid concerns the shooter may have had accomplices. According to Israeli media reports, the assailant was believed to have been working illegally at a construction site in Bnei Brak and had previously served a short prison sentence for security offences. At the time of publishing, it appears the gunman acted alone and was not affiliated to any terrorist group. The killings were swiftly condemned by Israeli Prime Minister Naftali Bennett, other political figures and the international community. In a statement published shortly after the attack, PM Bennett said the country was “dealing with a new wave of terrorism.” He also reassured the population that Israeli security forces are “up to the task” and would prevail, despite the “great and complex challenge” posed by terrorism and violence. Meanwhile, Palestinian terrorist organisations hailed the killings, with a Hamas official reportedly claiming the ‘Tel Aviv operation’ emphasised the unity of the Palestinian people. Moreover, the Palestinian Islamic Jihad group (PIJ), a US designated terrorist organisation , warned the attack was a “harbinger of our people’s operations to come”. The attack in Bnei Brak marked the third fatal attack in Israel in the past week and caps one of the deadliest in recent years. Indeed, attacks were carried out in Hadera and Beersheva , on 27 and 22 March, respectively. Both attacks were indiscriminate in nature and carried out by Israeli Arabs armed with bladed weapons and/or firearms. The assailants in the Hadera and Beersheva attacks were alleged to have links to the so called Islamic State (IS) terrorist group, raising concerns the group may be planning further violence to coincide with Muslim holy month of Ramadan, which begins on 2 April. SOLACE GLOBAL COMMENT The fact that this attack comes so soon after a spate of similar attacks will only fuel concerns that Israel may well be in the middle of another wave of violence. What is likely to be most concerning, however, is the fact that the majority of these recent attacks were carried out not by Palestinians, but by Arab or Bedouin Israeli citizens who have expressed an allegiance to the Islamic State group and were previously known to Israeli security services. This recent shift in the demographics of attackers in Israel if it is seen to continue will spark fears that the country could see a wave of violence and terrorism emanating not from Gaza or the West Bank but from within Israeli borders from Arab and Bedouin majority towns. Such violence was seen in 2021 when towns such as Lod, Acre, Tiberius, and Haifa saw widespread unrest and sectarian violence between Arab and Jewish Israelis. This spate of terror attacks comes at what is often a tense time within both Israel and the Palestinian territories. Ramadan begins on 2 April and is typically associated with an uptick in violence across the entirety of the Middle East, with night prayers drawing worshippers to al Aqsa in Jerusalem and many opting to remain within the vicinity of the mosque for the remainder of the month. Nakba Day also occurs on 15 May, which marks the Palestinian commemoration of the “catastrophe” of the formation of the State of Israel, and often results in protests and clashes between the Israeli Defence Forces and Palestinians. Last year saw at least 29 injured on Nakba day as a result of protests and unrest. Furthermore, there are several events in Jerusalem specifically during the next month, including mass visits to the Western Wall, the Temple Mount, and the city of Jerusalem for the conclusion of Passover. The wider geopolitical context for the uptick in violence is complex and multifactorial. It includes increasing official recognition for the state of Israel. At a summit in the Negev between the US, Israel and assembled Arab leaders , cooperation on several issues was agreed including broadening the nations who have signed the “Abraham Accords”. Alongside this, a meeting of the PLO central committee saw them agree to rescind its recognition of Israel and security cooperation across the West Bank. Recognition or cooperation with Israel from other Arab states is often seen as zero sum game by Palestinians, in which they do not emerge victorious. As a result, such announcements often spark protests and a backlash. Further to this, Iranian influence on Hamas, who often call for protests and civil unrest in the Gaza strip, cannot be discounted especially when negotiations around the JCPOA are still ongoing. In summary the tense geopolitical situation in the region, combined with the forthcoming key dates within Arab and Islamic culture means that more attacks are likely to occur in the short term. If these attacks continue to emanate from within Arab/Bedouin communities within Israel, then this will likely contribute to wider sectarian violence across the country. Attacks emanating from Israeli citizens are also harder for Israeli security services to counteract, as much of their counter terror operations are currently focuses on Palestinian nationals. Key targets for attack are likely to include Israeli governmental and defence buildings, national transportation hubs. Meanwhile key areas for protests tend to be found around points of religious significance such as those around the old town of Jerusalem. SOLACE GLOBAL ADVICE

Terrorists are highly likely to try to carry out further attacks in Israel and the Occupied Palestinian Territories. The possibility of further attacks in the immediate term cannot be ruled out.
Heightened tensions, brought about by rocket attacks from Gaza into Israel, Israeli airstrikes on Gaza, use of force by Israeli authorities, and regional political developments, increase the risk of retaliatory terrorist attacks in Israel.
Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel, transportation networks, businesses with Western interests.
Areas where foreign nationals and tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
Make sure you are familiar with contact details for the emergency services (in Israel dial 100; in the West Bank and Gaza dial 101).
Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
Expect localised travel disruption and an enhanced security force posture in the short term.
Exercise increased caution and situational awareness and report any suspicious activity to security personnel as soon as possible.
If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
Monitor the Solace Secure platform and local media for updates.

Want more information on the risk landscape in Israel?

Enquire using the form below for more information on bespoke intelligence services from our in-house analysts. [wpforms id=”6220″]

Penetration testing: Demonstrate your customer’s data is safe

Win your customers trust

Data is a valuable commodity and the consequences of a data breach can cause not only a significant fine from the ICO, but irreversible reputation damage for a company too. Penetration Testing is important for organisations of all sizes. A well-structured and scoped penetration test can help reduce the cyber risk exposure of an organisation as well as protect both the organisations and their client’s data. It supports Data Protection compliance by evidencing regular testing (a GDPR requirement). Penetration Testing also assists with marketing. Once all the fixes are in place, the retest report can be a valuable marketing asset.

How penetration testing works

A penetration test from Solace Cyber, sometimes known as a pen test, is the process of replicating a cyber attack performed by a cyber security specialist. Pen testing will uncover security weaknesses by using the same methods that a hacker would, by replicating their approach as closely as possible against new vulnerabilities and exploits that become available daily. A critical part of our testing methodology is to show you you not only what we found, but how we found it. Knowing how we found the issues is the key to your continual improvement, which is why we follow our tried and tested 6-step high level methodology for every penetration test.

Experts in finding vulnerabilities your IT team may have missed

Our team of experts spend 3 months a year keeping their skills up to date, meaning we are always one step ahead of the evolving cyber security threats and have a deep understanding of the latest threat ecosystem. This means we can evaluate your business and identify your vulnerabilities, configuration weakness and gaps in protection to the highest quality. We use a highly respected Council of Registered Ethical Security Testers (CREST) affiliated penetration testing service, followed up with a complimentary strategic session with our cyber security specialists once you have your results to help address any issues identified. Our services cover all types of Penetration Test including, but not limited to:

API and Backend Systems
Infrastructure – Internal, External & Cloud
Mobile Applications – Android, iOS & Windows
PCI-DSS
Physical
Remote Access & VPN Systems
Social Engineering
Web Applications – from Blogs to Ecommerce

The key to a successful penetration test

In-depth planning is a critical step to ensure a successful penetration test. This is one of the most critical steps in ensuring success in your penetration test. This is where we work together to define the scope, and the goal of the test rigorously to give you assurance every angle has been covered. During the scoping call for your penetration test, we are looking to identify exactly what needs testing, how complex it is and how much time we will need to use to complete the penetration test to the best of our capability. We will also look to identify the goal of the penetration test. The goal could be as simple as “identify all the exploitable vulnerabilities”. It could be a lot more complex such as “pivot through an exploited host and attack the internal network to gain access to client data.” Having a well-defined scope is the key to the success of your penetration test. Therefore, we can never answer the question of “how much is a penetration test” until we have had a call to discuss your penetration testing scope.

➜Download penetration testing technical spec

Speak to a cyber security specialist

Enquire using the form below [wpforms id=”6216″]