Download Ransomware Index Update Q1 2022

Advisory Blogs

Read about the latest news and updates from the cybersecurity ecosystem.

Posted on Feb 7, 2022 4 minutes

Rootkit Attacks: Start to a Dangerous Trend?

iLOBleed, a previously undetected rootkit, was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. Could this portend a dangerous trend? Read our analysis to find out.

Read More

Surojoy Gupta

Posted on Jan 25, 2022 2 minutes

CSW Discovers a XSS Vulnerability in WordPress Post Duplicator Plugin

Cyber Security Works discovered and reported a Stored Cross-Site Scripting vulnerability in WordPress Post Duplicator Plugin that allows an authenticated attacker to inject a JavaScript payload into a trusted URL.

Read More

Pavithra Shankar

Posted on Nov 15, 2021 | Updated on May 25, 2022 5 minutes

20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations

A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.

Read More

Surojoy Gupta

Posted on Oct 6, 2021 3 minutes

CSW Discovers Stored Cross-Site Scripting (XSS) Zero-Day Vulnerability in WordPress Plugin

On September 1, 2021, CSW researchers discovered a Cross-Site Scripting (XSS) zero-day vulnerability in Zoho CRM Lead Magnet Version 1.7.2.4. Read on to find out more about the vulnerability.

Read More

Surojoy Gupta

Posted on Jan 8, 2021 3 minutes

CSW Disclosed 4 Hardcoded Credentials on D-Link Products

Asset and lifecycle management are complex initiatives that organizations should keep pace with as products reach the end of life (EOL) or end of support (EOS) and become obsolete. This obsolescence gives rise to security vulnerabilities that could be exploited by threat actors.

Read More

Bhavithra

Posted on Nov 27, 2020 3 minutes

How to detect CVE- 2020-24600?

A new zero-day vulnerability, CVE-2020-24600, was discovered by Cyber Security Works in Shilpi - Capexweb 1.1.

Read More

Bhavithra

Posted on Sep 21, 2020 2 minutes

How to detect vulnerability CVE-2020-24601?

Cyber Security Works has discovered a new zero-day vulnerability, CVE-2020-24601 in Ignite Realtime Openfire 4.5.1.

Read More

Bhavithra

Posted on Sep 21, 2020 2 minutes

How to detect vulnerability CVE-2020-24602?

Cyber Security Works discovered a new zero-day vulnerability, CVE-2020-24602 in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Bhavithra

Posted on Sep 21, 2020 2 minutes

How to detect Vulnerability CVE-2020-24604?

Cyber Security Works discovered a reflected XSS vulnerability, CVE-2020-24604, in Ignite Realtime Openfire 4.5.1. Openfire (formerly Wildfire).

Read More

Bhavithra

Posted on Sep 3, 2020 3 minutes

How to detect the vulnerability CVE-2020-14723?

A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.

Read More

Bhavithra

Posted on Jul 28, 2020 5 minutes

How to detect CVE-2020-5902?

CVE-2020-5902 is a critical remote code vulnerability that was discovered in the F5 Networks Big-IP administrative interface. From discovery to mitigation, see how things unfolded and check out CSW’s script to detect this vulnerability in Big-IP products.

Read More

Sumeetha