Tag: Vulnerability

CVE-2022-41622 and CVE-2022-41800 Exploit Detection: RCE Vulnerabilities in F5 BIG-IP and BIG-IQ Products

F5 Networks has recently released security advisories addressing two high-severity flaws discovered in the company’s BIG-IP and BIG-IQ products in August 2022. In late spring 2022, the company was exposed to similar security risks facing a set of in-the-wild exploitation attempts of the CVE-2022-1388 vulnerability in iControl REST, which allowed threat actors to perform remote […]

Read More
CVE-2022-3602 & CVE-2022-3786
CVE-2022-3602 & CVE-2022-3786: New High-Severity OpenSSL Vulnerabilities 

Due to a constantly evolving number of vulnerabilities affecting open-source software products, proactive detection of vulnerability exploitation remains one of the most common security use cases according to the latest SOC Prime’s Detection as Code Innovation report. At the turn of November 2022, a couple of new vulnerabilities in the OpenSSL software library identified as […]

Read More
Detect CVE-2021-39144: Critical Remote Code Execution Vulnerability in VMware Cloud Foundation via XStream Open Source Library

Another day, another exploit emerges in the wild to cause a headache for security practitioners. VMware warns of a public exploit code available for a recently-patched critical remote code execution (RCE) vulnerability (CVE-2021-39144) in VMware Cloud Foundation and NSX Manager. Leveraging this flaw, unauthenticated threat actors might execute the malicious code with the highest system […]

Read More
Detecting Text4Shell (CVE-2022-42889), Critical RCE in Apache Commons Text

Threat actors don’t sleep, and cyber defenders cannot sleep a wink either to keep up with emerging threats. In 2022, a wave of critical “shell” vulnerabilities has been flooding the cyber threat arena, starting with the loud appearance of Log4Shell at the turn of the year, followed by Spring4Shell in March, then ProxyNotShell just one […]

Read More
CVE-2022-40684 Detection
CVE-2022-40684 Detection: A Critical Fortinet Authentication Bypass Vulnerability Exploited in the Wild

Heads up! A new critical vulnerability is on the radar. Fortinet has recently disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to Fortinet’s customers leveraging vulnerable product instances. Detect CVE-2022-40684 Exploitation Attempts In view of […]

Read More
BlackByte ransomware disabling EDR protection
BlackByte Ransomware Detection: Threat Actors Exploit CVE-2019-16098 Vulnerability in RTCore64.sys Driver to Bypass EDR Protection

BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]

Read More
ProxyNotShell: Detecting CVE-2022-41040 and CVE-2022-41082, Novel Microsoft Exchange Zero-Day Vulnerabilities Actively Exploited in the Wild

Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]

Read More
Top MSSP and MDR Challenges
Top Challenges for MSSPs and MDRs and How to Overcome Them

Some things never grow old. In the world of security providers, there will always be a lack of professionals, time, and real-deal vendors, while you will always face an abundance of risks, complexity, and cost pressure. However, there are some less obvious challenges that impede the growth and scalability of your MSSP or MDR. Let’s […]

Read More
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001

What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers don’t break in, they won’t be able to take their kill chain to another level.  Earlier this year, Microsoft paid $13.7 million in bug […]

Read More
CVE-2022-32548 Detection: Critical RCE Vulnerability Affects DrayTek’s Flagship Models

Researchers revealed a critical security hole in 29 models of DrayTek Vigor routers, totaling more than 700,000 devices currently in use. DrayTek Vigor routers gained popularity during the worldwide shift to home offices during the pandemic and are mostly used by employees of small and medium-sized businesses in the UK, Netherlands, Vietnam, Taiwan, and Australia. […]

Read More