Blog | Legion Cyberworks

2023-10-032023-10-03Blog, Risk Management

Securing Your Web Applications Against Attack

In an increasingly interconnected world, the security of web applications is paramount. Cyber-attacks are becoming more sophisticated by the day, making it essential for developers and businesses to fortify their digital fortresses. In this one-page blog, we’ll explore key strategies to harden your web application against cyber-attacks and bolster your online defenses. 1. Regular Updates and Patch Management: Keeping your software up-to-date is the first line of defense. Cyber-criminals often […]

2023-07-282023-07-31Risk Management

Importance of Red Teaming

Core Concepts (TL;DR) Red Teaming is an essential security control that is not limited to larger firms with bigger budgets or bigger problems to solve. Red Teaming is effective and often appropriate even at early stages of your cybersecurity journey Pentesting allows organizations to assess the effectiveness of its security controls (trust but verify). Continuous pentesting services, like what we offer at Legion Cyberworks, ensures that your controls are […]

2023-06-282023-08-09Risk Management

Better Security through XDR

Extended Detection and Response (XDR) services offer several key benefits for organizations in terms of enhanced threat detection, response capabilities, and overall cybersecurity effectiveness. With the advancements in the tools like ransomware- and exploit-as-a-service that make it easier for lower-end threat actors to hurt your business, artificial intelligence driven attack platforms, and other rapidly emerging cyber-threats, every business should be looking at how to onboard XDR as part of their […]

2023-06-072023-06-07Blog, Risk Management

Why You Should Adopt a Continuous Pentesting Model

Introduction The world has changed, including the Internet and how cyber-threats are targeting our systems, applications, and data. We live and work in a diverse and distributed world where sensitive information is like gold to cyber-criminals who either steal it for their own benefit, encrypt it and hold it for ransom, or use threats of leaking it to extort money from their victims. Moreover, we have network intrusions, the […]

2023-06-052023-06-05Cyber Threat Spotlight, Uncategorized

Decoding the Volt Typhoon APT Group

Introduction In the realm of cybersecurity, the battle against advanced persistent threats (APTs) has intensified. Among the notable adversaries is the Volt Typhoon APT group, a state-sponsored threat actor based out of China, known for their sophisticated and targeted attacks and their focus on espionage and information gathering activities. In this blog post, we will delve into the tactics, techniques, and procedures (TTPs) employed by Volt Typhoon, and explore how […]

2022-04-252022-04-25Blog

Cyber Security Hygiene Tips

We are facing an epidemic of cyber-attacks that threaten our vital supply chains for food and energy, steal military and government secrets, and rob American businesses of our intellectual property. More than ever, it is vital that organizations are applying foundational information security principles, and continuously adapting to new and emerging threats. I know it goes without saying, but to state the obvious, security controls must be applied in layers […]

2022-04-042022-04-04Blog, Cyber Intel Briefs

Cyber Threat Intel Brief for April 4, 2022

Critical Google Chrome CVE-2022-1096 Emergency Patch- Not much is known about the vulnerability itself or how great the impact would be if exploited, but the unusual release of this patch, which notably addresses just one vulnerability, means that this update shouldn’t be ignored. https://www.pcmag.com/news/google-patches-this-years-second-actively-exploited-chrome-zero-day CVE-2022-1040- An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. […]

2022-03-252022-03-25Blog, Cyber Intel Briefs

Cyber Intel Brief for March 25, 2022

LAPSUS$ Cyber-Attacks LAPSUS$ is a relatively new threat actor group who is responsible for cyber-attacks on OKTA and Microsoft, as announced this month. LAPSUS$ is also tied to cyber-attacks against NVIDIA, Samsung, and Vodafone, where the group posted screenshots showing evidence of those successful attacks. A key bit of information provided by the LAPSUS$ attacker group regarding the OKTA breach is that they are looking for credentials and access for […]

2022-03-112022-03-11Blog, Cyber Intel Briefs

Cyber Intel Brief for March 11, 2022

Critical CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability- CVE-2022-23277 is a critical RCE vulnerability in Microsoft Exchange Server. An authenticated user can exploit this vulnerability to execute arbitrary code on an affected server. According to Microsoft’s Exploitability Index rating, this vulnerability is rated Exploitation More Likely High CVE-2022-24508 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability- CVE-2022-24508 is a RCE vulnerability in the Microsoft Server Message Block 3.0 […]

2022-03-042022-03-04Blog, Cyber Intel Briefs

Cyber Intel Brief for March 4, 2022

Critical A update was released earlier this week for google chrome to address the previously mentioned critical and high vulnerabilities. Current version is 99. CVE-2022-24086- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. High CVE-2021-32586- An improper input validation vulnerability […]