All Blog posts
Introduction The world has changed, including the Internet and how cyber-threats are targeting our systems, applications, and data. We live and work in a diverse and distributed world where sensitive information is like gold to cyber-criminals who either steal it for their own benefit, encrypt it and hold it for ransom, or use threats of leaking it to extort money from their victims. Moreover, we have network intrusions, the […]
Introduction In the realm of cybersecurity, the battle against advanced persistent threats (APTs) has intensified. Among the notable adversaries is the Volt Typhoon APT group, a state-sponsored threat actor based out of China, known for their sophisticated and targeted attacks and their focus on espionage and information gathering activities. In this blog post, we will delve into the tactics, techniques, and procedures (TTPs) employed by Volt Typhoon, and explore how […]
We are facing an epidemic of cyber-attacks that threaten our vital supply chains for food and energy, steal military and government secrets, and rob American businesses of our intellectual property. More than ever, it is vital that organizations are applying foundational information security principles, and continuously adapting to new and emerging threats. I know it goes without saying, but to state the obvious, security controls must be applied in layers […]
Critical Google Chrome CVE-2022-1096 Emergency Patch- Not much is known about the vulnerability itself or how great the impact would be if exploited, but the unusual release of this patch, which notably addresses just one vulnerability, means that this update shouldn’t be ignored. https://www.pcmag.com/news/google-patches-this-years-second-actively-exploited-chrome-zero-day CVE-2022-1040- An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. […]
LAPSUS$ Cyber-Attacks LAPSUS$ is a relatively new threat actor group who is responsible for cyber-attacks on OKTA and Microsoft, as announced this month. LAPSUS$ is also tied to cyber-attacks against NVIDIA, Samsung, and Vodafone, where the group posted screenshots showing evidence of those successful attacks. A key bit of information provided by the LAPSUS$ attacker group regarding the OKTA breach is that they are looking for credentials and access for […]
Critical CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability- CVE-2022-23277 is a critical RCE vulnerability in Microsoft Exchange Server. An authenticated user can exploit this vulnerability to execute arbitrary code on an affected server. According to Microsoft’s Exploitability Index rating, this vulnerability is rated Exploitation More Likely High CVE-2022-24508 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability- CVE-2022-24508 is a RCE vulnerability in the Microsoft Server Message Block 3.0 […]
Critical A update was released earlier this week for google chrome to address the previously mentioned critical and high vulnerabilities. Current version is 99. CVE-2022-24086- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. High CVE-2021-32586- An improper input validation vulnerability […]
Critical CVE-2022-22536- SAP vulnerability- SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and […]
Critical CVE-2022-24086- Critical Magento 0-Day Vulnerability- Improper input validation issue that could be weaponized to achieve arbitrary code execution. It’s a pre-auth flaw, which means it could be exploited without requiring credentials. https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html High Multiple vulnerabilities in Google Chrome browser CVE-2022-0603- Use after free in File Manager. CVE-2022-0604- Heap buffer overflow in Tab Groups CVE-2022-0605- Use after free in Webstore API These vulnerabilities/bugs affect Stable Channel and Extended stable channel. […]
Cyber / MSP / MSSP Windows Services lay the groundwork for a Midas ransomware attack- An attack on a technology vendor in Decemeber of 2021 used a ransomware known as Midas to leverage at least two different commercial remote access tools and an open source Windows Utility in the process. This poses a threat to MSP’s and other businesses who use many remote access tools as a part of their […]