Ransomware Q2 & Q3 Report is live now!

Blogs

Read about the latest news and updates from the cybersecurity ecosystem.

Posted on Nov 28, 2022 | Updated on Dec 1, 2022 5 minutes

CSW's Threat Intelligence - November 28, 2022 - December 2, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | November 28, 2022 - December 2, 2022

Read More

Supriya Aluri

Posted on Nov 21, 2022 | Updated on Nov 25, 2022 6 minutes

CSW's Threat Intelligence - November 21, 2022 - November 25, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | November 21, 2022 - November 25, 2022

Read More

Supriya Aluri

Posted on Nov 14, 2022 | Updated on Nov 18, 2022 7 minutes

CSW's Threat Intelligence - November 14, 2022 - November 18, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | November 14, 2022 - November 18, 2022

Read More

Supriya Aluri

Posted on Nov 7, 2022 | Updated on November 11, 2022 6 minutes

CSW's Threat Intelligence - November 7, 2022 - November 11, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | November 7, 2022 - November 11, 2022

Read More

Priya Ravindran, Supriya Aluri

Posted on Oct 31, 2022 | Updated on November 4, 2022 6 minutes

CSW's Threat Intelligence - October 31, 2022 - November 4, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | October 31, 2022 - November 4, 2022

Read More

Supriya Aluri

Posted on Oct 25, 2022 | Updated on October 28, 2022 3 minutes

CSW's Threat Intelligence - October 24, 2022 - October 28, 2022

This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from October 24, 2022 to October 28, 2022

Read More

Supriya Aluri

Posted on Oct 18, 2022

CSW Expert Discovers a Zero Day Vulnerability in Tenable’s Nessus Scanner

CSW experts have discovered a Zero Day vulnerability with medium severity in Tenable’s Nessus Professional scanner. This bug has been identified as ‘Sensitive Information Disclosure’ and has been given the CVE identifier of CVE-2022-28291 and has a severity score of 6.5 in CVSS V3. This vulnerability has been mapped to weakness enumeration CWE-522 (Insufficiently Protected Credentials).

Read More

Team CSW

Posted on Oct 18, 2022 | Updated on Oct 21, 2022 6 minutes

CSW's Threat Intelligence - October 17, 2022 - October 21, 2022

This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from Oct 17, 2022 to Oct 21, 2022

Read More

Supriya Aluri

Posted on Oct 10, 2022 | Updated on Oct 14, 2022 5 minutes

CSW's Threat Intelligence - October 10, 2022 - October 14, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | October 10, 2022 - October 14, 2022

Read More

Supriya Aluri

Posted on Oct 3, 2022 | Updated on October 07, 2022 3 minutes

CSW's Threat Intelligence - October 3, 2022 - October 7, 2022

This blog brings you all the DHS CISA KEVs that need to be prioritized for patching from Oct 3, 2022 to Oct 7, 2022

Read More

Supriya Aluri

Posted on Sep 28, 2022 | Updated on September 29, 2022 6 minutes

All about LockBit Ransomware

Read all about the CVEs exploited, attack methodology, and techniques used by the LockBit ransomeareKnow the CVEs exploited, attack methodology, and techniques used by the LockBit ransomeare

Read More

Supriya Aluri

Posted on Sep 27, 2022 | Updated on September 29, 2022 6 minutes

CSW's Threat Intelligence - September 26, 2022 - September 30, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | September 26, 2022 - September 30, 2022

Read More

Supriya Aluri

Posted on Sep 23, 2022 3 minutes

Cyberwar Bulletin: Iran and Albania

As the world still reels under the impact of the Ukraine-Russia cyberwar, yet another Cyberwar has started between Iran and Albania. CSW experts provide insights into Iranian threats that organizations need to watch out for. 

Read More

Priya Ravindran

Posted on Sep 19, 2022 | Updated on Sep 23, 2022 5 minutes

CSW's Threat Intelligence - September 19, 2022 - September 23, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | September 19, 2022 - September 23, 2022

Read More

Supriya Aluri

Posted on Sep 12, 2022 | Updated on Sep 16, 2022 6 minutes

CSW's Threat Intelligence - September 12, 2022 - September 16, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Priya Ravindran

Posted on Sep 9, 2022 3 minutes

CSW's Threat Intelligence - September 05, 2022 - September 09, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting. | September 05, 2022 - September 09, 2022

Read More

Supriya Aluri

Posted on Sep 2, 2022 5 minutes

CSW's Threat Intelligence - August 29, 2022 - September 2, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Aug 22, 2022 6 minutes

CSW's Threat Intelligence - August 22, 2022 - August 26, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Aug 18, 2022 7 minutes

How Safe Is Your VPN?

Did you know hackers can exploit 125 weaponized vulnerabilities in VPN products to attack their targets? CSW analysts deep dive into exposures in VPNs that could compromise organizational networks.

Read More

Priya Ravindran

Posted on Aug 16, 2022 6 minutes

CSW's Threat Intelligence - August 15, 2022 - August 19, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Aug 12, 2022 3 minutes

An Exploration of Russia-based APT29’s Recent Campaigns

CSW's analysis of the vulnerabilities and attack tactics used by APT29 in recent campaigns

Read More

Vasanthakumar Thangaprakasam

Posted on Aug 9, 2022 6 minutes

CSW's Threat Intelligence - August 08, 2022 - August 12, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Aug 1, 2022 3 minutes

CSW's Threat Intelligence - August 02, 2022 - August 05, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Jul 25, 2022 3 minute

CSW's Threat Intelligence - July 25, 2022 - July 29, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Jul 18, 2022 3 minutes

CSW's Threat Intelligence - July 18, 2022 - July 22, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Jul 14, 2022 | Updated on Sep 06, 2022 5 minutes

All about BlackCat (ALPHV)

Did you know that the BlackCat ransomware group breached 60+ organizations in a single month? Read on to know about CSW's research into the ransomware group, the vulnerabilities they use, and their attack techniques and tactics.

Read More

Priya Ravindran

Posted on Jul 13, 2022 3 minutes

CSW's Weekly Threat Intelligence - July 11, 2022 - July 15, 2022

We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Supriya Aluri

Posted on Jul 12, 2022 | Updated on Sep 09, 2022 3 minutes

How safe are storage devices from a ransomware attack?

​​​​​​​Does your organization use Network Attached Storage (NAS) devices? If you think that backing up data in these devices will keep you safe from a ransomware attack, you might have to revisit your security strategy.

Read More

Priya Ravindran

Posted on Jul 8, 2022 2 minutes

CSW’s Friday Threat Intelligence

This week, we bring to you eight threats that are currently trending as well as new vulnerabilities that hackers are exploiting.

Read More

Pavithra Shankar, Supriya Aluri

Posted on Jul 6, 2022 5 minutes

43 Weaponized CVEs in Healthcare Products Threaten Patient Care

CSW researchers investigated 56 vendors and 846 healthcare products, and identified 624 vulnerabilities across them. Read to know more about our findings.

Read More

Priya Ravindran, Surojoy Gupta

Posted on Jul 6, 2022 3 minutes

Are you using MITEL’s VoIP systems? Watch out for CVE-2022-29499

A zero-day vulnerability in Mitel VOIP appliances, CVE-2022-29499, is being widely exploited in the wild with continued likelihood of exploitation, according to our researchers. Patch the vulnerability without further delay.

Read More

Supriya Aluri

Posted on Jul 4, 2022 | Updated on Sep 21, 2022 5 minutes

Why Should Schools Prioritize Cybersecurity?

This blog provides a snapshot of how CSW is helping schools gain resilience against cyber attacks and evolving threats and what schools can do to stay safe from ransomware attacks.

Read More

Supriya Aluri

Posted on Jul 1, 2022 3 minutes

CSW Weekly Threat Intelligence

All CVEs mentioned in this blog edition have received a maximum rating from the Threat Intelligence platform indicating high probability of exploitation.

Read More

Pavithra Shankar

Posted on Jun 29, 2022 5 minutes

MITRE Mapping of CISA KEVs and its Challenges

This blog brings talks about the challenges that exist in mapping CWEs to CAPEC using MITRE and ATT&CK

Read More

CSW Research Team

Posted on Jun 27, 2022 2 minutes

CSW Weekly Threat Intelligence

CSW weekly threat intelligence edition brings to you early warnings about critical vulnerabilities that could potentially be weaponized and prove dangerous to your organization and its assets.

Read More

Pavithra Shankar

Posted on Jun 17, 2022 3 minute

CVE-2022-26134: A New RCE Atlassian Bug Exploited by Ransomware Gangs

Atlassian zero-day vulnerability that has been exploited in the wild is tagged as CVE-2022-26134. This is a critical unauthenticated, remote code execution vulnerability that affects all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.

Read More

Prakash Ram

Posted on Jun 13, 2022 2 minutes

CISA Adds Vulnerabilities Warned by CSW’s Ransomware Reports

In a recent update of KEV on May 23, 2022, CISA has added three of four vulnerabilities that were called out in the CSW’s Q1 2022 Ransomware Report (May 18, 2022) thereby validating our research and recommendations.

Read More

Priya Ravindran

Posted on Jun 3, 2022 | Updated on Aug 04, 2022 3 minutes

Follina: The No Patch Microsoft Office 0-Day Bug [CVE-2022-30190] Springs in Wild

An unpatched vulnerability tracked as CVE-2022-30190 (aka Follina) in the remote Word template feature enables adversaries to execute malicious code on targeted systems of Microsoft Office. TA413, a Chinese state-sponsored threat actor, is now found to be exploiting the Follina Zero-day vulnerability to use it against the International Tibetan community. 

Read More

Pavithra Shankar

Posted on Jun 3, 2022 3 minutes

The History Repeating Windows SpoolFool (CVE-2022-21999) Vulnerability, Patch Now

On February 08, 2022, Microsoft published updates for CVE-2022-21999 as part of its Patch Tuesday program. This vulnerability affects the Windows Print Spooler service and is a workaround for CVE-2022-1030 fixes.

Read More

Abhinand Santhosh Kumar, Saravanan Ganesan

Posted on May 30, 2022 3 minutes

43 APT Groups Use Ransomware to Attack Their Targets

CSW’s quarterly report on ransomware metrics reveals that three new APT groups are using ransomware to mount attacks on their targets, bringing the total number of APT groups using ransomware to 43. Read more on them here.

Read More

Supriya Aluri

Posted on May 25, 2022

CVE-2022-22972: DHS CISA Directs Federal Agencies to Take Immediate Action Against VMware Bugs

The U.S. Cybersecurity and Infrastructure Agency issued an emergency security directive over VMware vulnerabilities, which threat actors are likely to exploit.

Read More

Pavithra Shankar

Posted on May 13, 2022 2 minutes

Social Engineering Attacks: Don’t Get Fooled!

With the sudden increase in the number of establishments completely operating via remote means, the internet exposure is higher than ever before. The cyber threats of an organization expose the vulnerabilities present in its assets.

Read More

Sowmya

Posted on Apr 29, 2022 3 minutes

Account Takeover Series 3: Account Takeover through Insecure Direct Object Reference

Insecure Direct Object Reference or IDOR occurs when the application trusts the user input and takes sensitive action or shows sensitive information based on the same.

Read More

Mritunjay

Posted on Apr 22, 2022 2 minutes

ATO Attack Series 2: Account Takeover through Password Reset Poisoning

Every web application that has a login portal also has a reset password functionality with it. This reset password functionality comes in very handy when the user forgets his password. Read on to know how attackers steal your credentials while resetting your password.

Read More

Mritunjay

Posted on Apr 15, 2022 2 minutes

ATO Attack Series 1: Cross-Site Request Forgery Account Takeover

Cross-Site Request Forgery (CSRF) is a vulnerability that lets an attacker execute some action on the web application on behalf of an authenticated victim user.

Read More

Mritunjay

Posted on Apr 14, 2022 5 minutes

CSW’s AI-based insights into APT groups and their arsenal

CSW's AI-based vulnerability and threat intelligence delves deep into the vulnerabilities exploited by APT groups

Read More

Priya Ravindran

Posted on Apr 8, 2022 1 minute

Account Takeover Attack (ATO): How does it work?

Account Takeover is a type of cyberattack in which an attacker can take over a victim’s user account through malicious means. This attack scenario does not involve the attacker being aware of the victim’s sensitive credentials in advance to successfully gain access to an account.

Read More

Mritunjay

Posted on Mar 31, 2022 | Updated on Apr 26, 2022 3 minutes

Spring4Shell (CVE-2022-22965): Are you vulnerable to this Zero Day?

A zero-day RCE vulnerability in Java Spring Core library is predicted to be the next Log4j. Are you prepared for the impending Spring4Shell threat?

Read More

Priya Ravindran

Posted on Mar 17, 2022

After a year, DHS CISA Adds CVE-2021-21315 to KEVs Catalog!

A researcher from Cyber Security Works (CSW) took a deep dive into this NodeJs CVE 2021-21315 vulnerability and developed a Proof-of-Concept exploit code.

Read More

Ayushman

Posted on Mar 16, 2022 5 minutes

Cyberwar Bulletin 2: Are you ready for this cyberwar?

This bulletin covers CSW's research on the cyberwar, in particular the ransomware and malware threats that are spawning out of the Russia-Ukraine conflict.

Read More

Sumeetha Manikandan, Priya Ravindran

Posted on Mar 16, 2022 2 minutes

Securing Critical Workloads on AWS

The need for a continuous and holistic AWS security approach has significantly increased as more organizations modernize their critical workloads and take advantage of AWS capabilities and services. Click here to know more!

Read More

Phil Manfredi

Posted on Mar 4, 2022 | Updated on Mar 10, 2022 5 minutes

Cyberwar Bulletin 1: Russia & Ukraine

CSW's analysis of the threat groups and tools playing a role as threats in this cyber war between Russia and Ukraine

Read More

Sumeetha Manikandan, Priya Ravindran

Posted on Mar 2, 2022 | Updated on July 6, 2022 5 minutes

Latency Analysis of DHS CISA KEVs

In this blog, CSW experts analyzed CISA’s Known Exploited Vulnerabilities (KEV) list for latencies in publishing, exploiting, and patching to understand how fast attackers are weaponizing them for attacks.

Read More

Priya Ravindran, Sumeetha Manikandan

Posted on Mar 2, 2022 | Updated on December 01, 2022 3 minutes

Top Scanners Fail to Flag DHS CISA-warned Known Exploited Vulnerabilities (KEV)

We looked into the DHS CISA KEV catalog one step further and found that 53 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys. Click here to know more!

Read More

Pavithra Shankar

Posted on Feb 23, 2022 | Updated on June 29, 2022 5 minutes

All About Conti

The Conti Group has been one of the most prolific ransomware groups in 2022, second only to REvil. However, Conti has been on a roll with the widespread of attacks against US and now has 44 vulnerability associations. Organizations need to set a patching priority for these vulnerabilities in order to avoid large-scale attacks.

Read More

Surojoy Gupta

Posted on Feb 7, 2022 4 minutes

Rootkit Attacks: Start to a Dangerous Trend?

iLOBleed, a previously undetected rootkit, was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. Could this portend a dangerous trend? Read our analysis to find out.

Read More

Surojoy Gupta

Posted on Feb 4, 2022 3 minutes

CSW Analysis: Top Scanners Missed Vulnerabilities Tied to Ransomware in 2021

Cyber Security Works researchers analyzed the data further by comparing the CVEs with some of the popular scanners (Nessus, Qualys, and Nexpose) and observed that they missed to detect 21 vulnerabilities tied to ransomware strains.

Read More

Pavithra Shankar

Posted on Jan 28, 2022 2 minutes

Patch Now: Vmware Fixed CVE-2021-22045 Heap-Overflow Vulnerability

VMware has published security fixes for its Workstation, Fusion, and ESXi products to address a heap-overflow vulnerability identified as CVE-2021-22045.

Read More

Pavithra Shankar

Posted on Jan 25, 2022 2 minutes

CSW Discovers a XSS Vulnerability in WordPress Post Duplicator Plugin

Cyber Security Works discovered and reported a Stored Cross-Site Scripting vulnerability in WordPress Post Duplicator Plugin that allows an authenticated attacker to inject a JavaScript payload into a trusted URL.

Read More

Pavithra Shankar

Posted on Jan 13, 2022 3 min

We Need Cyber Safety For Our Schools!

Cybersecurity is a priority in education due to the lack of resources and continual ransomware attacks. CISA’s new K-12 Cybersecurity Act will research and develop tools to help schools become more secure against cyberattacks. However, schools are not required to use any cybersecurity plan which leaves them vulnerable.

Read More

Aaron Sandeen

Posted on Jan 12, 2022 3 minutes

Apache Fixes Two Critical HTTP Server Flaws

The Apache Software Foundation has published a new version 2.4.52 of the Apache HTTP Server to fix two vulnerabilities in one of the world's most popular web servers - one of which is rated as high, and the other as critical.

Read More

Pavithra Shankar

Posted on Jan 10, 2022 5 minutes

A Pentester’s Perspective: What's Next after Domain Admin?

Organizations have been increasingly relying on cloud services from Azure, since Microsoft provides native support. As a result, CSW penetration testers have been researching various attack vectors related to Azure. Read on to find out more about their findings.

Read More

Venkatraman Kumar

Posted on Jan 9, 2022 2 minutes

How to Detect JNDI vulnerability in H2 Database Engine?

CSW Researchers have developed a script to detect the JNDI vulnerability - the well-known LogShell-like vulnerability. Run our simple-to-use script to ensure your projects are free from JNDI injections.

Read More

Pavithra Shankar

Posted on Jan 7, 2022 2 minutes

CSW Discovers a Stored Cross-Site Scripting Vulnerability in WordPress Customize Login Image

Cyber Security Works has discovered a new zero-day (Stored Cross-Site Scripting) vulnerability, CVE-2021-33851 in WordPress Customize Login Image.

Read More

Pavithra Shankar

Posted on Jan 4, 2022 5 minutes

Top 5 Affected Products in CISA’s Catalog of Known Exploited Vulnerabilities (KEV)  

Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.

Read More

Surojoy Gupta

Posted on Dec 27, 2021 3 minutes

Patch Now: Two Microsoft Active Directory Bugs Chained to Takeover Windows Domain

Two Active Directory bugs with vulnerability-chaining capabilities can allow attackers to impersonate regular domain users in order to gain privileges and get Windows domain access in unpatched Microsoft Windows Active Directory. Read on to find out more about these vulnerabilities and how to detect them.

Read More

Surojoy Gupta

Posted on Dec 24, 2021 3 minutes

Zoho: CISA and FBI Issues Alert for New Zero-Day Vulnerability (CVE-2021-44077), Patch Now!

An APT group is using CVE-2021-44077 and CVE-2021-44515 in Zoho ManageEngine ServiceDesk Plus and Desktop Central Servers to compromise businesses in a range of industries, including military and technology.

Read More

Pavithra Shankar

Posted on Dec 17, 2021 3 minutes

Palo Alto Networks’ Firewalls Are Vulnerable to CVE-2021-3064. Upgrade Now!

A zero-day vulnerability has been discovered in Palo Alto Networks GlobalProtect VPN that unauthenticated attackers can exploit to execute arbitrary commands on affected devices with root privileges.

Read More

Pavithra Shankar

Posted on Dec 12, 2021 | Updated on Aug 30, 2022 2 Minutes

Have you Patched the Apache Log4j vulnerability CVE-2021-44228?

Apache Log4j vulnerability CVE-2021-44228 is a critical zero-day code execution vulnerability with a CVSS base score of 10. This weakness poses a significant risk to many applications and cloud services and it needs to be patched right away!

Read More

Sumeetha Manikandan, Pavithra Shankar

Posted on Dec 6, 2021 5 minutes

Top Affected Vendors according to CISA’s Catalog of Known Exploited Vulnerabilities (KEV)

While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products. In this blog, we have taken a detailed look at top five vendors and the vulnerabilities that plague them.

Read More

Surojoy Gupta

Posted on Nov 30, 2021 3 minutes

CSW Discovers its 50th Zero Day Vulnerability in WordPress Microsoft Clarity Plugin

Cyber Security Works has discovered a new zero-day (Cross-Site Scripting) vulnerability, CVE-2021-33850 in WordPress Microsoft Clarity.

Read More

Pavithra Shankar

Posted on Nov 22, 2021 | Updated on December 01, 2022 5 minutes

CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities

The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 859 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!

Read More

Surojoy Gupta, Priya Ravindran, Pavithra Shankar

Posted on Nov 15, 2021 | Updated on May 25, 2022 5 minutes

20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations

A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.

Read More

Surojoy Gupta

Posted on Nov 12, 2021 3 minutes

Patch Urgently - Microsoft OMIGOD Vulnerabilities Are Under Active Exploitation!

Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.

Read More

Pavithra Shankar

Posted on Oct 26, 2021 | Updated on Aug 23, 2022 3 minutes

Security Management: CVE-2021-36260, Patch this Hikvision Vulnerability.

The video surveillance giant Hikvision disclosed a zero-click vulnerability tracked as CVE-2021-36260, which has existed from at least 2016, according to researchers. The vulnerability that exists in Hikvision camera models is highly susceptible to remote hijacking without requiring a username or password. 

Read More

Pavithra Shankar

Posted on Oct 21, 2021 | Updated on Mar 23, 2022 4 minutes

Ragnar Locker Ransomware hits Customer Care Giant TTEC

US-based customer support and sales representative company handling the world’s largest brands, TTEC, faces a network outage following a ransomware attack and sparks fears of a supply-chain attack. Read on to find out more about the attack.

Read More

Surojoy Gupta

Posted on Oct 8, 2021 3 minutes

CVE-2021-41773 & CVE-2021-42013: Apache Web Servers are Vulnerable, Patch Now!

On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49—a widely used open-source, cross-platform web server for Unix and Windows.

Read More

Pavithra Shankar

Posted on Oct 6, 2021 3 minutes

CSW Discovers Stored Cross-Site Scripting (XSS) Zero-Day Vulnerability in WordPress Plugin

On September 1, 2021, CSW researchers discovered a Cross-Site Scripting (XSS) zero-day vulnerability in Zoho CRM Lead Magnet Version 1.7.2.4. Read on to find out more about the vulnerability.

Read More

Surojoy Gupta

Posted on Oct 5, 2021 3 minutes

CISA & FBI : Zoho Flaws Being Actively Exploited, Patch Now

The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.

Read More

Pavithra Shankar

Posted on Sep 29, 2021 3 minutes

A 15-year old Vulnerability Exposes Linux to Privilege Escalation Attacks

A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability’s characteristics and the impact it can have.

Read More

Surojoy Gupta

Posted on Sep 28, 2021 | Updated on Mar 23, 2022 4 minutes

Critical OpenSSL Vulnerabilities affecting Linux and NAS devices

Two OpenSSL vulnerabilities, one remote code execution, and a denial-of-service were discovered by network-attached storage device manufacturers, Synology and QNAP. The fear of a ransomware attack leveraging the vulnerabilities still remains high. Here is our analysis of the vulnerabilities.

Read More

Surojoy Gupta

Posted on Sep 27, 2021 4 minutes

Critical VMware Vulnerability: Patch CVE-2021-22005 Now!

On September 21, 2021, VMware published an advisory warning of nineteen vulnerabilities in their vCenter Server. Of the nineteen vulnerabilities, one CVE stands out as being extremely critical and potential to be exploited by ransomware—CVE-2021-22005.

Read More

Surojoy Gupta

Posted on Sep 15, 2021 4 minutes

Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities chained in New Attack

The newly minted LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities since early August. In a recent attack, they chained a faultily-patched PetitPotam vulnerability with the ProxyShell vulnerabilities to take over and encrypt Windows domains and spread their ransomware through target networks. Read our analysis of the vulnerabilities to understand how you can protect yourself from a potential ransomware attack.

Read More

Surojoy Gupta

Posted on Sep 11, 2021 5 minutes

CVE-2021-26084: Patch the Confluence Servers Now!

The United States Cyber Command and Cybersecurity Infrastructure Security Agency (CISA) rang the warning bells for companies to patch a critical vulnerability (CVE-2021-26084) in the Atlassian Confluence Server and Data Center. Here is our analysis about this vulnerability.

Read More

Pavithra Shankar

Posted on Aug 25, 2021 | Updated on June 28, 2022 4 minutes

Pegasus Spyware Snoops On Political Figures Worldwide

An Israeli zero-click cyber-espionage software recently infected the Apple devices of journalists and politicians from around the world by exploiting three zero-day vulnerabilities. Read our analysis of these vulnerabilities.

Read More

Surojoy Gupta

Posted on Aug 19, 2021 | Updated on June 29, 2022 4 minutes

CSW Analysis: Accenture attacked by LockBit 2.0 Ransomware

On Aug 11, 2021, Accenture, a multinational IT Consulting and Services company, became the latest victim of LockBit 2.0 Ransomware. Our researchers investigated the vulnerabilities that LockBit exploits to compromise their targets and here is our analysis.

Read More

Sumeetha, Surojoy

Posted on Aug 11, 2021 3 minutes

Critical SolarWinds Serv-U FTP Flaw Exploited by New Chinese Threat Group

The US defense industrial base sector and many organizations from critical industries, such as software and healthcare, were recently affected by an unpatched critical remote code execution flaw in the Solarwinds Serv-U FTP server software that was exploited by a new Chinese threat group. What was the impact of the attack? Read our analysis to find out.

Read More

Surojoy Gupta

Posted on Aug 3, 2021 3 minutes

Indexsinas SMB Worm Exploits EternalBlue Vulnerabilities

Despite being patched four years ago, the self-propagating malware, Indexsinas SMB worm, exposes that Windows servers are still vulnerable to the infamous NSA EternalBlue exploits and can be used for crypto-mining. Here is our analysis of these vulnerabilities and their present exposure.

Read More

Surojoy Gupta

Posted on Jul 19, 2021 | Updated on Feb 8, 2022 3 minutes

Solarwind Attackers at It Again in Back-to-Back Campaigns

Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out CSW’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.

Read More

Priya Ravindran

Posted on Jul 14, 2021 3 minutes

New Threat Group Agrius Exploits Old Fortinet VPN Vulnerabilities

New APT Group Agrius is exploiting Fortinet’s vulnerabilities to attack their targets. Shodan results show 56000 target assets around the world that could be vulnerable to an attack. Check out our analysis for more information.

VPN
Read More

Surojoy, Priya

Posted on Jul 12, 2021 4 minutes

Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack

REvil's monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil’s historic supply-chain attack portend?

Read More

Surojoy Gupta

Posted on Jul 8, 2021 4 minutes

Back-to-back Air India Attacks indicating more than just a data breach?

The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.

Read More

Surojoy, Priya

Posted on Jul 7, 2021 3 minutes

Is Conti Ransomware on a roll?

The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.

Read More

Priya Ravindran

Posted on Jul 2, 2021 3 minutes

How to detect CVE-2021-34527?

CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.

Read More

Pavithra Shankar

Posted on Jun 30, 2021 3 minutes

Darkside Ransomware: Further Threat Associations Unearthed

Darkside Ransomware has added two more CVEs to its arsenal alongside two additional APT group associations. Check out our analysis and patch these vulnerabilities before they strike again!

Read More

Priya Ravindran

Posted on Jun 16, 2021 4 minutes

REvil Brings Down JBS - the World’s Largest Meat Packer

REvil Ransomware uses six vulnerabilities to target their victims and if these had been remediated and patched on priority, JBS - the world’s largest meat packer could have escaped this attack. CSW warned about these vulnerabilities in its Ransomware Spotlight Report published in February 2021.

Read More

Sumeetha Manikandan

Posted on Jun 11, 2021 | Updated on Apr 05, 2022 3 minutes

All About Qlocker

Researchers at Cyber Security Works (CSW) have been tracking Qlocker, a recently discovered ransomware family. This new strain began surfacing across QNAP devices in April 2021 exploiting CVE-2021-28799, a zero-day vulnerability.

Read More

Priya Ravindran

Posted on Jun 4, 2021 5 minutes

FiveHands Ransomware Analysis: Can a Risk-Based Approach Help Prevent Future Attacks?

Early this year, threat actors exploited a vulnerability (CVE-2021-20016) even before the vendor could publish it on the National Vulnerability Database (NVD) and attacked an organization and stole information.

Read More

Priya Ravindran

Posted on May 31, 2021 3 minutes

CVE-2021-21985: Patch this Trending VMware Vulnerability

On the 25th of May 2021, VMware published an advisory warning of two vulnerabilities - CVE-2021-21985 and CVE-2021-21986 - in their vCenter Server and Cloud Foundation products.

Read More

Priya Ravindran

Posted on May 18, 2021 3 minutes

Darkside: The Ransomware that brought a US pipeline to a halt

As of today our research has associated 260 vulnerabilities to ransomware. Remediating and patching these vulnerabilities on priority could have averted the Colonial Pipeline attack.

Read More

Sumeetha

Posted on May 4, 2021 3 minutes

NSA Validates CSW’s warning on two critical vulnerabilities

In May 2020, CSW warned the industry of two critical vulnerabilities in Pulse Secure VPN and Citrix’s Remote Desktop solution that could be used by Ransomware or APT groups. One year after our warning, NSA, FBI and CISA validated the same.

VPN
Read More

Sumeetha

Posted on Apr 26, 2021 3 minutes

Why 'Old is Gold' for Ransomware?

In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report

Read More

Sumeetha

Posted on Apr 16, 2021 7 minutes

All about Ryuk

Ryuk is a crypto-ransomware strain that encrypts access to a system, device or a file and demands ransom to release it. Ryuk is unleashed on target assets through malware, notably TrickBot and is used to gain access to a system through remote desktop services.

Read More

Pavithra Shankar

Posted on Mar 8, 2021 3 minutes

Cyber Women We Admire

This women’s day, we spoke to a few inspiring women executives who are breaking the myth and are soaring high. They are skilled, motivated, and talented and they come from different geographies, backgrounds but are united by their passion for cybersecurity. 

Read More

Sumeetha Manikandan

Posted on Mar 2, 2021 3 minutes

Google Trends: Most searched top 10 vulnerabilities in 2020

CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs.

Read More

Sumeetha

Posted on Feb 11, 2021 3 minutes

Sri Lankan Domain Attack: Exposed Credentials available in Dark Web for Eight Years!

Investigations on the Sri Lankan Domain attack reveal that threat actors could have used exposed credentials and vulnerabilities to breach and redirect the websites. These credentials have been exposed on the dark web for the past eight years!

Read More

Sumeetha

Posted on Jan 21, 2021 3 minutes

Could Google’s most searched Top 10 vulnerabilities in 2020 be key attack indicators?

2020 was a productive year for threat actors. With the world’s workforce working remotely while dealing with the pandemic, threat actors were busy weaponizing critical vulnerabilities that had a global impact. Many organizations fell prey to ransomware and sophisticated cyber attacks that allowed remote and privileged access to sensitive information.

Read More

Sumeetha

Posted on Jan 21, 2021 3 minutes

Eight Cybersecurity Predictions from CSW Security Experts

What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks? We asked our exclusive team of pentesting experts to predict the trends for us, and here is what they said.

Read More

Sindhuja Sreenivasan

Posted on Jan 11, 2021 3 minutes

Seven Predictions by Women Cyber Security Experts

What does 2021 have in store for cybersecurity? Will we take note of the lessons learned in 2020 and start taking security seriously? Will we see more cyberattacks?

Read More

Sindhuja

Posted on Jan 8, 2021 3 minutes

CSW Disclosed 4 Hardcoded Credentials on D-Link Products

Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.

Read More

Bhavithra

Posted on Dec 18, 2020 3 minutes

How to Detect SolarWinds Orion Product running on your network?

Popular scanners such as Tenable, Qualys and Nexpose are missing 48 vulnerabilities out of 102 vulnerabilities. To help 18000 customers who have been affected, CSW team has come up with a script that would help detect SolarWinds Orion Product running on your network.

Read More

Pavithra Shankar

Posted on Dec 16, 2020 3 minutes

CSW Analysis of SolarWinds: Top Scanners miss most of the vulnerabilities

The massive breach of SolarWinds Network Management product has compromised as many as 18,000 organizations outside of U.S Government entities, security agencies, defense entities. We took a closer look at the weaknesses that exist in other SolarWinds products and found that top scanners miss most of the vulnerabilities.

Read More

Sumeetha

Posted on Dec 15, 2020 5 minutes

Vulnerability Analysis: SolarWinds Orion Network Management

SolarWinds disclosed on Dec 13 that vulnerabilities in their network management tool Orion was used to mount attacks on FireEye and on several Government agencies. CSW analyzed Orion’s 15 Vulnerabilities and has found that CVE-2019-9546 – with a known critical Privilege Execution Exploit needs immediate remediation along with an upgrade to Orion Platform version 2020.2.1 HF.1.

Read More

Sumeetha

Posted on Dec 10, 2020 3 minutes

FireEye’s stolen Pentesting Tools & the vulnerabilities they target

CSW analyzed the vulnerabilities (impacted by FireEye’s stolen pentesting tools) and found that Chinese & Iranian APT Groups target them routinely. These CVEs are also favorite targets of Ransomware such as Ryuk, Maze, Netwalker.

Read More

Sumeetha

Posted on Dec 2, 2020 5 minutes

Fortinet’s 50,000 VPN Leak Highlights Lack of Cyber Hygiene

A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world. Check out CSW’s analysis and recommendations for this vulnerability.

VPN
Read More

Pavithra Shankar

Posted on Nov 27, 2020 3 minutes

How to detect CVE- 2020-24600?

A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi - Capexweb 1.1.

Read More

Bhavithra

Posted on Nov 6, 2020 | Updated on June 9, 2022 7 minutes

Top 25 Vulnerabilities Exploited by Chinese Sponsored Hackers

The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41. Know more about these vulnerabilities and patch them before you fall prey to a breach.

Read More

Pavithra Shankar

Posted on Nov 2, 2020 5 minutes

Ryuk raising the Temperature in Healthcare

Security Agencies CISA (Cybersecurity and Infrastructure Security Agency), FBI, and the Department of Health and Human Services (HHS) have issued a high alert joint security advisory to hospitals to take actions to secure themselves from Ryuk ransomware in particular.

Read More

Sumeetha

Posted on Oct 15, 2020 5 minutes

Cyber Hygiene: Ransomware is causing critical care disruption in hospitals

We analyzed three ransomware incidents (Ryuk, Revil & AKO) and found 16 CVEs associated with them. Incidentally, CSW warned about five of these CVEs in our cyber risk series way back in March 2020!

Read More

Sumeetha

Posted on Sep 29, 2020 3 minutes

Our warning in 2020 was ignored: Lack of Cyber Hygiene is amplifying Ransomware attacks and causing havoc

Ransomware campaigns are always on prowl for a path of least resistance to gain initial access and move laterally using well known vulnerabilities.

Read More

Sumeetha

Posted on Sep 21, 2020 2 minutes

How to detect vulnerability CVE-2020-24601?

Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.

Read More

Bhavithra

Posted on Sep 21, 2020 2 minutes

How to detect vulnerability CVE-2020-24602?

Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Bhavithra

Posted on Sep 21, 2020 2 minutes

How to detect Vulnerability CVE-2020-24604?

Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Bhavithra

Posted on Sep 3, 2020 3 minutes

How to detect the vulnerability CVE-2020-14723?

A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.

Read More

Bhavithra

Posted on Aug 30, 2020 2 minutes

India's Cybersecurity Policy: Disclosure of Data Breaches

Will the new national cybersecurity policy include a disclosure policy similar to what the west has?

Read More

Sumeetha

Posted on Aug 5, 2020 3 minutes

WastedLocker Ransomware Attack: Indicators of compromise (IOCs)

Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.

Read More

Sumeetha

Posted on Jul 28, 2020 5 minutes

How to detect CVE-2020-5902?

CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.

Read More

Sumeetha

Posted on Jul 19, 2020 3 minutes

How safe are Web Proxy?

Today, the reliance on applications such as web proxy, remote conferencing, VPNs, etc. are at an all-time high which is yet another reason for threat actors to work overtime to exploit vulnerabilities.

Read More

Sumeetha

Posted on Jul 19, 2020 3 minutes

How safe are Databases?

Cyber threat actors have been working hard during these pandemic times. Systems, infrastructure, and sensitive information that was hitherto viewed within the secure walls of one’s office is now being accessed through insecure connections and unsafe laptops from one’s home.

Read More

Sumeetha

Posted on Jul 19, 2020 5 minutes

How safe are Enterprise Data Storage Systems?

While Enterprise data storage systems are great to work with, they are also sitting ducks for threat attacks. Find out how?

Read More

Sumeetha

Posted on Jul 19, 2020 5 minutes

How safe are VPN solutions?

Travelex fell prey to a ransomware attack (on New Year’s Eve) because they failed to install a patch issued by their VPN - Pulse Secure. How safe are our VPNs? Let's find out.

Read More

Sumeetha

Posted on Jul 15, 2020 5 minutes

Atlassian’s new features and the Shift Left Revolution

All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?

Read More

Sumeetha

Posted on Jul 14, 2020 7 minutes

How safe are online conferences?

With the recent breaches in Zoom application and increasing instances of ‘zoombombing’ and data theft, a definitive study of popular online video conferencing tools was needed. Take a read.

Read More

Sumeetha

Posted on Jul 14, 2020 5 minutes

How safe are your Tech Stacks?

This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. How safe is your tech stack? Let's take a look.

Read More

Team CSW