Download Ransomware Q2 Index Update

Blogs

Stay tuned with the latest news and updates from cyber security ecosystem.

Posted on 19th Jul, 2021 | By Priya Ravindran 3 minutes

Solarwind Attackers at It Again in Back-to-Back Campaigns

Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out CSW’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.

Read More

Posted on 16th Jul, 2021 | By Sumeetha Manikandan 3 minutes

Cyber Security Works Brings in Chris Acton as Vice President of Operations

Cyber Security Works (CSW), a leading global provider of Managed CloudSecOps, has just named Chris Acton as its new Vice President of Operations.

Read More

Posted on 14th Jul, 2021 | By Surojoy, Priya 3 minutes

New Threat Group Agrius Exploits Old Fortinet VPN Vulnerabilities

New APT Group Agrius is exploiting Fortinet’s vulnerabilities to attack their targets. Shodan results show 56000 target assets around the world that could be vulnerable to an attack. Check out our analysis for more information.

Read More

Posted on 12th Jul, 2021 | By Surojoy Gupta 4 minutes

Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack

REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?

Read More

Posted on 8th Jul, 2021 | By Surojoy, Priya 4 minutes

Back-to-back Air India Attacks indicating more than just a data breach?

The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.

Read More

Posted on 7th Jul, 2021 | By Priya Ravindran 3 minutes

Is Conti Ransomware on a roll?

The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.

Read More

Posted on 2nd Jul, 2021 | By Pavithra Shankar 3 minutes

How to detect CVE-2021-34527?

CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.

Read More

Posted on 1st Jul, 2021 | By Sumeetha Manikandan 3 minutes

Cyber Security Works and Zuggand Announce Merger

This merger will provide customers with 24x7 Next-Generation Managed Cloud SecOps services for cloud, hybrid, or on-premise environments.

Read More

Posted on 30th Jun, 2021 | By Priya Ravindran 3 minutes

Darkside Ransomware: Further Threat Associations Unearthed

Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!

Read More

Posted on 16th Jun, 2021 | By Sumeetha Manikandan 4 minutes

REvil Brings Down JBS - the World’s Largest Meat Packer

REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.

Read More

Posted on 11th Jun, 2021 | By Priya Ravindran 3 minutes

All About Qlocker

Researchers at Cyber Security Works (CSW) have been tracking Qlocker, a recently discovered ransomware family. This new strain began surfacing across QNAP devices in April 2021 exploiting CVE-2021-28799, a zero-day vulnerability.

Read More

Posted on 4th Jun, 2021 | By Priya Ravindran 5 minutes

FiveHands Ransomware Analysis: Can a Risk-Based Approach Help Prevent Future Attacks?

Early this year, threat actors exploited a vulnerability (CVE-2021-20016) even before the vendor could publish it on the National Vulnerability Database (NVD) and attacked an organization and stole information.

Read More

Posted on 31st May, 2021 | By Priya Ravindran 3 minutes

CVE-2021-21985: Patch this Trending VMware Vulnerability

On the 25th of May 2021, VMware published an advisory warning of two vulnerabilities - CVE-2021-21985 and CVE-2021-21986 - in their vCenter Server and Cloud Foundation products.

Read More

Posted on 18th May, 2021 | By Sumeetha 3 Minutes

Darkside: The Ransomware that brought a US pipeline to a halt

As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.

Read More

Posted on 4th May, 2021 | By Sumeetha 3 Minutes

NSA Validates CSW’s warning on two critical vulnerabilities

In May 2020, CSW warned the industry of two critical vulnerabilities in Pulse Secure VPN and Citrix’s Remote Desktop solution that could be used by Ransomware or APT groups. One year after our warning, NSA, FBI and CISA validated the same.

Read More

Posted on 26th Apr, 2021 | By Sumeetha 3 minutes

Why 'Old is Gold' for Ransomware?

In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report

Read More

Posted on 16th Apr, 2021 | By Pavithra Shankar 7 minutes

All about Ryuk

Ryuk is a crypto-ransomware strain that encrypts access to a system, device or a file and demands ransom to release it. Ryuk is unleashed on target assets through malware, notably TrickBot and is used to gain access to a system through remote desktop services.

Read More

Posted on 8th Mar, 2021 | By Sumeetha Manikandan 3 minutes

Cyber Women We Admire

This women’s day, we spoke to a few inspiring women executives who are breaking the myth and are soaring high. They are skilled, motivated, and talented and they come from different geographies, backgrounds but are united by their passion for cybersecurity. 

Read More

Posted on 2nd Mar, 2021 | By Sumeetha 3 minutes

Google Trends: Most searched top 10 vulnerabilities in 2020

CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs.

Read More

Posted on 15th Feb, 2021 | By Sumeetha 3 minutes

Ransomware Spotlight Report 2021: 223 Vulnerabilities tied to Ransomware

Research Study Also Found that Ransomware associated Vulnerabilities have Quadrupled with many linked to Hostile State-sponsored APT Groups

Read More

Posted on 11th Feb, 2021 | By Sumeetha 3 Minutes

Sri Lankan Domain Attack: Exposed Credentials available in Dark Web for Eight Years!

Investigations on the Sri Lankan Domain attack reveal that threat actors could have used exposed credentials and vulnerabilities to breach and redirect the websites. These credentials have been exposed on the dark web for the past eight years!

Read More

Posted on 21st Jan, 2021 | By Sumeetha 3 minutes

Could Google’s most searched Top 10 vulnerabilities in 2020 be key attack indicators?

2020 was a productive year for threat actors. With the world’s workforce working remotely while dealing with the pandemic, threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.

Read More

Posted on 21st Jan, 2021 | By Sindhuja Sreenivasan 3 minutes

Eight Cybersecurity Predictions from CSW Security Experts

What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks? We asked our exclusive team of pentesting experts to predict the trends for us, and here is what they said.

Read More

Posted on 11th Jan, 2021 | By Sindhuja 3 minutes

Seven Predictions by Women Cyber Security Experts

What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?

Read More

Posted on 8th Jan, 2021 | By Bhavithra 3 minutes

CSW Disclosed 4 Hardcoded Credentials on D-Link Products

Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.

Read More

Posted on 18th Dec, 2020 | By Pavithra Shankar 3 minutes

How to Detect SolarWinds Orion Product running on your network?

Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.

Read More

Posted on 16th Dec, 2020 | By Sumeetha 3 minutes

CSW Analysis of SolarWinds: Top Scanners miss most of the vulnerabilities

The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.

Read More

Posted on 15th Dec, 2020 | By Sumeetha 5 minutes

Vulnerability Analysis: SolarWinds Orion Network Management

SolarWinds disclosed on Dec 13 that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. CSW analyzed Orion’s 15 Vulnerabilities and has found that CVE-2019-9546 – with a known critical Privilege Execution Exploit needs immediate remediation along with an upgrade to Orion Platform version 2020.2.1 HF.1.

Read More

Posted on 10th Dec, 2020 | By Sumeetha 3 Minutes

FireEye’s stolen Pentesting Tools & the vulnerabilities they target

CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.

Read More

Posted on 2nd Dec, 2020 | By Pavithra Shankar 5 minutes

Fortinet’s 50,000 VPN Leak Highlights Lack of Cyber Hygiene

A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world. Check out CSW’s analysis and recommendations for this vulnerability.

Read More

Posted on 27th Nov, 2020 | By Bhavithra 3 minutes

How to detect CVE- 2020-24600?

A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi Soft - Capexweb 1.1.

Read More

Posted on 6th Nov, 2020 | By Pavithra Shankar 7 minutes

Top 25 Vulnerabilities Exploited by Chinese Sponsored Hackers

The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41. Know more about these vulnerabilities and patch them before you fall prey to a breach.

Read More

Posted on 3rd Nov, 2020 | By Sumeetha 3 minutes

Cyber Security Works becomes a CVE Numbering Authority

Cyber Security Works (CSW) has been successfully admitted by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).

Read More

Posted on 2nd Nov, 2020 | By Sumeetha 5 Minutes

Ryuk raising the Temperature in Healthcare

Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.

Read More

Posted on 15th Oct, 2020 | By Sumeetha 5 Minutes

Cyber Hygiene: Ransomware is causing critical care disruption in hospitals

We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!

Read More

Posted on 29th Sep, 2020 | By Sumeetha 3 Minutes

Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc

Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.

Read More

Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes

How to detect vulnerability CVE-2020-24601?

Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.

Read More

Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes

How to detect vulnerability CVE-2020-24602?

Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes

How to detect Vulnerability CVE-2020-24604?

Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Posted on 3rd Sep, 2020 | By Bhavithra 3 Minutes

How to detect the vulnerability CVE-2020-14723?

A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.

Read More

Posted on 30th Aug, 2020 | By Sumeetha 2 Minutes

India's Cybersecurity Policy: Disclosure of Data Breaches

Will the new national cybersecurity policy include a disclosure policy similar to what the west has?

Read More

Posted on 5th Aug, 2020 | By Sumeetha 3 Minutes

WastedLocker Ransomware Attack: Indicators of compromise (IOCs)

Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.

Read More

Posted on 28th Jul, 2020 | By Sumeetha 5 Minutes

How to detect CVE-2020-5902?

CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.

Read More

Posted on 19th Jul, 2020 | By Sumeetha 3 Minutes

How safe are Web Proxy?

Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.

Read More

Posted on 19th Jul, 2020 | By Sumeetha 3 Minutes

How safe are Databases?

Cyber threat actors have been working hard during these pandemic times. Systems, infrastructure, and sensitive information that was hitherto viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.

Read More

Posted on 19th Jul, 2020 | By Sumeetha 5 Minutes

How safe are Enterprise Data Storage Systems?

While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?

Read More

Posted on 19th Jul, 2020 | By Sumeetha 5 Minutes

How safe are VPN solutions?

Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.

Read More

Posted on 15th Jul, 2020 | By Sumeetha 5 Minutes

Atlassian’s new features and the Shift Left Revolution

All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?

Read More

Posted on 14th Jul, 2020 | By Sumeetha 7 Mins Read

How safe are online conferences?

With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.

Read More

Posted on 14th Jul, 2020 | By Team CSW 5 Mins Read

How safe are your Tech Stacks?

This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.

Read More