Securin Articles
Read about the latest news & updates in cybersecurity.
The athletes aren’t the only ones who’ve been preparing. Both defenders and cybercriminals are ready for a face-off. Here’s what to expect.
Vulnerabilities in AI/ML libraries are among the most pressing concerns in AI security. Here’s what you need to know.
CISA’s Secure by Design pledge underlines the importance of reframing how we talk about and address the fundamental challenge of vulnerability and weakness in widely used software.
AI tools are revolutionizing the tech supply chain. AIBoMs will help us to evolve securely and responsibly. Here’s what you need to know.
Rhysida ransomware is a new threat that emerged in May 2023 and has since targeted various sectors, including healthcare and the government, impacting over 150 victims in 25 countries.
As cyberattacks on critical infrastructure were surging, CISA stepped up to protect US information assets with two security campaigns: Shields Up and Shields Ready.
There’s more to weakness in code than frequency. For a true understanding of the risks, an understanding of the threat perspective is crucial. Here’s what DevOps, DevSecOPs and other defenders should be thinking about.
The education sector has embraced digital transformation yet faces escalating cybersecurity threats due to increased reliance on personal devices and outdated systems, posing challenges in safeguarding sensitive data and operations.
The growing backlog at the NVD is attracting a lot of attention. Securin’s analysts took a deep dive into the problem. Here’s what they found.
NVD's temporary delays in analyzing and updating newly published vulnerabilities has left cybersecurity experts without data. Despite this setback, Securin continues to provide protection through aggregated intelligence.
The integration of VPNs in global businesses during the pandemic has led to a surge in vulnerabilities, with state-sponsored threat groups and ransomware entities actively exploiting these weaknesses.
Explore the SEC's new cybersecurity disclosure rules, its implications, and how it impacts organizations.
Learn about the vulnerabilities exploited, attack methodology, techniques and tactics used by the LockBit Ransomeware.
Explore our comprehensive guide to password protection and delve into the cyber threat landscape, covering sophisticated attacks like phishing and brute force attempts, as well as nuanced techniques like keylogging.
In the vast landscape of information, data is both captivating and daunting.
As cyber threats are continuously evolving, learn the dos and don'ts to keep yourself and your organization safe on the web.
No organization is exempt from vulnerability management, but are you unwittingly committing the seven deadly sins of this vital cybersecurity practice?
In Part 1, we investigate Securin's predictive ability to prioritize vulnerabilities ahead of CISA's KEV list.
Discover the five signs that indicate your business may be at risk and needs cybersecurity managed services immediately.
Learn about the risks posed by internet-exposed management interfaces, which are often targeted by threat actors, and how to address them.
AI is used by cybercriminals to launch sophisticated attacks. However, organizations can leverage AI through cybersecurity managed services to stay safe.
Securin experts have observed Cl0p ransomware exploiting a total of 13 vulnerabilities. We deep dive into who they are, their methodology, and tactics.
Protect yourself from the exploitation of a critical vulnerabilities in Progress Software’s MOVEit Transfer solution.
Learn the risks of cloud misconfigurations and how to prevent them.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Securin investigated the cyber hygiene of Indian government sites by running a scan on their public-facing assets and found many potential gaps in their security.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending and new vulnerabilities that hackers are exploiting.
Securin experts mapped ransomware vulnerabilities to the MITRE Att&ck framework and identified 57 vulnerabilities that can be exploited from initial access to exfiltration.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Read Securin experts' insights when they revisited HIVE and their attack tactics and techniques, and what organizations can do to remain safe from future attacks.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Securin’s VRS measures the risk posed by a vulnerability, considering factors such CVSS vector, threat associations, exploitation trends, and our AI- and ML-based predictions.
AvosLocker made a name for itself by targeting critical infrastructure in 2021 and is still worth monitoring today.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Securin experts list and analysis the top vulnerabilities that trended on the surface web and were sought out by attackers.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Companies that have experienced a breach underperform the market by more than 15% three years later. That raises the question - “Is your data safe?”
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Vice Society has been observed employing ransomware variants, similar to the Russian Sandworm Team and TA505 threat actors.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | November 7, 2022 - November 11, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | October 31, 2022 - November 4, 2022
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from October 24, 2022 to October 28, 2022
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from Oct 17, 2022 to Oct 21, 2022
Securin experts have discovered a Zero Day vulnerability with medium severity in Tenable’s Nessus Professional scanner.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | October 10, 2022 - October 14, 2022
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from Oct 3, 2022 to Oct 7, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | September 26, 2022 - September 30, 2022
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
As the world still reels under the impact of the Ukraine-Russia cyberwar, yet another Cyberwar has started between Iran and Albania. Securin's experts provide insights into Iranian threats that organizations need to watch out for.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 933 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Does your organization use Network Attached Storage (NAS) devices? You should revisit your security strategy.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Read about Securin's research into the ransomware group, the vulnerabilities they use, their attack techniques and tactics.
Despite being patched four years ago, the self-propagating malware, Indexsinas SMB worm, exposes that Windows servers are still vulnerable to the infamous NSA EternalBlue exploits and can be used for crypto-mining.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Apache Log4j vulnerability is a critical zero-day code execution vulnerability. On December 9, 2021, the Internet was set on fire when an exploit was posted publicly for Apache Log4J - a well-known logging utility in the Java programming language.
We looked into the DHS CISA KEV catalog one step further and found that 58 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys.
The video surveillance giant Hikvision disclosed a zero-click vulnerability in Hikvision camera models that is highly susceptible to remote hijacking without requiring a username or password.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Did you know hackers can exploit 125 weaponized vulnerabilities in VPN products to attack their targets? Securin analysts deep dive into exposures in VPNs that could compromise organizational networks.
The impact of the Log4j vulnerability continues to be felt by thousands of companies exploited or attacked by hackers and ransomware. Rapid and proactive action from Securin’s Incident Response Team helped protect all its clients.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Securin's analysis of the vulnerabilities and attack tactics used by APT29 in recent campaigns
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
An unpatched vulnerability tracked as CVE-2022-30190 (aka Follina) in the remote Word template feature enables adversaries to execute malicious code on targeted systems of Microsoft Office.
In this edition, we bring you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
In this edition, we bring you early warnings and trending news about cyber threats along with accurate threat context. Check out which threat group is on the rampage and what vulnerability they could weaponize soon and more….
In this edition, we bring you early warnings and trending news about cyber threats along with accurate threat context. Check out which threat group is on the rampage and what vulnerability they could weaponize soon and more….
In a CISA KEV update on May 23, 2022, three of four vulnerabilities that were called out in our Q1 2022 Ransomware Report have been added, thereby validating our research and recommendations.
CSW’s weekly threat intelligence edition brings to you early warnings about critical vulnerabilities that are already weaponized or could potentially be weaponized and prove dangerous to your organization and its assets.
This week, we bring to you eight threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
A zero-day vulnerability in Mitel VOIP appliances is being widely exploited in the wild with continued likelihood of exploitation, according to our researchers.
CSW researchers investigated 56 vendors and 846 healthcare products, and identified 624 vulnerabilities across them. Read to know more about our findings.
This blog provides a snapshot of how Securin is helping schools gain resilience against cyber attacks and evolving threats and what schools can do to stay safe from ransomware attacks.
CSW weekly threat intelligence edition brings to you early warnings about critical vulnerabilities that could potentially be weaponized and prove dangerous to your organization and its assets.
This blog brings talks about the challenges that exist in mapping CWEs to CAPEC using MITRE and ATT&CK
All CVEs mentioned in this blog edition have received a maximum rating from the Threat Intelligence platform indicating high probability of exploitation.
Apache Log4j vulnerability CVE-2021-44228 is a critical zero-day code execution vulnerability with a CVSS base score of 10. This weakness poses a significant risk to many applications and cloud services and it needs to be patched right away!
Atlassian zero-day vulnerability that has been exploited in the wild is tagged as CVE-2022-26134. This is a critical unauthenticated, remote code execution vulnerability that affects all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.
On February 08, 2022, Microsoft published updates for CVE-2022-21999 as part of its Patch Tuesday program. This vulnerability affects the Windows Print Spooler service and is a workaround for CVE-2022-1030 fixes.
CSW’s quarterly report on ransomware metrics reveals that three new APT groups are using ransomware to mount attacks on their targets, bringing the total number of APT groups using ransomware to 43. Read more on them here.
The U.S. Cybersecurity and Infrastructure Agency issued an emergency security directive over VMware vulnerabilities, which threat actors are likely to exploit.
With the sudden increase in the number of establishments completely operating via remote means, the internet exposure is higher than ever before. The cyber threats of an organization expose the vulnerabilities present in its assets.
Insecure Direct Object Reference or IDOR occurs when the application trusts the user input and takes sensitive action or shows sensitive information based on the same.
ATO Attack | Password Reset Poisoning
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
Securin's AI-based vulnerability and threat intelligence delves deep into the vulnerabilities exploited by APT groups
Account Takeover is a type of cyberattack in which an attacker can take over a victim’s user account through malicious means.
A zero-day RCE vulnerability in Java Spring Core library is predicted to be the next Log4j. Are you prepared for the impending Spring4Shell threat?
A Securin researcher took a deep dive into this NodeJs CVE 2021-21315 vulnerability and developed a Proof-of-Concept exploit code.
This bulletin covers Securin's research on the cyberwar, in particular the ransomware and malware threats that are spawning out of the Russia-Ukraine conflict.
Securin's analysis of the threat groups and tools playing a role as threats in this cyber war between Russia and Ukraine
In this blog, CSW experts analyzed CISA’s Known Exploited Vulnerabilities (KEV) list for latencies in publishing, exploiting, and patching to understand how fast attackers are weaponizing them for attacks.
Conti has been one of the most prolific ransomware groups in 2022. Organizations need to prioritize patching for these vulnerabilities in order to avoid large-scale attacks.
iLOBleed was spotted targeting HP Enterprise’s server management technology to tamper with the firmware and wipe data off the infected systems. Could this be a sign of a dangerous trend?
Cyber Security Works researchers analyzed the data further by comparing the CVEs with some of the popular scanners (Nessus, Qualys, and Nexpose) and observed that they missed to detect 21 vulnerabilities tied to ransomware strains.
VMware has published security fixes for its Workstation, Fusion, and ESXi products to address a heap-overflow vulnerability identified as CVE-2021-22045.
Securin discovered and reported a Stored Cross-Site Scripting vulnerability in WordPress Post Duplicator Plugin that allows an authenticated attacker to inject a JavaScript payload into a trusted URL.
Cybersecurity is a priority in education due to the lack of resources and continual ransomware attacks. CISA’s new K-12 Cybersecurity Act will research and develop tools to help schools become more secure against cyberattacks.
The Apache Software Foundation has published a new version 2.4.52 of the Apache HTTP Server to fix two vulnerabilities in one of the world's most popular web servers - one of which is rated as high, and the other as critical.
Organizations have been increasingly relying on cloud services from Azure, since Microsoft provides native support. As a result, CSW penetration testers have been researching various attack vectors related to Azure. Read on to find out more about their findings.
Securin Researchers have developed a script to detect the JNDI vulnerability - the well-known LogShell-like vulnerability. Run our simple-to-use script to ensure your projects are free from JNDI injections.
Cyber Security Works has discovered a new zero-day (Stored Cross-Site Scripting) vulnerability, CVE-2021-33851 in WordPress Customize Login Image.
Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.
Two Active Directory bugs with vulnerability-chaining capabilities allow attackers to impersonate regular domain users to gain privileges and get access in unpatched Microsoft Windows Active Directory.
An APT group is using CVE-2021-44077 and CVE-2021-44515 in Zoho ManageEngine ServiceDesk Plus and Desktop Central Servers to compromise businesses in a range of industries, including military and technology.
A zero-day vulnerability has been discovered in Palo Alto Networks GlobalProtect VPN that unauthenticated attackers can exploit to execute arbitrary commands on affected devices with root privileges.
While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products.
Cyber Security Works has discovered a new zero-day (Cross-Site Scripting) vulnerability, CVE-2021-33850 in WordPress Microsoft Clarity.
A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.
Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.
US-based customer support and sales representative company handling the world’s largest brands, TTEC, faces a network outage following a ransomware attack and sparks fears of a supply-chain attack. Read on to find out more about the attack.
On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49—a widely used open-source, cross-platform web server for Unix and Windows.
On September 1, 2021, CSW researchers discovered a Cross-Site Scripting (XSS) zero-day vulnerability in Zoho CRM Lead Magnet Version 1.7.2.4. Read on to find out more about the vulnerability.
The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.
A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability’s characteristics and the impact it can have.
Two OpenSSL vulnerabilities, one remote code execution, and a denial-of-service were discovered by network-attached storage device manufacturers, Synology and QNAP. The fear of a ransomware attack leveraging the vulnerabilities still remains high. Here is our analysis of the vulnerabilities.
On September 21, 2021, VMware published an advisory warning of nineteen vulnerabilities in their vCenter Server. Of the nineteen vulnerabilities, one CVE stands out as being extremely critical and potential to be exploited by ransomware—CVE-2021-22005.
The LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities. Read our analysis to understand how you can protect yourself from a potential ransomware attack.
The United States Cyber Command and Cybersecurity Infrastructure Security Agency (CISA) rang the warning bells for companies to patch a critical vulnerability (CVE-2021-26084) in the Atlassian Confluence Server and Data Center. Here is our analysis about this vulnerability.
An Israeli zero-click cyber-espionage software recently infected the Apple devices of journalists and politicians from around the world by exploiting three zero-day vulnerabilities. Read our analysis of these vulnerabilities.
On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.
The US defense industrial base sector and many organizations from critical industries were recently affected by an unpatched critical remote code execution flaw in the Solarwinds Serv-U FTP server software that was exploited by a new Chinese threat group.
Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out Securin’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.
New APT Group Agrius is exploiting Fortinet’s vulnerabilities to attack their targets. Shodan results show 56000 target assets around the world that could be vulnerable to an attack. Check out our analysis for more information.
REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?
The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.
The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.
CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.
Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!
REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.
Researchers at Securin have been tracking Qlocker, a recently discovered ransomware family.
Threat actors exploited a vulnerability, attacked an organization, and stole information.
On the 25th of May 2021, VMware published an advisory warning of two vulnerabilities - CVE-2021-21985 and CVE-2021-21986 - in their vCenter Server and Cloud Foundation products.
As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.
In May 2020, Securin warned the industry of two critical vulnerabilities in Pulse Secure VPN and Citrix’s Remote Desktop solution that could be used by Ransomware or APT groups. One year after our warning, NSA, FBI and CISA validated the same.
In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report
Ryuk is a crypto-ransomware strain that encrypts access to a system, device, or file through malware and demands ransom to release it.
This women’s day, we spoke to a few inspiring women executives who are breaking the myth and are soaring high. They are skilled, motivated, and talented and they come from different geographies, backgrounds but are united by their passion for cybersecurity.
CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs.
Investigations on the Sri Lankan Domain attack reveal that threat actors could have used exposed credentials and vulnerabilities to breach and redirect the websites. These credentials have been exposed on the dark web for the past eight years!
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks? We asked our exclusive team of pentesting experts to predict the trends for us, and here is what they said.
2020 was a productive year for threat actors. With the world’s workforce working remotely while dealing with the pandemic, threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?
Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.
Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.
The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.
Dec 13 SolarWinds disclosed that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. Securin analyzed Orion’s 15 Vulnerabilities and found a known critical Privilege Execution Exploit that needs immediate remediation along with an upgrade to Orion Platform.
CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.
A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world.
A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi - Capexweb 1.1.
The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41.
Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.
We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!
Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.
Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.
Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.
Will the new national cybersecurity policy include a disclosure policy similar to what the west has?
Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.
CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.
Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.
While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?
Systems, infrastructure, and sensitive information that were recentl viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.
Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.
With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.
The athletes aren’t the only ones who’ve been preparing. Both defenders and cybercriminals are ready for a face-off. Here’s what to expect.
Vulnerabilities in AI/ML libraries are among the most pressing concerns in AI security. Here’s what you need to know.
CISA’s Secure by Design pledge underlines the importance of reframing how we talk about and address the fundamental challenge of vulnerability and weakness in widely used software.
AI tools are revolutionizing the tech supply chain. AIBoMs will help us to evolve securely and responsibly. Here’s what you need to know.
Rhysida ransomware is a new threat that emerged in May 2023 and has since targeted various sectors, including healthcare and the government, impacting over 150 victims in 25 countries.
As cyberattacks on critical infrastructure were surging, CISA stepped up to protect US information assets with two security campaigns: Shields Up and Shields Ready.
There’s more to weakness in code than frequency. For a true understanding of the risks, an understanding of the threat perspective is crucial. Here’s what DevOps, DevSecOPs and other defenders should be thinking about.
The education sector has embraced digital transformation yet faces escalating cybersecurity threats due to increased reliance on personal devices and outdated systems, posing challenges in safeguarding sensitive data and operations.
The growing backlog at the NVD is attracting a lot of attention. Securin’s analysts took a deep dive into the problem. Here’s what they found.
NVD's temporary delays in analyzing and updating newly published vulnerabilities has left cybersecurity experts without data. Despite this setback, Securin continues to provide protection through aggregated intelligence.
The integration of VPNs in global businesses during the pandemic has led to a surge in vulnerabilities, with state-sponsored threat groups and ransomware entities actively exploiting these weaknesses.
Explore the SEC's new cybersecurity disclosure rules, its implications, and how it impacts organizations.
Learn about the vulnerabilities exploited, attack methodology, techniques and tactics used by the LockBit Ransomeware.
Explore our comprehensive guide to password protection and delve into the cyber threat landscape, covering sophisticated attacks like phishing and brute force attempts, as well as nuanced techniques like keylogging.
In the vast landscape of information, data is both captivating and daunting.
As cyber threats are continuously evolving, learn the dos and don'ts to keep yourself and your organization safe on the web.
No organization is exempt from vulnerability management, but are you unwittingly committing the seven deadly sins of this vital cybersecurity practice?
In Part 1, we investigate Securin's predictive ability to prioritize vulnerabilities ahead of CISA's KEV list.
Discover the five signs that indicate your business may be at risk and needs cybersecurity managed services immediately.
Learn about the risks posed by internet-exposed management interfaces, which are often targeted by threat actors, and how to address them.
AI is used by cybercriminals to launch sophisticated attacks. However, organizations can leverage AI through cybersecurity managed services to stay safe.
Securin experts have observed Cl0p ransomware exploiting a total of 13 vulnerabilities. We deep dive into who they are, their methodology, and tactics.
Protect yourself from the exploitation of a critical vulnerabilities in Progress Software’s MOVEit Transfer solution.
Learn the risks of cloud misconfigurations and how to prevent them.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Securin investigated the cyber hygiene of Indian government sites by running a scan on their public-facing assets and found many potential gaps in their security.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending and new vulnerabilities that hackers are exploiting.
Securin experts mapped ransomware vulnerabilities to the MITRE Att&ck framework and identified 57 vulnerabilities that can be exploited from initial access to exfiltration.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Read Securin experts' insights when they revisited HIVE and their attack tactics and techniques, and what organizations can do to remain safe from future attacks.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Securin’s VRS measures the risk posed by a vulnerability, considering factors such CVSS vector, threat associations, exploitation trends, and our AI- and ML-based predictions.
AvosLocker made a name for itself by targeting critical infrastructure in 2021 and is still worth monitoring today.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Securin experts list and analysis the top vulnerabilities that trended on the surface web and were sought out by attackers.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Companies that have experienced a breach underperform the market by more than 15% three years later. That raises the question - “Is your data safe?”
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Vice Society has been observed employing ransomware variants, similar to the Russian Sandworm Team and TA505 threat actors.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | November 7, 2022 - November 11, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | October 31, 2022 - November 4, 2022
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from October 24, 2022 to October 28, 2022
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from Oct 17, 2022 to Oct 21, 2022
Securin experts have discovered a Zero Day vulnerability with medium severity in Tenable’s Nessus Professional scanner.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | October 10, 2022 - October 14, 2022
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from Oct 3, 2022 to Oct 7, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | September 26, 2022 - September 30, 2022
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
As the world still reels under the impact of the Ukraine-Russia cyberwar, yet another Cyberwar has started between Iran and Albania. Securin's experts provide insights into Iranian threats that organizations need to watch out for.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 933 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Does your organization use Network Attached Storage (NAS) devices? You should revisit your security strategy.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Read about Securin's research into the ransomware group, the vulnerabilities they use, their attack techniques and tactics.
Despite being patched four years ago, the self-propagating malware, Indexsinas SMB worm, exposes that Windows servers are still vulnerable to the infamous NSA EternalBlue exploits and can be used for crypto-mining.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Apache Log4j vulnerability is a critical zero-day code execution vulnerability. On December 9, 2021, the Internet was set on fire when an exploit was posted publicly for Apache Log4J - a well-known logging utility in the Java programming language.
We looked into the DHS CISA KEV catalog one step further and found that 58 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys.
The video surveillance giant Hikvision disclosed a zero-click vulnerability in Hikvision camera models that is highly susceptible to remote hijacking without requiring a username or password.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Did you know hackers can exploit 125 weaponized vulnerabilities in VPN products to attack their targets? Securin analysts deep dive into exposures in VPNs that could compromise organizational networks.
The impact of the Log4j vulnerability continues to be felt by thousands of companies exploited or attacked by hackers and ransomware. Rapid and proactive action from Securin’s Incident Response Team helped protect all its clients.
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Securin's analysis of the vulnerabilities and attack tactics used by APT29 in recent campaigns
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
An unpatched vulnerability tracked as CVE-2022-30190 (aka Follina) in the remote Word template feature enables adversaries to execute malicious code on targeted systems of Microsoft Office.
In this edition, we bring you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
In this edition, we bring you early warnings and trending news about cyber threats along with accurate threat context. Check out which threat group is on the rampage and what vulnerability they could weaponize soon and more….
In this edition, we bring you early warnings and trending news about cyber threats along with accurate threat context. Check out which threat group is on the rampage and what vulnerability they could weaponize soon and more….
In a CISA KEV update on May 23, 2022, three of four vulnerabilities that were called out in our Q1 2022 Ransomware Report have been added, thereby validating our research and recommendations.
CSW’s weekly threat intelligence edition brings to you early warnings about critical vulnerabilities that are already weaponized or could potentially be weaponized and prove dangerous to your organization and its assets.
This week, we bring to you eight threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
A zero-day vulnerability in Mitel VOIP appliances is being widely exploited in the wild with continued likelihood of exploitation, according to our researchers.
CSW researchers investigated 56 vendors and 846 healthcare products, and identified 624 vulnerabilities across them. Read to know more about our findings.
This blog provides a snapshot of how Securin is helping schools gain resilience against cyber attacks and evolving threats and what schools can do to stay safe from ransomware attacks.
CSW weekly threat intelligence edition brings to you early warnings about critical vulnerabilities that could potentially be weaponized and prove dangerous to your organization and its assets.
This blog brings talks about the challenges that exist in mapping CWEs to CAPEC using MITRE and ATT&CK
All CVEs mentioned in this blog edition have received a maximum rating from the Threat Intelligence platform indicating high probability of exploitation.
Apache Log4j vulnerability CVE-2021-44228 is a critical zero-day code execution vulnerability with a CVSS base score of 10. This weakness poses a significant risk to many applications and cloud services and it needs to be patched right away!
Atlassian zero-day vulnerability that has been exploited in the wild is tagged as CVE-2022-26134. This is a critical unauthenticated, remote code execution vulnerability that affects all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.
On February 08, 2022, Microsoft published updates for CVE-2022-21999 as part of its Patch Tuesday program. This vulnerability affects the Windows Print Spooler service and is a workaround for CVE-2022-1030 fixes.
CSW’s quarterly report on ransomware metrics reveals that three new APT groups are using ransomware to mount attacks on their targets, bringing the total number of APT groups using ransomware to 43. Read more on them here.
The U.S. Cybersecurity and Infrastructure Agency issued an emergency security directive over VMware vulnerabilities, which threat actors are likely to exploit.
With the sudden increase in the number of establishments completely operating via remote means, the internet exposure is higher than ever before. The cyber threats of an organization expose the vulnerabilities present in its assets.
Insecure Direct Object Reference or IDOR occurs when the application trusts the user input and takes sensitive action or shows sensitive information based on the same.
ATO Attack | Password Reset Poisoning
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
Securin's AI-based vulnerability and threat intelligence delves deep into the vulnerabilities exploited by APT groups
Account Takeover is a type of cyberattack in which an attacker can take over a victim’s user account through malicious means.
A zero-day RCE vulnerability in Java Spring Core library is predicted to be the next Log4j. Are you prepared for the impending Spring4Shell threat?
A Securin researcher took a deep dive into this NodeJs CVE 2021-21315 vulnerability and developed a Proof-of-Concept exploit code.
This bulletin covers Securin's research on the cyberwar, in particular the ransomware and malware threats that are spawning out of the Russia-Ukraine conflict.
Securin's analysis of the threat groups and tools playing a role as threats in this cyber war between Russia and Ukraine
In this blog, CSW experts analyzed CISA’s Known Exploited Vulnerabilities (KEV) list for latencies in publishing, exploiting, and patching to understand how fast attackers are weaponizing them for attacks.
Conti has been one of the most prolific ransomware groups in 2022. Organizations need to prioritize patching for these vulnerabilities in order to avoid large-scale attacks.
iLOBleed was spotted targeting HP Enterprise’s server management technology to tamper with the firmware and wipe data off the infected systems. Could this be a sign of a dangerous trend?
Cyber Security Works researchers analyzed the data further by comparing the CVEs with some of the popular scanners (Nessus, Qualys, and Nexpose) and observed that they missed to detect 21 vulnerabilities tied to ransomware strains.
VMware has published security fixes for its Workstation, Fusion, and ESXi products to address a heap-overflow vulnerability identified as CVE-2021-22045.
Securin discovered and reported a Stored Cross-Site Scripting vulnerability in WordPress Post Duplicator Plugin that allows an authenticated attacker to inject a JavaScript payload into a trusted URL.
Cybersecurity is a priority in education due to the lack of resources and continual ransomware attacks. CISA’s new K-12 Cybersecurity Act will research and develop tools to help schools become more secure against cyberattacks.
The Apache Software Foundation has published a new version 2.4.52 of the Apache HTTP Server to fix two vulnerabilities in one of the world's most popular web servers - one of which is rated as high, and the other as critical.
Organizations have been increasingly relying on cloud services from Azure, since Microsoft provides native support. As a result, CSW penetration testers have been researching various attack vectors related to Azure. Read on to find out more about their findings.
Securin Researchers have developed a script to detect the JNDI vulnerability - the well-known LogShell-like vulnerability. Run our simple-to-use script to ensure your projects are free from JNDI injections.
Cyber Security Works has discovered a new zero-day (Stored Cross-Site Scripting) vulnerability, CVE-2021-33851 in WordPress Customize Login Image.
Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.
Two Active Directory bugs with vulnerability-chaining capabilities allow attackers to impersonate regular domain users to gain privileges and get access in unpatched Microsoft Windows Active Directory.
An APT group is using CVE-2021-44077 and CVE-2021-44515 in Zoho ManageEngine ServiceDesk Plus and Desktop Central Servers to compromise businesses in a range of industries, including military and technology.
A zero-day vulnerability has been discovered in Palo Alto Networks GlobalProtect VPN that unauthenticated attackers can exploit to execute arbitrary commands on affected devices with root privileges.
While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products.
Cyber Security Works has discovered a new zero-day (Cross-Site Scripting) vulnerability, CVE-2021-33850 in WordPress Microsoft Clarity.
A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.
Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.
US-based customer support and sales representative company handling the world’s largest brands, TTEC, faces a network outage following a ransomware attack and sparks fears of a supply-chain attack. Read on to find out more about the attack.
On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49—a widely used open-source, cross-platform web server for Unix and Windows.
On September 1, 2021, CSW researchers discovered a Cross-Site Scripting (XSS) zero-day vulnerability in Zoho CRM Lead Magnet Version 1.7.2.4. Read on to find out more about the vulnerability.
The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.
A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability’s characteristics and the impact it can have.
Two OpenSSL vulnerabilities, one remote code execution, and a denial-of-service were discovered by network-attached storage device manufacturers, Synology and QNAP. The fear of a ransomware attack leveraging the vulnerabilities still remains high. Here is our analysis of the vulnerabilities.
On September 21, 2021, VMware published an advisory warning of nineteen vulnerabilities in their vCenter Server. Of the nineteen vulnerabilities, one CVE stands out as being extremely critical and potential to be exploited by ransomware—CVE-2021-22005.
The LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities. Read our analysis to understand how you can protect yourself from a potential ransomware attack.
The United States Cyber Command and Cybersecurity Infrastructure Security Agency (CISA) rang the warning bells for companies to patch a critical vulnerability (CVE-2021-26084) in the Atlassian Confluence Server and Data Center. Here is our analysis about this vulnerability.
An Israeli zero-click cyber-espionage software recently infected the Apple devices of journalists and politicians from around the world by exploiting three zero-day vulnerabilities. Read our analysis of these vulnerabilities.
On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.
The US defense industrial base sector and many organizations from critical industries were recently affected by an unpatched critical remote code execution flaw in the Solarwinds Serv-U FTP server software that was exploited by a new Chinese threat group.
Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out Securin’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.
New APT Group Agrius is exploiting Fortinet’s vulnerabilities to attack their targets. Shodan results show 56000 target assets around the world that could be vulnerable to an attack. Check out our analysis for more information.
REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?
The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.
The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.
CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.
Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!
REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.
Researchers at Securin have been tracking Qlocker, a recently discovered ransomware family.
Threat actors exploited a vulnerability, attacked an organization, and stole information.
On the 25th of May 2021, VMware published an advisory warning of two vulnerabilities - CVE-2021-21985 and CVE-2021-21986 - in their vCenter Server and Cloud Foundation products.
As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.
In May 2020, Securin warned the industry of two critical vulnerabilities in Pulse Secure VPN and Citrix’s Remote Desktop solution that could be used by Ransomware or APT groups. One year after our warning, NSA, FBI and CISA validated the same.
In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report
Ryuk is a crypto-ransomware strain that encrypts access to a system, device, or file through malware and demands ransom to release it.
This women’s day, we spoke to a few inspiring women executives who are breaking the myth and are soaring high. They are skilled, motivated, and talented and they come from different geographies, backgrounds but are united by their passion for cybersecurity.
CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs.
Investigations on the Sri Lankan Domain attack reveal that threat actors could have used exposed credentials and vulnerabilities to breach and redirect the websites. These credentials have been exposed on the dark web for the past eight years!
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks? We asked our exclusive team of pentesting experts to predict the trends for us, and here is what they said.
2020 was a productive year for threat actors. With the world’s workforce working remotely while dealing with the pandemic, threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?
Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.
Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.
The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.
Dec 13 SolarWinds disclosed that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. Securin analyzed Orion’s 15 Vulnerabilities and found a known critical Privilege Execution Exploit that needs immediate remediation along with an upgrade to Orion Platform.
CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.
A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world.
A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi - Capexweb 1.1.
The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41.
Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.
We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!
Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.
Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.
Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.
Will the new national cybersecurity policy include a disclosure policy similar to what the west has?
Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.
CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.
Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.
While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?
Systems, infrastructure, and sensitive information that were recentl viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.
Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.
With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.