Posted on Nov 22, 2021 | By Surojoy Gupta 5 minutes
CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 291 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!
Read More
Posted on Nov 15, 2021 | By Surojoy Gupta 5 minutes
20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations
A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 291 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst the 287, 53 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.
Read More
Posted on Nov 12, 2021 | By Pavithra Shankar 3 minutes
Patch Urgently - Microsoft OMIGOD Vulnerabilities Are Under Active Exploitation!
Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.
Read More
Posted on Oct 26, 2021 | By Pavithra Shankar 3 minutes
Security Management: CVE-2021-36260, Patch this Hikvision Vulnerability.
The video surveillance giant Hikvision disclosed a zero-click vulnerability tracked as CVE-2021-36260, which has existed from at least 2016, according to researchers. The vulnerability that exists in Hikvision camera models is highly susceptible to remote hijacking without requiring a username or password.
Read More
Posted on Oct 21, 2021 | By Surojoy Gupta 4 minutes
Ragnar Locker Ransomware hits Customer Care Giant TTEC
US-based customer support and sales representative company handling the world’s largest brands, TTEC, faces a network outage following a ransomware attack and sparks fears of a supply-chain attack. Read on to find out more about the attack.
Read More
Posted on Oct 8, 2021 | By Pavithra Shankar 3 minutes
CVE-2021-41773 & CVE-2021-42013: Apache Web Servers are Vulnerable, Patch Now!
On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49—a widely used open-source, cross-platform web server for Unix and Windows.
Read More
Posted on Oct 6, 2021 | By Surojoy Gupta 3 minutes
CSW Discovers Stored Cross-Site Scripting (XSS) Zero-Day Vulnerability in WordPress Plugin
On September 1, 2021, CSW researchers discovered a Cross-Site Scripting (XSS) zero-day vulnerability in Zoho CRM Lead Magnet Version 1.7.2.4. Read on to find out more about the vulnerability.
Read More
Posted on Oct 5, 2021 | By Pavithra Shankar 3 minutes
CISA & FBI : Zoho Flaws Being Actively Exploited, Patch Now
The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.
Read More
Posted on Sep 29, 2021 | By Surojoy Gupta 3 minutes
A 15-year old Vulnerability Exposes Linux to Privilege Escalation Attacks
A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability’s characteristics and the impact it can have.
Read More
Posted on Sep 28, 2021 | By Surojoy Gupta 4 minutes
Critical OpenSSL Vulnerabilities affecting Linux and NAS devices
Two OpenSSL vulnerabilities, one remote code execution, and a denial-of-service were discovered by network-attached storage device manufacturers, Synology and QNAP. The fear of a ransomware attack leveraging the vulnerabilities still remains high. Here is our analysis of the vulnerabilities.
Read More
Posted on Sep 27, 2021 | By Surojoy Gupta 4 minutes
Critical VMware Vulnerability: Patch CVE-2021-22005 Now!
On September 21, 2021, VMware published an advisory warning of nineteen vulnerabilities in their vCenter Server. Of the nineteen vulnerabilities, one CVE stands out as being extremely critical and potential to be exploited by ransomware—CVE-2021-22005.
Read More
Posted on Sep 15, 2021 | By Surojoy Gupta 4 minutes
Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities chained in New Attack
The newly minted LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities since early August. In a recent attack, they chained a faultily-patched PetitPotam vulnerability with the ProxyShell vulnerabilities to take over and encrypt Windows domains and spread their ransomware through target networks. Read our analysis of the vulnerabilities to understand how you can protect yourself from a potential ransomware attack.
Read More
Posted on Sep 11, 2021 | By Pavithra Shankar 5 minutes
CVE-2021-26084: Patch the Confluence Servers Now!
The United States Cyber Command and Cybersecurity Infrastructure Security Agency (CISA) rang the warning bells for companies to patch a critical vulnerability (CVE-2021-26084) in the Atlassian Confluence Server and Data Center. Here is our analysis about this vulnerability.
Read More
Posted on Aug 25, 2021 | By Surojoy Gupta 4 minutes
Pegasus Spyware Snoops On Political Figures Worldwide
An Israeli zero-click cyber-espionage software recently infected the Apple devices of journalists and politicians from around the world by exploiting three zero-day vulnerabilities. Read our analysis of these vulnerabilities.
Read More
Posted on Aug 19, 2021 | By Sumeetha, Surojoy 4 minutes
CSW Analysis: Accenture attacked by LockBit 2.0 Ransomware
On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.
Read More
Posted on Aug 11, 2021 | By Surojoy Gupta 3 minutes
Critical SolarWinds Serv-U FTP Flaw Exploited by New Chinese Threat Group
The US defense industrial base sector and many organizations from critical industries, such as software and healthcare, were recently affected by an unpatched critical remote code execution flaw in the Solarwinds Serv-U FTP server software that was exploited by a new Chinese threat group. What was the impact of the attack? Read our analysis to find out.
Read More
Posted on Aug 3, 2021 | By Surojoy Gupta 3 minutes
Indexsinas SMB Worm Exploits EternalBlue Vulnerabilities
Despite being patched four years ago, the self-propagating malware, Indexsinas SMB worm, exposes that Windows servers are still vulnerable to the infamous NSA EternalBlue exploits and can be used for crypto-mining. Here is our analysis of these vulnerabilities and their present exposure.
Read More
Posted on Jul 19, 2021 | By Priya Ravindran 3 minutes
Solarwind Attackers at It Again in Back-to-Back Campaigns
Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out CSW’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.
Read More.png)
Posted on Jul 14, 2021 | By Surojoy, Priya 3 minutes
New Threat Group Agrius Exploits Old Fortinet VPN Vulnerabilities
New APT Group Agrius is exploiting Fortinet’s vulnerabilities to attack their targets. Shodan results show 56000 target assets around the world that could be vulnerable to an attack. Check out our analysis for more information.
Read More
Posted on Jul 12, 2021 | By Surojoy Gupta 4 minutes
Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack
REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?
Read More
Posted on Jul 8, 2021 | By Surojoy, Priya 4 minutes
Back-to-back Air India Attacks indicating more than just a data breach?
The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.
Read More
Posted on Jul 7, 2021 | By Priya Ravindran 3 minutes
Is Conti Ransomware on a roll?
The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.
Read More
Posted on Jul 2, 2021 | By Pavithra Shankar 3 minutes
How to detect CVE-2021-34527?
CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.
Read More
Posted on Jun 30, 2021 | By Priya Ravindran 3 minutes
Darkside Ransomware: Further Threat Associations Unearthed
Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!
Read More
Posted on Jun 16, 2021 | By Sumeetha Manikandan 4 minutes
REvil Brings Down JBS - the World’s Largest Meat Packer
REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.
Read More
Posted on Jun 11, 2021 | By Priya Ravindran 3 minutes
All About Qlocker
Researchers at Cyber Security Works (CSW) have been tracking Qlocker, a recently discovered ransomware family. This new strain began surfacing across QNAP devices in April 2021 exploiting CVE-2021-28799, a zero-day vulnerability.
Read More
Posted on Jun 4, 2021 | By Priya Ravindran 5 minutes
FiveHands Ransomware Analysis: Can a Risk-Based Approach Help Prevent Future Attacks?
Early this year, threat actors exploited a vulnerability (CVE-2021-20016) even before the vendor could publish it on the National Vulnerability Database (NVD) and attacked an organization and stole information.
Read More
Posted on May 31, 2021 | By Priya Ravindran 3 minutes
CVE-2021-21985: Patch this Trending VMware Vulnerability
On the 25th of May 2021, VMware published an advisory warning of two vulnerabilities - CVE-2021-21985 and CVE-2021-21986 - in their vCenter Server and Cloud Foundation products.
Read More
Posted on May 18, 2021 | By Sumeetha 3 minutes
Darkside: The Ransomware that brought a US pipeline to a halt
As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.
Read More
Posted on May 4, 2021 | By Sumeetha 3 minutes
NSA Validates CSW’s warning on two critical vulnerabilities
In May 2020, CSW warned the industry of two critical vulnerabilities in Pulse Secure VPN and Citrix’s Remote Desktop solution that could be used by Ransomware or APT groups. One year after our warning, NSA, FBI and CISA validated the same.
Read More
Posted on Apr 26, 2021 | By Sumeetha 3 minutes
Why 'Old is Gold' for Ransomware?
In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report
Read More
Posted on Apr 16, 2021 | By Pavithra Shankar 7 minutes
All about Ryuk
Ryuk is a crypto-ransomware strain that encrypts access to a system, device or a file and demands ransom to release it. Ryuk is unleashed on target assets through malware, notably TrickBot and is used to gain access to a system through remote desktop services.
Read More
Posted on Mar 8, 2021 | By Sumeetha Manikandan 3 minutes
Cyber Women We Admire
This women’s day, we spoke to a few inspiring women executives who are breaking the myth and are soaring high. They are skilled, motivated, and talented and they come from different geographies, backgrounds but are united by their passion for cybersecurity.
Read More
Posted on Mar 2, 2021 | By Sumeetha 3 minutes
Google Trends: Most searched top 10 vulnerabilities in 2020
CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs.
Read More
Posted on Feb 11, 2021 | By Sumeetha 3 minutes
Sri Lankan Domain Attack: Exposed Credentials available in Dark Web for Eight Years!
Investigations on the Sri Lankan Domain attack reveal that threat actors could have used exposed credentials and vulnerabilities to breach and redirect the websites. These credentials have been exposed on the dark web for the past eight years!
Read More
Posted on Jan 21, 2021 | By Sumeetha 3 minutes
Could Google’s most searched Top 10 vulnerabilities in 2020 be key attack indicators?
2020 was a productive year for threat actors. With the world’s workforce working remotely while dealing with the pandemic, threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.
Read More
Posted on Jan 21, 2021 | By Sindhuja Sreenivasan 3 minutes
Eight Cybersecurity Predictions from CSW Security Experts
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks? We asked our exclusive team of pentesting experts to predict the trends for us, and here is what they said.
Read More
Posted on Jan 11, 2021 | By Sindhuja 3 minutes
Seven Predictions by Women Cyber Security Experts
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?
Read More
Posted on Jan 8, 2021 | By Bhavithra 3 minutes
CSW Disclosed 4 Hardcoded Credentials on D-Link Products
Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.
Read More
Posted on Dec 18, 2020 | By Pavithra Shankar 3 minutes
How to Detect SolarWinds Orion Product running on your network?
Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.
Read More
Posted on Dec 16, 2020 | By Sumeetha 3 minutes
CSW Analysis of SolarWinds: Top Scanners miss most of the vulnerabilities
The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.
Read More
Posted on Dec 15, 2020 | By Sumeetha 5 minutes
Vulnerability Analysis: SolarWinds Orion Network Management
SolarWinds disclosed on Dec 13 that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. CSW analyzed Orion’s 15 Vulnerabilities and has found that CVE-2019-9546 – with a known critical Privilege Execution Exploit needs immediate remediation along with an upgrade to Orion Platform version 2020.2.1 HF.1.
Read More
Posted on Dec 10, 2020 | By Sumeetha 3 minutes
FireEye’s stolen Pentesting Tools & the vulnerabilities they target
CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.
Read More
Posted on Dec 2, 2020 | By Pavithra Shankar 5 minutes
Fortinet’s 50,000 VPN Leak Highlights Lack of Cyber Hygiene
A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world. Check out CSW’s analysis and recommendations for this vulnerability.
Read More
Posted on Nov 27, 2020 | By Bhavithra 3 minutes
How to detect CVE- 2020-24600?
A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi - Capexweb 1.1.
Read More
Posted on Nov 6, 2020 | By Pavithra Shankar 7 minutes
Top 25 Vulnerabilities Exploited by Chinese Sponsored Hackers
The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41. Know more about these vulnerabilities and patch them before you fall prey to a breach.
Read More
Posted on Nov 2, 2020 | By Sumeetha 5 minutes
Ryuk raising the Temperature in Healthcare
Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.
Read More
Posted on Oct 15, 2020 | By Sumeetha 5 minutes
Cyber Hygiene: Ransomware is causing critical care disruption in hospitals
We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!
Read More
Posted on Sep 29, 2020 | By Sumeetha 3 minutes
Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc
Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.
Read More
Posted on Sep 21, 2020 | By Bhavithra 2 minutes
How to detect vulnerability CVE-2020-24601?
Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.
Read More
Posted on Sep 21, 2020 | By Bhavithra 2 minutes
How to detect vulnerability CVE-2020-24602?
Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Read More
Posted on Sep 21, 2020 | By Bhavithra 2 minutes
How to detect Vulnerability CVE-2020-24604?
Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Read More
Posted on Sep 3, 2020 | By Bhavithra 3 minutes
How to detect the vulnerability CVE-2020-14723?
A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.
Read More
Posted on Aug 30, 2020 | By Sumeetha 2 minutes
India's Cybersecurity Policy: Disclosure of Data Breaches
Will the new national cybersecurity policy include a disclosure policy similar to what the west has?
Read More
Posted on Aug 5, 2020 | By Sumeetha 3 minutes
WastedLocker Ransomware Attack: Indicators of compromise (IOCs)
Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.
Read More
Posted on Jul 28, 2020 | By Sumeetha 5 minutes
How to detect CVE-2020-5902?
CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.
Read More
Posted on Jul 19, 2020 | By Sumeetha 3 minutes
How safe are Web Proxy?
Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.
Read More
Posted on Jul 19, 2020 | By Sumeetha 3 minutes
How safe are Databases?
Cyber threat actors have been working hard during these pandemic times. Systems, infrastructure, and sensitive information that was hitherto viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.
Read More
Posted on Jul 19, 2020 | By Sumeetha 5 minutes
How safe are Enterprise Data Storage Systems?
While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?
Read More
Posted on Jul 19, 2020 | By Sumeetha 5 minutes
How safe are VPN solutions?
Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.
Read More
Posted on Jul 15, 2020 | By Sumeetha 5 minutes
Atlassian’s new features and the Shift Left Revolution
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
Read More
Posted on Jul 14, 2020 | By Sumeetha 7 minutes
How safe are online conferences?
With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.
Read More
Posted on Jul 14, 2020 | By Team CSW 5 minutes
How safe are your Tech Stacks?
This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.
Read More