Blogs
Stay tuned with the latest news and updates from cyber security ecosystem.
Posted on 13th Jan, 2021 | By Pavithra Shankar 3 minutes
December 2020: Patch Watch Digest
27 vendors have released security updates for 746 vulnerabilities, and among them, 55 are known exploits.
Read More
Posted on 11th Jan, 2021 | By Sindhuja 3 minutes
Seven Predictions by Women Cyber Security Experts
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?
Read More
Posted on 8th Jan, 2021 | By Bhavithra 3 minutes
CSW Disclosed 4 Hardcoded Credentials on D-Link Products
Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.
Read More
Posted on 8th Jan, 2021 | By Pavithra Shankar 3 minutes
Dec 23: CSW Patch Watch & Security Updates
12 vendors including Apple, Cisco, Citrix, Adobe, Mozilla, Qnap, HP, Checkpoint, RedHat, and others, have released security updates for 367 vulnerabilities.
Read More
Posted on 28th Dec, 2020 | By Pavithra Shankar 5 minutes
Dec 10: CSW Patch Watch & Security Updates
19 vendors including Apple, Cisco, Adobe, Chrome, Mozilla, IBM, Microsoft, Checkpoint, RedHat, and others, have released patches and updates for 317 vulnerabilities.
Read More
Posted on 18th Dec, 2020 | By Pavithra Shankar 3 minutes
How to Detect SolarWinds Orion Product running on your network?
Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.
Read More
Posted on 16th Dec, 2020 | By Sumeetha 3 minutes
CSW Analysis of SolarWinds: Top Scanners miss most of the vulnerabilities
The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.
Read More
Posted on 15th Dec, 2020 | By Sumeetha 5 minutes
Vulnerability Analysis: SolarWinds Orion Network Management
SolarWinds disclosed on Dec 13 that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. CSW analyzed Orion’s 15 Vulnerabilities and has found that CVE-2019-9546 – with a known critical Privilege Execution Exploit needs immediate remediation along with an upgrade to Orion Platform version 2020.2.1 HF.1.
Read More
Posted on 11th Dec, 2020 | By Pavithra Shankar 5 minutes
November 2020: Patch Watch Digest
27 vendors have released security updates for 947 vulnerabilities and among them 66 CVEs have known exploits.
Read More.png)
Posted on 10th Dec, 2020 | By Sumeetha 3 Minutes
FireEye’s stolen Pentesting Tools & the vulnerabilities they target
CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.
Read More
Posted on 4th Dec, 2020 | By Pavithra Shankar 5 minutes
Nov 23: CSW Patch Watch & Security Updates
13 Vendors including Apple, Cisco, Citrix, Chrome, Mozilla, Sonic Wall, Drupal, Checkpoint, RedHat, and others have released patches and updates for 261 vulnerabilities.
Read More
Posted on 2nd Dec, 2020 | By Pavithra Shankar 5 minutes
Fortinet’s 50,000 VPN Leak Highlights Lack of Cyber Hygiene
A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world. Check out CSW’s analysis and recommendations for this vulnerability.
Read More
Posted on 30th Nov, 2020 | By Pavithra Shankar 5 minutes
Nov 11: CSW Patch Watch & Security Updates
19 Vendors, including Adobe, Apple, Cisco, Citrix, Chrome, Microsoft, Mozilla, Palo Alto, Checkpoint, Dell, and other popular vendors, have released 525 security patches.
Read More
Posted on 27th Nov, 2020 | By Bhavithra 3 minutes
How to detect CVE- 2020-24600?
A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi Soft - Capexweb 1.1.
Read More
Posted on 23rd Nov, 2020 | By Pavithra Shankar 5 minutes
October 2020: Patch Watch Digest
Check out the overall list of vulnerabilities & weaknesses that were fixed in October 2020.
Read More
Posted on 16th Nov, 2020 | By Pavithra Shankar 5 minutes
Oct 21: CSW Patch Watch & Security Updates
Adobe, Dell, Check Point, Palo Alto, FortiGuard, Netapp, RedHat, Siemens, VMware, HP, Oracle has published patches for 664 vulnerabilities (22 vulnerabilities are weaponized previously)
Read More
Posted on 6th Nov, 2020 | By Pavithra Shankar 7 minutes
Top 25 Vulnerabilities Exploited by Chinese Sponsored Hackers
The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41. Know more about these vulnerabilities and patch them before you fall prey to a breach.
Read More
Posted on 3rd Nov, 2020 | By Sumeetha 3 minutes
Cyber Security Works becomes a CVE Numbering Authority
Cyber Security Works (CSW) has been successfully admitted by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).
Read More
Posted on 2nd Nov, 2020 | By Sumeetha 5 Minutes
Ryuk raising the Temperature in Healthcare
Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.
Read More
Posted on 29th Oct, 2020 | By Pavithra Shankar 5 minutes
Oct 14: CSW Patch Watch & Security Updates
CISCO, Citrix, Dell, IBM, Check Point, NetApp and other vendors have released patches for 202 vulnerabilities (11 vulnerabilities are already weaponized)
Read More
Posted on 18th Oct, 2020 | By Sumeetha 5 Minutes
Oct 7: CSW Patch Watch & Security Updates
In our Oct 7 edition of Patch Watch, we have 13 vendors (Apple, CISCO, IBM, RedHat, Dell, Android and others) who released 93 patches, hotfixes and security updates.
Read More
Posted on 15th Oct, 2020 | By Sumeetha 5 Minutes
Cyber Hygiene: Ransomware is causing critical care disruption in hospitals
We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!
Read More
Posted on 12th Oct, 2020 | By Sumeetha 5 Minutes
Sep 30: CSW Patch Watch & Security Updates
Two weeks ago, CISCO, Citrix, IBM, Pulse Secure, Amazon, Dell, RedHat and many others released security updates.
Read More
Posted on 1st Oct, 2020 | By Pavithra 5 Minutes
Sep 23: CSW Patch Watch & Security Updates
Last week, Apple, CISCO, Google, Linux, and many other popular vendors released advisories for 105 vulnerabilities.
Read More
Posted on 29th Sep, 2020 | By Sumeetha 3 Minutes
Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc
Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.
Read More
Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes
How to detect vulnerability CVE-2020-24601?
Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.
Read More
Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes
How to detect vulnerability CVE-2020-24602?
Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Read More
Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes
How to detect Vulnerability CVE-2020-24604?
Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Read More
Posted on 3rd Sep, 2020 | By Bhavithra 3 Minutes
How to detect the vulnerability CVE-2020-14723?
A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.
Read More
Posted on 30th Aug, 2020 | By Sumeetha 2 Minutes
India's Cybersecurity Policy: Disclosure of Data Breaches
Will the new national cybersecurity policy include a disclosure policy similar to what the west has?
Read More
Posted on 5th Aug, 2020 | By Sumeetha 3 Minutes
WastedLocker Ransomware Attack: Indicators of compromise (IOCs)
Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.
Read More
Posted on 28th Jul, 2020 | By Sumeetha 5 Minutes
How to detect CVE-2020-5902?
CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.
Read More
Posted on 19th Jul, 2020 | By Sumeetha 3 Minutes
How safe are Web Proxy?
Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.
Read More
Posted on 19th Jul, 2020 | By Sumeetha 3 Minutes
How safe are Databases?
Cyber threat actors have been working hard during these pandemic times. Systems, infrastructure, and sensitive information that was hitherto viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.
Read More
Posted on 19th Jul, 2020 | By Sumeetha 5 Minutes
How safe are Enterprise Data Storage Systems?
While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?
Read More
Posted on 19th Jul, 2020 | By Sumeetha 5 Minutes
How safe are VPN solutions?
Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.
Read More
Posted on 15th Jul, 2020 | By Sumeetha 5 Minutes
Atlassian’s new features and the Shift Left Revolution
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
Read More
Posted on 14th Jul, 2020 | By Sumeetha 7 Mins Read
How safe are online conferences?
With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.
Read More
Posted on 14th Jul, 2020 | By Team CSW 5 Mins Read
How safe are your Tech Stacks?
This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.
Read More