
Securin Articles
Read about the latest news & updates in cybersecurity.
Most Recent
AvosLocker made a name for itself by targeting critical infrastructure in different sectors of the US, Canada, UK and Spain in 2021. Their clever use of conventional tactics makes it a ransomware variant still worth monitoring today. Read on to find out more about the group.
Indian government sites contain massive amounts of sensitive data, and since they are frequently targeted by malicious hackers and hacktivists, Securin investigated their cyber hygiene by running a scan on their public-facing assets and found many potential gaps in their security.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Industry News
Securin experts list and analysis the top vulnerabilities that trended on the surface web and were sought out by attackers.
As the world still reels under the impact of the Ukraine-Russia cyberwar, yet another Cyberwar has started between Iran and Albania. Securin's experts provide insights into Iranian threats that organizations need to watch out for.
An Israeli zero-click cyber-espionage software recently infected the Apple devices of journalists and politicians from around the world by exploiting three zero-day vulnerabilities. Read our analysis of these vulnerabilities.
On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.
Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out Securin’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.
REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?
Threat Intelligence
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending and new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Ransomware
AvosLocker made a name for itself by targeting critical infrastructure in different sectors of the US, Canada, UK and Spain in 2021. Their clever use of conventional tactics makes it a ransomware variant still worth monitoring today. Read on to find out more about the group.
Securin experts mapped ransomware vulnerabilities to the MITRE Att&ck framework and identified 57 vulnerabilities that can be exploited from initial access to exfiltration.
Read Securin experts' insights when they revisited HIVE and their attack tactics and techniques, and what organizations can do to remain safe from future attacks.
Vice Society has been observed employing ransomware variants, similar to the Russian Sandworm Team and TA505 threat actors.
Does your organization use Network Attached Storage (NAS) devices? You should revisit your security strategy.
Read about Securin's research into the ransomware group, the vulnerabilities they use, their attack techniques and tactics.
Trending Vulnerabilities
Securin experts mapped ransomware vulnerabilities to the MITRE Att&ck framework and identified 57 vulnerabilities that can be exploited from initial access to exfiltration.
Despite being patched four years ago, the self-propagating malware, Indexsinas SMB worm, exposes that Windows servers are still vulnerable to the infamous NSA EternalBlue exploits and can be used for crypto-mining. Here is our analysis of these vulnerabilities and their present exposure.
Apache Log4j vulnerability is a critical zero-day code execution vulnerability. On December 9, 2021, the Internet was set on fire when an exploit was posted publicly for Apache Log4J - a well-known logging utility in the Java programming language.
The video surveillance giant Hikvision disclosed a zero-click vulnerability in Hikvision camera models that is highly susceptible to remote hijacking without requiring a username or password.
Did you know hackers can exploit 125 weaponized vulnerabilities in VPN products to attack their targets? Securin analysts deep dive into exposures in VPNs that could compromise organizational networks.
Securin's analysis of the vulnerabilities and attack tactics used by APT29 in recent campaigns
CISA Known Exploited Vulnerabilities (KEV)
The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 896 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!
We looked into the DHS CISA KEV catalog one step further and found that 58 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys. Click here to know more!
In a CISA KEV update on May 23, 2022, three of four vulnerabilities that were called out in our Q1 2022 Ransomware Report have been added, thereby validating our research and recommendations.
This blog provides a snapshot of how Securin is helping schools gain resilience against cyber attacks and evolving threats and what schools can do to stay safe from ransomware attacks.
This blog brings talks about the challenges that exist in mapping CWEs to CAPEC using MITRE and ATT&CK
The U.S. Cybersecurity and Infrastructure Agency issued an emergency security directive over VMware vulnerabilities, which threat actors are likely to exploit.
Advanced Persistence Threat (APT) Groups
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Securin experts list and analysis the top vulnerabilities that trended on the surface web and were sought out by attackers.
Companies that have experienced a breach underperform the market by more than 15% three years later. That raises the question - “Is your data safe?”
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from Oct 3, 2022 to Oct 7, 2022
Cyber Risk
As the world still reels under the impact of the Ukraine-Russia cyberwar, yet another Cyberwar has started between Iran and Albania. Securin's experts provide insights into Iranian threats that organizations need to watch out for.
Does your organization use Network Attached Storage (NAS) devices? You should revisit your security strategy.
Securin's AI-based vulnerability and threat intelligence delves deep into the vulnerabilities exploited by APT groups
Account Takeover is a type of cyberattack in which an attacker can take over a victim’s user account through malicious means.
iLOBleed, a previously undetected rootkit, was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. Could this portend a dangerous trend? Read our analysis to find out.
Cyber Security Works discovered and reported a Stored Cross-Site Scripting vulnerability in WordPress Post Duplicator Plugin that allows an authenticated attacker to inject a JavaScript payload into a trusted URL.