If you’re a sports enthusiast, you’ve probably heard the philosophy that the “best defense is a good offense.” This same idea rings true in business and cybersecurity today, where successful teams must learn to be proactive rather than reactive when protecting their systems and data. This is where offensive security strategies are pivotal in helping build up your security posture. Our team recently had the opportunity to attend a lecture […]
Introduction In the realm of cybersecurity, the battle against advanced persistent threats (APTs) has intensified. Among the notable adversaries is the Volt Typhoon APT group, a state-sponsored threat actor based out of China, known for their sophisticated and targeted attacks and their focus on espionage and information gathering activities. In this blog post, we will delve into the tactics, techniques, and procedures (TTPs) employed by Volt Typhoon, and explore how […]
Critical CVE-2022-22536- SAP vulnerability- SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and […]