Thought leaders, experts, and professionals have shared their cybersecurity predictions for 2021

Blogs

Stay tuned with the latest news and updates from cyber security ecosystem.

Posted on 13th Jan, 2021 | By Pavithra Shankar 3 minutes

December 2020: Patch Watch Digest

27 vendors have released security updates for 746 vulnerabilities, and among them, 55 are known exploits.

Read More

Posted on 11th Jan, 2021 | By Sindhuja 3 minutes

Seven Predictions by Women Cyber Security Experts

What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?

Read More

Posted on 8th Jan, 2021 | By Bhavithra 3 minutes

CSW Disclosed 4 Hardcoded Credentials on D-Link Products

Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.

Read More

Posted on 8th Jan, 2021 | By Pavithra Shankar 3 minutes

Dec 23: CSW Patch Watch & Security Updates

12 vendors including Apple, Cisco, Citrix, Adobe, Mozilla, Qnap, HP, Checkpoint, RedHat, and others, have released security updates for 367 vulnerabilities.

Read More

Posted on 28th Dec, 2020 | By Pavithra Shankar 5 minutes

Dec 10: CSW Patch Watch & Security Updates

19 vendors including Apple, Cisco, Adobe, Chrome, Mozilla, IBM, Microsoft, Checkpoint, RedHat, and others, have released patches and updates for 317 vulnerabilities.

Read More

Posted on 18th Dec, 2020 | By Pavithra Shankar 3 minutes

How to Detect SolarWinds Orion Product running on your network?

Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.

Read More

Posted on 16th Dec, 2020 | By Sumeetha 3 minutes

CSW Analysis of SolarWinds: Top Scanners miss most of the vulnerabilities

The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.

Read More

Posted on 15th Dec, 2020 | By Sumeetha 5 minutes

Vulnerability Analysis: SolarWinds Orion Network Management

SolarWinds disclosed on Dec 13 that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. CSW analyzed Orion’s 15 Vulnerabilities and has found that CVE-2019-9546 – with a known critical Privilege Execution Exploit needs immediate remediation along with an upgrade to Orion Platform version 2020.2.1 HF.1.

Read More

Posted on 11th Dec, 2020 | By Pavithra Shankar 5 minutes

November 2020: Patch Watch Digest

27 vendors have released security updates for 947 vulnerabilities and among them 66 CVEs have known exploits.

Read More

Posted on 10th Dec, 2020 | By Sumeetha 3 Minutes

FireEye’s stolen Pentesting Tools & the vulnerabilities they target

CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.

Read More

Posted on 4th Dec, 2020 | By Pavithra Shankar 5 minutes

Nov 23: CSW Patch Watch & Security Updates

13 Vendors including Apple, Cisco, Citrix, Chrome, Mozilla, Sonic Wall, Drupal, Checkpoint, RedHat, and others have released patches and updates for 261 vulnerabilities.

Read More

Posted on 2nd Dec, 2020 | By Pavithra Shankar 5 minutes

Fortinet’s 50,000 VPN Leak Highlights Lack of Cyber Hygiene

A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world. Check out CSW’s analysis and recommendations for this vulnerability.

Read More

Posted on 30th Nov, 2020 | By Pavithra Shankar 5 minutes

Nov 11: CSW Patch Watch & Security Updates

19 Vendors, including Adobe, Apple, Cisco, Citrix, Chrome, Microsoft, Mozilla, Palo Alto, Checkpoint, Dell, and other popular vendors, have released 525 security patches.

Read More

Posted on 27th Nov, 2020 | By Bhavithra 3 minutes

How to detect CVE- 2020-24600?

A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi Soft - Capexweb 1.1.

Read More

Posted on 23rd Nov, 2020 | By Pavithra Shankar 5 minutes

October 2020: Patch Watch Digest

Check out the overall list of vulnerabilities & weaknesses that were fixed in October 2020.

Read More

Posted on 16th Nov, 2020 | By Pavithra Shankar 5 minutes

Oct 21: CSW Patch Watch & Security Updates

Adobe, Dell, Check Point, Palo Alto, FortiGuard, Netapp, RedHat, Siemens, VMware, HP, Oracle has published patches for 664 vulnerabilities (22 vulnerabilities are weaponized previously)

Read More

Posted on 6th Nov, 2020 | By Pavithra Shankar 7 minutes

Top 25 Vulnerabilities Exploited by Chinese Sponsored Hackers

The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41. Know more about these vulnerabilities and patch them before you fall prey to a breach.

Read More

Posted on 3rd Nov, 2020 | By Sumeetha 3 minutes

Cyber Security Works becomes a CVE Numbering Authority

Cyber Security Works (CSW) has been successfully admitted by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).

Read More

Posted on 2nd Nov, 2020 | By Sumeetha 5 Minutes

Ryuk raising the Temperature in Healthcare

Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.

Read More

Posted on 29th Oct, 2020 | By Pavithra Shankar 5 minutes

Oct 14: CSW Patch Watch & Security Updates

CISCO, Citrix, Dell, IBM, Check Point, NetApp and other vendors have released patches for 202 vulnerabilities (11 vulnerabilities are already weaponized)

Read More

Posted on 18th Oct, 2020 | By Sumeetha 5 Minutes

Oct 7: CSW Patch Watch & Security Updates

In our Oct 7 edition of Patch Watch, we have 13 vendors (Apple, CISCO, IBM, RedHat, Dell, Android and others) who released 93 patches, hotfixes and security updates.

Read More

Posted on 15th Oct, 2020 | By Sumeetha 5 Minutes

Cyber Hygiene: Ransomware is causing critical care disruption in hospitals

We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!

Read More

Posted on 12th Oct, 2020 | By Sumeetha 5 Minutes

Sep 30: CSW Patch Watch & Security Updates

Two weeks ago, CISCO, Citrix, IBM, Pulse Secure, Amazon, Dell, RedHat and many others  released security updates.

Read More

Posted on 1st Oct, 2020 | By Pavithra 5 Minutes

Sep 23: CSW Patch Watch & Security Updates

Last week, Apple, CISCO, Google, Linux, and many other popular vendors released advisories for 105 vulnerabilities.

Read More

Posted on 29th Sep, 2020 | By Sumeetha 3 Minutes

Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc

Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.

Read More

Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes

How to detect vulnerability CVE-2020-24601?

Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.

Read More

Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes

How to detect vulnerability CVE-2020-24602?

Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Posted on 21st Sep, 2020 | By Bhavithra 2 Minutes

How to detect Vulnerability CVE-2020-24604?

Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Posted on 3rd Sep, 2020 | By Bhavithra 3 Minutes

How to detect the vulnerability CVE-2020-14723?

A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.

Read More

Posted on 30th Aug, 2020 | By Sumeetha 2 Minutes

India's Cybersecurity Policy: Disclosure of Data Breaches

Will the new national cybersecurity policy include a disclosure policy similar to what the west has?

Read More

Posted on 5th Aug, 2020 | By Sumeetha 3 Minutes

WastedLocker Ransomware Attack: Indicators of compromise (IOCs)

Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.

Read More

Posted on 28th Jul, 2020 | By Sumeetha 5 Minutes

How to detect CVE-2020-5902?

CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.

Read More

Posted on 19th Jul, 2020 | By Sumeetha 3 Minutes

How safe are Web Proxy?

Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.

Read More

Posted on 19th Jul, 2020 | By Sumeetha 3 Minutes

How safe are Databases?

Cyber threat actors have been working hard during these pandemic times. Systems, infrastructure, and sensitive information that was hitherto viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.

Read More

Posted on 19th Jul, 2020 | By Sumeetha 5 Minutes

How safe are Enterprise Data Storage Systems?

While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?

Read More

Posted on 19th Jul, 2020 | By Sumeetha 5 Minutes

How safe are VPN solutions?

Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.

Read More

Posted on 15th Jul, 2020 | By Sumeetha 5 Minutes

Atlassian’s new features and the Shift Left Revolution

All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?

Read More

Posted on 14th Jul, 2020 | By Sumeetha 7 Mins Read

How safe are online conferences?

With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.

Read More

Posted on 14th Jul, 2020 | By Team CSW 5 Mins Read

How safe are your Tech Stacks?

This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.

Read More