Posted on Aug 9, 2022 1 minute
CSW's Threat Intelligence - August 08, 2022 - August 12, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Supriya Aluri
Posted on Aug 1, 2022 3 minutes
CSW's Threat Intelligence - August 02, 2022 - August 05, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Supriya Aluri
Posted on Jul 25, 2022 3 minute
CSW's Threat Intelligence - July 25, 2022 - July 29, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Supriya Aluri
Posted on Jul 18, 2022 3 minutes
CSW's Threat Intelligence - July 18, 2022 - July 22, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Supriya Aluri
Posted on Jul 14, 2022 | Updated on Aug 04, 2022 5 minutes
All about BlackCat (AlphaV)
Did you know that the BlackCat ransomware group breached 60+ organizations in a single month? Read on to know about CSW's research into the ransomware group, the vulnerabilities they use, and their attack techniques and tactics.
Priya Ravindran
Posted on Jul 13, 2022 3 minutes
CSW's Weekly Threat Intelligence - July 11, 2022 - July 15, 2022
We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Supriya Aluri
Posted on Jul 12, 2022 | Updated on July 15, 2022 3 minutes
How safe are storage devices from a ransomware attack?
Does your organization use Network Attached Storage (NAS) devices? If you think that backing up data in these devices will keep you safe from a ransomware attack, you might have to revisit your security strategy.
Priya Ravindran
Posted on Jul 8, 2022 2 minutes
CSW’s Friday Threat Intelligence
This week, we bring to you eight threats that are currently trending as well as new vulnerabilities that hackers are exploiting.
Pavithra Shankar, Supriya Aluri
Posted on Jul 6, 2022 5 minutes
43 Weaponized CVEs in Healthcare Products Threaten Patient Care
CSW researchers investigated 56 vendors and 846 healthcare products, and identified 624 vulnerabilities across them. Read to know more about our findings.
Priya Ravindran, Surojoy Gupta
Posted on Jul 6, 2022 3 minutes
Are you using MITEL’s VoIP systems? Watch out for CVE-2022-29499
A zero-day vulnerability in Mitel VOIP appliances, CVE-2022-29499, is being widely exploited in the wild with continued likelihood of exploitation, according to our researchers. Patch the vulnerability without further delay.
Supriya Aluri
Posted on Jul 4, 2022 5 minutes
Why Should Schools Prioritize Cybersecurity?
This blog provides a snapshot of how CSW is helping schools gain resilience against cyber attacks and evolving threats and what schools can do to stay safe from ransomware attacks.
Supriya Aluri
Posted on Jul 1, 2022 3 minutes
CSW Weekly Threat Intelligence
All CVEs mentioned in this blog edition have received a maximum rating from the Threat Intelligence platform indicating high probability of exploitation.
Pavithra Shankar
Posted on Jun 27, 2022 2 minutes
CSW Weekly Threat Intelligence
CSW weekly threat intelligence edition brings to you early warnings about critical vulnerabilities that could potentially be weaponized and prove dangerous to your organization and its assets.
Pavithra Shankar
Posted on Jun 17, 2022 3 minute
CVE-2022-26134: A New RCE Atlassian Bug Exploited by Ransomware Gangs
Atlassian zero-day vulnerability that has been exploited in the wild is tagged as CVE-2022-26134. This is a critical unauthenticated, remote code execution vulnerability that affects all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.
Prakash Ram
Posted on Jun 13, 2022 2 minutes
CISA Adds Vulnerabilities Warned by CSW’s Ransomware Reports
In a recent update of KEV on May 23, 2022, CISA has added three of four vulnerabilities that were called out in the CSW’s Q1 2022 Ransomware Report (May 18, 2022) thereby validating our research and recommendations.
Priya Ravindran
Posted on Jun 3, 2022 | Updated on Aug 04, 2022 3 minutes
Follina: The No Patch Microsoft Office 0-Day Bug [CVE-2022-30190] Springs in Wild
An unpatched vulnerability tracked as CVE-2022-30190 (aka Follina) in the remote Word template feature enables adversaries to execute malicious code on targeted systems of Microsoft Office. TA413, a Chinese state-sponsored threat actor, is now found to be exploiting the Follina Zero-day vulnerability to use it against the International Tibetan community.
Pavithra Shankar
Posted on Jun 3, 2022 3 minutes
The History Repeating Windows SpoolFool (CVE-2022-21999) Vulnerability, Patch Now
On February 08, 2022, Microsoft published updates for CVE-2022-21999 as part of its Patch Tuesday program. This vulnerability affects the Windows Print Spooler service and is a workaround for CVE-2022-1030 fixes.
Abhinand Santhosh Kumar, Saravanan Ganesan
Posted on May 30, 2022 3 minutes
43 APT Groups Use Ransomware to Attack Their Targets
CSW’s quarterly report on ransomware metrics reveals that three new APT groups are using ransomware to mount attacks on their targets, bringing the total number of APT groups using ransomware to 43. Read more on them here.
Supriya Aluri
Posted on May 25, 2022
CVE-2022-22972: DHS CISA Directs Federal Agencies to Take Immediate Action Against VMware Bugs
The U.S. Cybersecurity and Infrastructure Agency issued an emergency security directive over VMware vulnerabilities, which threat actors are likely to exploit.
Pavithra Shankar
Posted on May 13, 2022 2 minutes
Social Engineering Attacks: Don’t Get Fooled!
With the sudden increase in the number of establishments completely operating via remote means, the internet exposure is higher than ever before. The cyber threats of an organization expose the vulnerabilities present in its assets.
Sowmya
Posted on Apr 29, 2022 3 minutes
Account Takeover Series 3: Account Takeover through Insecure Direct Object Reference
Insecure Direct Object Reference or IDOR occurs when the application trusts the user input and takes sensitive action or shows sensitive information based on the same.
Mritunjay
Posted on Apr 22, 2022 2 minutes
ATO Attack Series 2: Account Takeover through Password Reset Poisoning
Every web application that has a login portal also has a reset password functionality with it. This reset password functionality comes in very handy when the user forgets his password. Read on to know how attackers steal your credentials while resetting your password.
Mritunjay
Posted on Apr 15, 2022 2 minutes
ATO Attack Series 1: Cross-Site Request Forgery Account Takeover
Cross-Site Request Forgery (CSRF) is a vulnerability that lets an attacker execute some action on the web application on behalf of an authenticated victim user.
Mritunjay
Posted on Apr 14, 2022 5 minutes
CSW’s AI-based insights into APT groups and their arsenal
CSW's AI-based vulnerability and threat intelligence delves deep into the vulnerabilities exploited by APT groups
Priya Ravindran
Posted on Apr 8, 2022 1 minute
Account Takeover Attack (ATO): How does it work?
Account Takeover is a type of cyberattack in which an attacker can take over a victim’s user account through malicious means. This attack scenario does not involve the attacker being aware of the victim’s sensitive credentials in advance to successfully gain access to an account.
Mritunjay
Posted on Mar 31, 2022 | Updated on Apr 26, 2022 3 minutes
Spring4Shell (CVE-2022-22965): Are you vulnerable to this Zero Day?
A zero-day RCE vulnerability in Java Spring Core library is predicted to be the next Log4j. Are you prepared for the impending Spring4Shell threat?
Priya Ravindran
Posted on Mar 16, 2022 5 minutes
Cyberwar Bulletin 2: Are you ready for this cyberwar?
This bulletin covers CSW's research on the cyberwar, in particular the ransomware and malware threats that are spawning out of the Russia-Ukraine conflict.
Sumeetha Manikandan, Priya Ravindran
Posted on Mar 16, 2022 2 minutes
Securing Critical Workloads on AWS
The need for a continuous and holistic AWS security approach has significantly increased as more organizations modernize their critical workloads and take advantage of AWS capabilities and services. Click here to know more!
Phil Manfredi
Posted on Mar 4, 2022 | Updated on Mar 10, 2022 5 minutes
Cyberwar Bulletin 1: Russia & Ukraine
CSW's analysis of the threat groups and tools playing a role as threats in this cyber war between Russia and Ukraine
Sumeetha Manikandan, Priya Ravindran
Posted on Mar 2, 2022 | Updated on July 6, 2022 5 minutes
Latency Analysis of DHS CISA KEVs
In this blog, CSW experts analyzed CISA’s Known Exploited Vulnerabilities (KEV) list for latencies in publishing, exploiting, and patching to understand how fast attackers are weaponizing them for attacks.
Priya Ravindran, Sumeetha Manikandan
Posted on Mar 2, 2022 | Updated on August 08, 2022 3 minutes
Top Scanners Fail to Flag DHS CISA-warned Known Exploited Vulnerabilities (KEV)
We looked into the DHS CISA KEV catalog one step further and found that 57 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys. Click here to know more!
Pavithra Shankar
Posted on Feb 23, 2022 | Updated on June 29, 2022 5 minutes
All About Conti
The Conti Group has been one of the most prolific ransomware groups in 2022, second only to REvil. However, Conti has been on a roll with the widespread of attacks against US and now has 44 vulnerability associations. Organizations need to set a patching priority for these vulnerabilities in order to avoid large-scale attacks.
Surojoy Gupta
Posted on Feb 7, 2022 4 minutes
Rootkit Attacks: Start to a Dangerous Trend?
iLOBleed, a previously undetected rootkit, was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. Could this portend a dangerous trend? Read our analysis to find out.
Surojoy Gupta
Posted on Feb 4, 2022 3 minutes
CSW Analysis: Top Scanners Missed Vulnerabilities Tied to Ransomware in 2021
Cyber Security Works researchers analyzed the data further by comparing the CVEs with some of the popular scanners (Nessus, Qualys, and Nexpose) and observed that they missed to detect 21 vulnerabilities tied to ransomware strains.
Pavithra Shankar
Posted on Jan 28, 2022 2 minutes
Patch Now: Vmware Fixed CVE-2021-22045 Heap-Overflow Vulnerability
VMware has published security fixes for its Workstation, Fusion, and ESXi products to address a heap-overflow vulnerability identified as CVE-2021-22045.
Pavithra Shankar
Posted on Jan 25, 2022 2 minutes
CSW Discovers a XSS Vulnerability in WordPress Post Duplicator Plugin
Cyber Security Works discovered and reported a Stored Cross-Site Scripting vulnerability in WordPress Post Duplicator Plugin that allows an authenticated attacker to inject a JavaScript payload into a trusted URL.
Pavithra Shankar
Posted on Jan 13, 2022 3 min
We Need Cyber Safety For Our Schools!
Cybersecurity is a priority in education due to the lack of resources and continual ransomware attacks. CISA’s new K-12 Cybersecurity Act will research and develop tools to help schools become more secure against cyberattacks. However, schools are not required to use any cybersecurity plan which leaves them vulnerable.
Aaron Sandeen
Posted on Jan 12, 2022 3 minutes
Apache Fixes Two Critical HTTP Server Flaws
The Apache Software Foundation has published a new version 2.4.52 of the Apache HTTP Server to fix two vulnerabilities in one of the world's most popular web servers - one of which is rated as high, and the other as critical.
Pavithra Shankar
Posted on Jan 10, 2022 5 minutes
A Pentester’s Perspective: What's Next after Domain Admin?
Organizations have been increasingly relying on cloud services from Azure, since Microsoft provides native support. As a result, CSW penetration testers have been researching various attack vectors related to Azure. Read on to find out more about their findings.
Venkatraman Kumar
Posted on Jan 9, 2022 2 minutes
How to Detect JNDI vulnerability in H2 Database Engine?
CSW Researchers have developed a script to detect the JNDI vulnerability - the well-known LogShell-like vulnerability. Run our simple-to-use script to ensure your projects are free from JNDI injections.
Pavithra Shankar
Posted on Jan 7, 2022 2 minutes
CSW Discovers a Stored Cross-Site Scripting Vulnerability in WordPress Customize Login Image
Cyber Security Works has discovered a new zero-day (Stored Cross-Site Scripting) vulnerability, CVE-2021-33851 in WordPress Customize Login Image.
Pavithra Shankar
Posted on Jan 4, 2022 5 minutes
Top 5 Affected Products in CISA’s Catalog of Known Exploited Vulnerabilities (KEV)
Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.
Surojoy Gupta
Posted on Dec 27, 2021 3 minutes
Patch Now: Two Microsoft Active Directory Bugs Chained to Takeover Windows Domain
Two Active Directory bugs with vulnerability-chaining capabilities can allow attackers to impersonate regular domain users in order to gain privileges and get Windows domain access in unpatched Microsoft Windows Active Directory. Read on to find out more about these vulnerabilities and how to detect them.
Surojoy Gupta
Posted on Dec 24, 2021 3 minutes
Zoho: CISA and FBI Issues Alert for New Zero-Day Vulnerability (CVE-2021-44077), Patch Now!
An APT group is using CVE-2021-44077 and CVE-2021-44515 in Zoho ManageEngine ServiceDesk Plus and Desktop Central Servers to compromise businesses in a range of industries, including military and technology.
Pavithra Shankar
Posted on Dec 17, 2021 3 minutes
Palo Alto Networks’ Firewalls Are Vulnerable to CVE-2021-3064. Upgrade Now!
A zero-day vulnerability has been discovered in Palo Alto Networks GlobalProtect VPN that unauthenticated attackers can exploit to execute arbitrary commands on affected devices with root privileges.
Pavithra Shankar
Posted on Dec 12, 2021 | Updated on Apr 31, 2022 2 Minutes
Have you Patched the Apache Log4j vulnerability CVE-2021-44228?
Apache Log4j vulnerability CVE-2021-44228 is a critical zero-day code execution vulnerability with a CVSS base score of 10. This weakness poses a significant risk to many applications and cloud services and it needs to be patched right away!
Sumeetha Manikandan, Pavithra Shankar
Posted on Dec 6, 2021 5 minutes
Top Affected Vendors according to CISA’s Catalog of Known Exploited Vulnerabilities (KEV)
While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products. In this blog, we have taken a detailed look at top five vendors and the vulnerabilities that plague them.
Surojoy Gupta
Posted on Nov 30, 2021 3 minutes
CSW Discovers its 50th Zero Day Vulnerability in WordPress Microsoft Clarity Plugin
Cyber Security Works has discovered a new zero-day (Cross-Site Scripting) vulnerability, CVE-2021-33850 in WordPress Microsoft Clarity.
Pavithra Shankar
Posted on Nov 22, 2021 | Updated on August 8, 2022 5 minutes
CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities
The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 790 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!
Surojoy Gupta, Priya Ravindran, Pavithra Shankar
Posted on Nov 15, 2021 | Updated on May 25, 2022 5 minutes
20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations
A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.
Surojoy Gupta
Posted on Nov 12, 2021 3 minutes
Patch Urgently - Microsoft OMIGOD Vulnerabilities Are Under Active Exploitation!
Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.
Pavithra Shankar
Posted on Oct 26, 2021 3 minutes
Security Management: CVE-2021-36260, Patch this Hikvision Vulnerability.
The video surveillance giant Hikvision disclosed a zero-click vulnerability tracked as CVE-2021-36260, which has existed from at least 2016, according to researchers. The vulnerability that exists in Hikvision camera models is highly susceptible to remote hijacking without requiring a username or password.
Pavithra Shankar
Posted on Oct 21, 2021 | Updated on Mar 23, 2022 4 minutes
Ragnar Locker Ransomware hits Customer Care Giant TTEC
US-based customer support and sales representative company handling the world’s largest brands, TTEC, faces a network outage following a ransomware attack and sparks fears of a supply-chain attack. Read on to find out more about the attack.
Surojoy Gupta
Posted on Oct 8, 2021 3 minutes
CVE-2021-41773 & CVE-2021-42013: Apache Web Servers are Vulnerable, Patch Now!
On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49—a widely used open-source, cross-platform web server for Unix and Windows.
Pavithra Shankar
Posted on Oct 6, 2021 3 minutes
CSW Discovers Stored Cross-Site Scripting (XSS) Zero-Day Vulnerability in WordPress Plugin
On September 1, 2021, CSW researchers discovered a Cross-Site Scripting (XSS) zero-day vulnerability in Zoho CRM Lead Magnet Version 1.7.2.4. Read on to find out more about the vulnerability.
Surojoy Gupta
Posted on Oct 5, 2021 3 minutes
CISA & FBI : Zoho Flaws Being Actively Exploited, Patch Now
The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.
Pavithra Shankar
Posted on Sep 29, 2021 3 minutes
A 15-year old Vulnerability Exposes Linux to Privilege Escalation Attacks
A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability’s characteristics and the impact it can have.
Surojoy Gupta
Posted on Sep 28, 2021 | Updated on Mar 23, 2022 4 minutes
Critical OpenSSL Vulnerabilities affecting Linux and NAS devices
Two OpenSSL vulnerabilities, one remote code execution, and a denial-of-service were discovered by network-attached storage device manufacturers, Synology and QNAP. The fear of a ransomware attack leveraging the vulnerabilities still remains high. Here is our analysis of the vulnerabilities.
Surojoy Gupta
Posted on Sep 27, 2021 4 minutes
Critical VMware Vulnerability: Patch CVE-2021-22005 Now!
On September 21, 2021, VMware published an advisory warning of nineteen vulnerabilities in their vCenter Server. Of the nineteen vulnerabilities, one CVE stands out as being extremely critical and potential to be exploited by ransomware—CVE-2021-22005.
Surojoy Gupta
Posted on Sep 15, 2021 4 minutes
Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities chained in New Attack
The newly minted LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities since early August. In a recent attack, they chained a faultily-patched PetitPotam vulnerability with the ProxyShell vulnerabilities to take over and encrypt Windows domains and spread their ransomware through target networks. Read our analysis of the vulnerabilities to understand how you can protect yourself from a potential ransomware attack.
Surojoy Gupta
Posted on Sep 11, 2021 5 minutes
CVE-2021-26084: Patch the Confluence Servers Now!
The United States Cyber Command and Cybersecurity Infrastructure Security Agency (CISA) rang the warning bells for companies to patch a critical vulnerability (CVE-2021-26084) in the Atlassian Confluence Server and Data Center. Here is our analysis about this vulnerability.
Pavithra Shankar
Posted on Aug 25, 2021 | Updated on June 28, 2022 4 minutes
Pegasus Spyware Snoops On Political Figures Worldwide
An Israeli zero-click cyber-espionage software recently infected the Apple devices of journalists and politicians from around the world by exploiting three zero-day vulnerabilities. Read our analysis of these vulnerabilities.
Surojoy Gupta
Posted on Aug 19, 2021 | Updated on June 29, 2022 4 minutes
CSW Analysis: Accenture attacked by LockBit 2.0 Ransomware
On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.
Sumeetha, Surojoy
Posted on Aug 11, 2021 3 minutes
Critical SolarWinds Serv-U FTP Flaw Exploited by New Chinese Threat Group
The US defense industrial base sector and many organizations from critical industries, such as software and healthcare, were recently affected by an unpatched critical remote code execution flaw in the Solarwinds Serv-U FTP server software that was exploited by a new Chinese threat group. What was the impact of the attack? Read our analysis to find out.
Surojoy Gupta
Posted on Aug 3, 2021 3 minutes
Indexsinas SMB Worm Exploits EternalBlue Vulnerabilities
Despite being patched four years ago, the self-propagating malware, Indexsinas SMB worm, exposes that Windows servers are still vulnerable to the infamous NSA EternalBlue exploits and can be used for crypto-mining. Here is our analysis of these vulnerabilities and their present exposure.
Surojoy Gupta
Posted on Jul 19, 2021 | Updated on Feb 8, 2022 3 minutes
Solarwind Attackers at It Again in Back-to-Back Campaigns
Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out CSW’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.
Priya Ravindran
.png)
Posted on Jul 14, 2021 3 minutes
New Threat Group Agrius Exploits Old Fortinet VPN Vulnerabilities
New APT Group Agrius is exploiting Fortinet’s vulnerabilities to attack their targets. Shodan results show 56000 target assets around the world that could be vulnerable to an attack. Check out our analysis for more information.
Surojoy, Priya
Posted on Jul 12, 2021 4 minutes
Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack
REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?
Surojoy Gupta
Posted on Jul 8, 2021 4 minutes
Back-to-back Air India Attacks indicating more than just a data breach?
The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.
Surojoy, Priya
Posted on Jul 7, 2021 3 minutes
Is Conti Ransomware on a roll?
The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.
Priya Ravindran
Posted on Jul 2, 2021 3 minutes
How to detect CVE-2021-34527?
CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.
Pavithra Shankar
Posted on Jun 30, 2021 3 minutes
Darkside Ransomware: Further Threat Associations Unearthed
Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!
Priya Ravindran
Posted on Jun 16, 2021 4 minutes
REvil Brings Down JBS - the World’s Largest Meat Packer
REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.
Sumeetha Manikandan
Posted on Jun 11, 2021 | Updated on Apr 05, 2022 3 minutes
All About Qlocker
Researchers at Cyber Security Works (CSW) have been tracking Qlocker, a recently discovered ransomware family. This new strain began surfacing across QNAP devices in April 2021 exploiting CVE-2021-28799, a zero-day vulnerability.
Priya Ravindran
Posted on Jun 4, 2021 5 minutes
FiveHands Ransomware Analysis: Can a Risk-Based Approach Help Prevent Future Attacks?
Early this year, threat actors exploited a vulnerability (CVE-2021-20016) even before the vendor could publish it on the National Vulnerability Database (NVD) and attacked an organization and stole information.
Priya Ravindran
Posted on May 31, 2021 3 minutes
CVE-2021-21985: Patch this Trending VMware Vulnerability
On the 25th of May 2021, VMware published an advisory warning of two vulnerabilities - CVE-2021-21985 and CVE-2021-21986 - in their vCenter Server and Cloud Foundation products.
Priya Ravindran
Posted on May 18, 2021 3 minutes
Darkside: The Ransomware that brought a US pipeline to a halt
As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.
Sumeetha
Posted on May 4, 2021 3 minutes
NSA Validates CSW’s warning on two critical vulnerabilities
In May 2020, CSW warned the industry of two critical vulnerabilities in Pulse Secure VPN and Citrix’s Remote Desktop solution that could be used by Ransomware or APT groups. One year after our warning, NSA, FBI and CISA validated the same.
Sumeetha
Posted on Apr 26, 2021 3 minutes
Why 'Old is Gold' for Ransomware?
In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report
Sumeetha
Posted on Apr 16, 2021 7 minutes
All about Ryuk
Ryuk is a crypto-ransomware strain that encrypts access to a system, device or a file and demands ransom to release it. Ryuk is unleashed on target assets through malware, notably TrickBot and is used to gain access to a system through remote desktop services.
Pavithra Shankar
Posted on Mar 8, 2021 3 minutes
Cyber Women We Admire
This women’s day, we spoke to a few inspiring women executives who are breaking the myth and are soaring high. They are skilled, motivated, and talented and they come from different geographies, backgrounds but are united by their passion for cybersecurity.
Sumeetha Manikandan
Posted on Mar 2, 2021 3 minutes
Google Trends: Most searched top 10 vulnerabilities in 2020
CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs.
Sumeetha
Posted on Feb 11, 2021 3 minutes
Sri Lankan Domain Attack: Exposed Credentials available in Dark Web for Eight Years!
Investigations on the Sri Lankan Domain attack reveal that threat actors could have used exposed credentials and vulnerabilities to breach and redirect the websites. These credentials have been exposed on the dark web for the past eight years!
Sumeetha
Posted on Jan 21, 2021 3 minutes
Could Google’s most searched Top 10 vulnerabilities in 2020 be key attack indicators?
2020 was a productive year for threat actors. With the world’s workforce working remotely while dealing with the pandemic, threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.
Sumeetha
Posted on Jan 21, 2021 3 minutes
Eight Cybersecurity Predictions from CSW Security Experts
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks? We asked our exclusive team of pentesting experts to predict the trends for us, and here is what they said.
Sindhuja Sreenivasan
Posted on Jan 11, 2021 3 minutes
Seven Predictions by Women Cyber Security Experts
What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?
Sindhuja
Posted on Jan 8, 2021 3 minutes
CSW Disclosed 4 Hardcoded Credentials on D-Link Products
Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.
Bhavithra
Posted on Dec 18, 2020 3 minutes
How to Detect SolarWinds Orion Product running on your network?
Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.
Pavithra Shankar
Posted on Dec 16, 2020 3 minutes
CSW Analysis of SolarWinds: Top Scanners miss most of the vulnerabilities
The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.
Sumeetha
Posted on Dec 15, 2020 5 minutes
Vulnerability Analysis: SolarWinds Orion Network Management
SolarWinds disclosed on Dec 13 that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. CSW analyzed Orion’s 15 Vulnerabilities and has found that CVE-2019-9546 – with a known critical Privilege Execution Exploit needs immediate remediation along with an upgrade to Orion Platform version 2020.2.1 HF.1.
Sumeetha
Posted on Dec 10, 2020 3 minutes
FireEye’s stolen Pentesting Tools & the vulnerabilities they target
CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.
Sumeetha
Posted on Dec 2, 2020 5 minutes
Fortinet’s 50,000 VPN Leak Highlights Lack of Cyber Hygiene
A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world. Check out CSW’s analysis and recommendations for this vulnerability.
Pavithra Shankar
Posted on Nov 27, 2020 3 minutes
How to detect CVE- 2020-24600?
A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi - Capexweb 1.1.
Bhavithra
Posted on Nov 6, 2020 | Updated on June 9, 2022 7 minutes
Top 25 Vulnerabilities Exploited by Chinese Sponsored Hackers
The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41. Know more about these vulnerabilities and patch them before you fall prey to a breach.
Pavithra Shankar
Posted on Nov 2, 2020 5 minutes
Ryuk raising the Temperature in Healthcare
Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.
Sumeetha
Posted on Oct 15, 2020 5 minutes
Cyber Hygiene: Ransomware is causing critical care disruption in hospitals
We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!
Sumeetha
Posted on Sep 29, 2020 3 minutes
Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc
Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.
Sumeetha
Posted on Sep 21, 2020 2 minutes
How to detect vulnerability CVE-2020-24601?
Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.
Bhavithra
Posted on Sep 21, 2020 2 minutes
How to detect vulnerability CVE-2020-24602?
Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Bhavithra
Posted on Sep 21, 2020 2 minutes
How to detect Vulnerability CVE-2020-24604?
Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).
Bhavithra
Posted on Sep 3, 2020 3 minutes
How to detect the vulnerability CVE-2020-14723?
A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.
Bhavithra
Posted on Aug 30, 2020 2 minutes
India's Cybersecurity Policy: Disclosure of Data Breaches
Will the new national cybersecurity policy include a disclosure policy similar to what the west has?
Sumeetha
Posted on Aug 5, 2020 3 minutes
WastedLocker Ransomware Attack: Indicators of compromise (IOCs)
Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.
Sumeetha
Posted on Jul 28, 2020 5 minutes
How to detect CVE-2020-5902?
CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.
Sumeetha
Posted on Jul 19, 2020 3 minutes
How safe are Web Proxy?
Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.
Sumeetha
Posted on Jul 19, 2020 3 minutes
How safe are Databases?
Cyber threat actors have been working hard during these pandemic times. Systems, infrastructure, and sensitive information that was hitherto viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.
Sumeetha
Posted on Jul 19, 2020 5 minutes
How safe are Enterprise Data Storage Systems?
While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?
Sumeetha
Posted on Jul 19, 2020 5 minutes
How safe are VPN solutions?
Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.
Sumeetha
Posted on Jul 15, 2020 5 minutes
Atlassian’s new features and the Shift Left Revolution
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
Sumeetha
Posted on Jul 14, 2020 7 minutes
How safe are online conferences?
With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.
Sumeetha
Posted on Jul 14, 2020 5 minutes
How safe are your Tech Stacks?
This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.
Team CSW
