Posted on Sep 23, 2022 3 minutes
Cyberwar Bulletin: Iran and Albania
As the world still reels under the impact of the Ukraine-Russia cyberwar, yet another Cyberwar has started between Iran and Albania. CSW experts provide insights into Iranian threats that organizations need to watch out for.
Priya Ravindran
Posted on Aug 18, 2022 7 minutes
How Safe Is Your VPN?
Did you know hackers can exploit 125 weaponized vulnerabilities in VPN products to attack their targets? CSW analysts deep dive into exposures in VPNs that could compromise organizational networks.
Priya Ravindran
Posted on Jul 6, 2022 5 minutes
43 Weaponized CVEs in Healthcare Products Threaten Patient Care
CSW researchers investigated 56 vendors and 846 healthcare products, and identified 624 vulnerabilities across them. Read to know more about our findings.
Priya Ravindran, Surojoy Gupta
Posted on Jul 6, 2022 3 minutes
Are you using MITEL’s VoIP systems? Watch out for CVE-2022-29499
A zero-day vulnerability in Mitel VOIP appliances, CVE-2022-29499, is being widely exploited in the wild with continued likelihood of exploitation, according to our researchers. Patch the vulnerability without further delay.
Supriya Aluri
Posted on Jun 17, 2022 3 minute
CVE-2022-26134: A New RCE Atlassian Bug Exploited by Ransomware Gangs
Atlassian zero-day vulnerability that has been exploited in the wild is tagged as CVE-2022-26134. This is a critical unauthenticated, remote code execution vulnerability that affects all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.
Prakash Ram
Posted on Jun 3, 2022 | Updated on Aug 04, 2022 3 minutes
Follina: The No Patch Microsoft Office 0-Day Bug [CVE-2022-30190] Springs in Wild
An unpatched vulnerability tracked as CVE-2022-30190 (aka Follina) in the remote Word template feature enables adversaries to execute malicious code on targeted systems of Microsoft Office. TA413, a Chinese state-sponsored threat actor, is now found to be exploiting the Follina Zero-day vulnerability to use it against the International Tibetan community.
Pavithra Shankar
Posted on Jun 3, 2022 3 minutes
The History Repeating Windows SpoolFool (CVE-2022-21999) Vulnerability, Patch Now
On February 08, 2022, Microsoft published updates for CVE-2022-21999 as part of its Patch Tuesday program. This vulnerability affects the Windows Print Spooler service and is a workaround for CVE-2022-1030 fixes.
Abhinand Santhosh Kumar, Saravanan Ganesan
Posted on Apr 14, 2022 5 minutes
CSW’s AI-based insights into APT groups and their arsenal
CSW's AI-based vulnerability and threat intelligence delves deep into the vulnerabilities exploited by APT groups
Priya Ravindran
Posted on Mar 31, 2022 | Updated on Apr 26, 2022 3 minutes
Spring4Shell (CVE-2022-22965): Are you vulnerable to this Zero Day?
A zero-day RCE vulnerability in Java Spring Core library is predicted to be the next Log4j. Are you prepared for the impending Spring4Shell threat?
Priya Ravindran
Posted on Mar 16, 2022 5 minutes
Cyberwar Bulletin 2: Are you ready for this cyberwar?
This bulletin covers CSW's research on the cyberwar, in particular the ransomware and malware threats that are spawning out of the Russia-Ukraine conflict.
Sumeetha Manikandan, Priya Ravindran
Posted on Mar 4, 2022 | Updated on Mar 10, 2022 5 minutes
Cyberwar Bulletin 1: Russia & Ukraine
CSW's analysis of the threat groups and tools playing a role as threats in this cyber war between Russia and Ukraine
Sumeetha Manikandan, Priya Ravindran
Posted on Jan 28, 2022 2 minutes
Patch Now: Vmware Fixed CVE-2021-22045 Heap-Overflow Vulnerability
VMware has published security fixes for its Workstation, Fusion, and ESXi products to address a heap-overflow vulnerability identified as CVE-2021-22045.
Pavithra Shankar
Posted on Jan 12, 2022 3 minutes
Apache Fixes Two Critical HTTP Server Flaws
The Apache Software Foundation has published a new version 2.4.52 of the Apache HTTP Server to fix two vulnerabilities in one of the world's most popular web servers - one of which is rated as high, and the other as critical.
Pavithra Shankar
Posted on Jan 7, 2022 2 minutes
CSW Discovers a Stored Cross-Site Scripting Vulnerability in WordPress Customize Login Image
Cyber Security Works has discovered a new zero-day (Stored Cross-Site Scripting) vulnerability, CVE-2021-33851 in WordPress Customize Login Image.
Pavithra Shankar
Posted on Dec 27, 2021 3 minutes
Patch Now: Two Microsoft Active Directory Bugs Chained to Takeover Windows Domain
Two Active Directory bugs with vulnerability-chaining capabilities can allow attackers to impersonate regular domain users in order to gain privileges and get Windows domain access in unpatched Microsoft Windows Active Directory. Read on to find out more about these vulnerabilities and how to detect them.
Surojoy Gupta
Posted on Dec 24, 2021 3 minutes
Zoho: CISA and FBI Issues Alert for New Zero-Day Vulnerability (CVE-2021-44077), Patch Now!
An APT group is using CVE-2021-44077 and CVE-2021-44515 in Zoho ManageEngine ServiceDesk Plus and Desktop Central Servers to compromise businesses in a range of industries, including military and technology.
Pavithra Shankar
Posted on Dec 17, 2021 3 minutes
Palo Alto Networks’ Firewalls Are Vulnerable to CVE-2021-3064. Upgrade Now!
A zero-day vulnerability has been discovered in Palo Alto Networks GlobalProtect VPN that unauthenticated attackers can exploit to execute arbitrary commands on affected devices with root privileges.
Pavithra Shankar
Posted on Nov 30, 2021 3 minutes
CSW Discovers its 50th Zero Day Vulnerability in WordPress Microsoft Clarity Plugin
Cyber Security Works has discovered a new zero-day (Cross-Site Scripting) vulnerability, CVE-2021-33850 in WordPress Microsoft Clarity.
Pavithra Shankar
Posted on Nov 12, 2021 3 minutes
Patch Urgently - Microsoft OMIGOD Vulnerabilities Are Under Active Exploitation!
Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.
Pavithra Shankar
Posted on Oct 26, 2021 | Updated on Aug 23, 2022 3 minutes
Security Management: CVE-2021-36260, Patch this Hikvision Vulnerability.
The video surveillance giant Hikvision disclosed a zero-click vulnerability tracked as CVE-2021-36260, which has existed from at least 2016, according to researchers. The vulnerability that exists in Hikvision camera models is highly susceptible to remote hijacking without requiring a username or password.
Pavithra Shankar
Posted on Oct 8, 2021 3 minutes
CVE-2021-41773 & CVE-2021-42013: Apache Web Servers are Vulnerable, Patch Now!
On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49—a widely used open-source, cross-platform web server for Unix and Windows.
Pavithra Shankar
Posted on Oct 5, 2021 3 minutes
CISA & FBI : Zoho Flaws Being Actively Exploited, Patch Now
The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.
Pavithra Shankar
Posted on Sep 29, 2021 3 minutes
A 15-year old Vulnerability Exposes Linux to Privilege Escalation Attacks
A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability’s characteristics and the impact it can have.
Surojoy Gupta
Posted on Sep 28, 2021 | Updated on Mar 23, 2022 4 minutes
Critical OpenSSL Vulnerabilities affecting Linux and NAS devices
Two OpenSSL vulnerabilities, one remote code execution, and a denial-of-service were discovered by network-attached storage device manufacturers, Synology and QNAP. The fear of a ransomware attack leveraging the vulnerabilities still remains high. Here is our analysis of the vulnerabilities.
Surojoy Gupta
Posted on Sep 27, 2021 4 minutes
Critical VMware Vulnerability: Patch CVE-2021-22005 Now!
On September 21, 2021, VMware published an advisory warning of nineteen vulnerabilities in their vCenter Server. Of the nineteen vulnerabilities, one CVE stands out as being extremely critical and potential to be exploited by ransomware—CVE-2021-22005.
Surojoy Gupta
Posted on Sep 11, 2021 5 minutes
CVE-2021-26084: Patch the Confluence Servers Now!
The United States Cyber Command and Cybersecurity Infrastructure Security Agency (CISA) rang the warning bells for companies to patch a critical vulnerability (CVE-2021-26084) in the Atlassian Confluence Server and Data Center. Here is our analysis about this vulnerability.
Pavithra Shankar
Posted on Aug 11, 2021 3 minutes
Critical SolarWinds Serv-U FTP Flaw Exploited by New Chinese Threat Group
The US defense industrial base sector and many organizations from critical industries, such as software and healthcare, were recently affected by an unpatched critical remote code execution flaw in the Solarwinds Serv-U FTP server software that was exploited by a new Chinese threat group. What was the impact of the attack? Read our analysis to find out.
Surojoy Gupta
Posted on Aug 3, 2021 3 minutes
Indexsinas SMB Worm Exploits EternalBlue Vulnerabilities
Despite being patched four years ago, the self-propagating malware, Indexsinas SMB worm, exposes that Windows servers are still vulnerable to the infamous NSA EternalBlue exploits and can be used for crypto-mining. Here is our analysis of these vulnerabilities and their present exposure.
Surojoy Gupta
Posted on Jul 19, 2021 | Updated on Feb 8, 2022 3 minutes
Solarwind Attackers at It Again in Back-to-Back Campaigns
Nobelium, the APT group behind the infamous SolarWinds attack, has resurfaced in two recent campaigns against US-based IT companies and government organizations. Check out CSW’s analysis about 18 vulnerabilities used by the group to exploit and infiltrate their targets.
Priya Ravindran
.png)
Posted on Jul 14, 2021 3 minutes
New Threat Group Agrius Exploits Old Fortinet VPN Vulnerabilities
New APT Group Agrius is exploiting Fortinet’s vulnerabilities to attack their targets. Shodan results show 56000 target assets around the world that could be vulnerable to an attack. Check out our analysis for more information.
Surojoy, Priya
Posted on Jul 8, 2021 4 minutes
Back-to-back Air India Attacks indicating more than just a data breach?
The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.
Surojoy, Priya
Posted on Jul 2, 2021 3 minutes
How to detect CVE-2021-34527?
CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.
Pavithra Shankar
Posted on May 31, 2021 3 minutes
CVE-2021-21985: Patch this Trending VMware Vulnerability
On the 25th of May 2021, VMware published an advisory warning of two vulnerabilities - CVE-2021-21985 and CVE-2021-21986 - in their vCenter Server and Cloud Foundation products.
Priya Ravindran
Posted on Mar 2, 2021 3 minutes
Google Trends: Most searched top 10 vulnerabilities in 2020
CSW experts compiled the list of vulnerabilities that were highly searched in Google and came up with top 10 CVEs.
Sumeetha
Posted on Dec 2, 2020 5 minutes
Fortinet’s 50,000 VPN Leak Highlights Lack of Cyber Hygiene
A threat hacker group named “Pumpedkicks” has leaked credentials for 50,000 Fortinet VPN devices that impact 140 countries around the world. Check out CSW’s analysis and recommendations for this vulnerability.
Pavithra Shankar
Posted on Nov 6, 2020 | Updated on June 9, 2022 7 minutes
Top 25 Vulnerabilities Exploited by Chinese Sponsored Hackers
The National Security Agency listed 25 vulnerabilities that are being targeted by Chinese state sponsored cyber attackers popularly known as APT41. Know more about these vulnerabilities and patch them before you fall prey to a breach.
Pavithra Shankar
Posted on Aug 5, 2020 3 minutes
WastedLocker Ransomware Attack: Indicators of compromise (IOCs)
Evil Corp used compromised legitimate websites to deliver ransomware in Garmin’s environment. The attack caused a 5-day outage for their product users. CSW Analysts have put together a list of domains, hashes, IOCs that have been compromised. Download the list to update your IPS/IDS and avoid being attacked.
Sumeetha
Posted on Jul 15, 2020 5 minutes
Atlassian’s new features and the Shift Left Revolution
All scanners list out security vulnerabilities but does the developer know what to fix first and how to go about it?
Sumeetha
