Blog | Legion Cyberworks

2022-03-112022-03-11Blog, Cyber Intel Briefs

Cyber Intel Brief for March 11, 2022

Critical CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability- CVE-2022-23277 is a critical RCE vulnerability in Microsoft Exchange Server. An authenticated user can exploit this vulnerability to execute arbitrary code on an affected server. According to Microsoft’s Exploitability Index rating, this vulnerability is rated Exploitation More Likely High CVE-2022-24508 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability- CVE-2022-24508 is a RCE vulnerability in the Microsoft Server Message Block 3.0 […]

2022-03-042022-03-04Blog, Cyber Intel Briefs

Cyber Intel Brief for March 4, 2022

Critical A update was released earlier this week for google chrome to address the previously mentioned critical and high vulnerabilities. Current version is 99. CVE-2022-24086- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. High CVE-2021-32586- An improper input validation vulnerability […]

2022-03-01Blog, Cyber Intel Briefs, Uncategorized

Cyber Intel Brief for March 1, 2022

Critical CVE-2022-22536- SAP vulnerability- SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and […]

2022-02-18Blog, Cyber Intel Briefs

Cyber Intel Brief for February 18, 2022

Critical CVE-2022-24086- Critical Magento 0-Day Vulnerability- Improper input validation issue that could be weaponized to achieve arbitrary code execution. It’s a pre-auth flaw, which means it could be exploited without requiring credentials. https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html High Multiple vulnerabilities in Google Chrome browser CVE-2022-0603- Use after free in File Manager. CVE-2022-0604- Heap buffer overflow in Tab Groups CVE-2022-0605- Use after free in Webstore API These vulnerabilities/bugs affect Stable Channel and Extended stable channel. […]

2022-01-312022-02-01Blog, Cyber Intel Briefs

Cyber Threat Intel Brief for January 31, 2022

Cyber / MSP / MSSP Windows Services lay the groundwork for a Midas ransomware attack- An attack on a technology vendor in Decemeber of 2021 used a ransomware known as Midas to leverage at least two different commercial remote access tools and an open source Windows Utility in the process. This poses a threat to MSP’s and other businesses who use many remote access tools as a part of their […]

2022-01-242022-01-24Blog, Cyber Intel Briefs

Cyber Intel Brief for January 24, 2022

Cyber / MSP / MSSP No major attacks have occurred this week, however MSPs will continue to remain a top target for attackers. Phishing will remain the top attack vector throughout 2022. 94% of all malware gets delivered by email — using social engineering techniques to trick users into opening malicious attachments or links. Phishing attacks still continue to grow rapidly: just this year, Acronis reported blocking 23% more phishing […]

2021-12-142021-12-15Blog, Cyber Threat Spotlight

Log4Shell CVE-2021-44228

Vulnerability Overview On December 10, 2021, the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote adversary could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Private organizations, law enforcement, and security services providers are responding to active, widespread […]

2021-03-292021-03-29Cyber Threat Spotlight

Threat Brief – Purple Fox Malware

By: Tyler Horner 2021-March-29 Executive Summary Purple Fox is an active malware campaign targeting Windows machines. Up until recently, Purple Fox’s operators infected machines by using exploit kits and phishing emails. Guardicore Labs have identified a new infection vector of this malware where internet-facing Windows machines are being breached through SMB password brute force. Guardicore Labs have also identified Purple Fox’s vast network of compromised servers hosting its dropper and […]

2020-04-032020-04-03Blog, Cyber Threat Spotlight

2020 Zoom Meeting & Windows Credential Leaking

Issue Overview Lots of news has been made recently about an issue in Zoom which reportedly opens users up to attacks whereby a remote threat actor collects the username and the hashed password of the victim. The attacker would then use password cracking tools to decrypt the victim’s password and gain unauthorized access to resources. The truth is that the underlying issue is with the way Microsoft Windows systems are […]

2019-01-142020-01-03Blog, Risk Management

Incident Preparation: Data Retention

Many factors go into developing a good data retention policy, including client, partner and regulatory requirements, operational needs, and your own service delivery model, but don’t forget to factor in the risks of retaining too much data, retaining required data for longer than necessary, or the need to minimize data and how your risks can be exponentially increased if these decisions are not carefully made.