Tag: Vulnerability

CVE-2022-40684 Detection: A Critical Fortinet Authentication Bypass Vulnerability Exploited in the Wild
CVE-2022-40684 Detection: A Critical Fortinet Authentication Bypass Vulnerability Exploited in the Wild

Heads up! A new critical vulnerability is on the radar. Fortinet has recently disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to Fortinet’s customers leveraging vulnerable product instances. Detect CVE-2022-40684 Exploitation Attempts In view of […]

Read More
BlackByte Ransomware Detection: Threat Actors Exploit CVE-2019-16098 Vulnerability in RTCore64.sys Driver to Bypass EDR Protection
BlackByte Ransomware Detection: Threat Actors Exploit CVE-2019-16098 Vulnerability in RTCore64.sys Driver to Bypass EDR Protection

BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]

Read More
ProxyNotShell: Detecting CVE-2022-41040 and CVE-2022-41082, Novel Microsoft Exchange Zero-Day Vulnerabilities Actively Exploited in the Wild
ProxyNotShell: Detecting CVE-2022-41040 and CVE-2022-41082, Novel Microsoft Exchange Zero-Day Vulnerabilities Actively Exploited in the Wild

Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]

Read More
Top Challenges for MSSPs and MDRs and How to Overcome Them
Top Challenges for MSSPs and MDRs and How to Overcome Them

Some things never grow old. In the world of security providers, there will always be a lack of professionals, time, and real-deal vendors, while you will always face an abundance of risks, complexity, and cost pressure. However, there are some less obvious challenges that impede the growth and scalability of your MSSP or MDR. Let’s […]

Read More
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001

What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers don’t break in, they won’t be able to take their kill chain to another level.  Earlier this year, Microsoft paid $13.7 million in bug […]

Read More
CVE-2022-32548 Detection: Critical RCE Vulnerability Affects DrayTek’s Flagship Models
CVE-2022-32548 Detection: Critical RCE Vulnerability Affects DrayTek’s Flagship Models

Researchers revealed a critical security hole in 29 models of DrayTek Vigor routers, totaling more than 700,000 devices currently in use. DrayTek Vigor routers gained popularity during the worldwide shift to home offices during the pandemic and are mostly used by employees of small and medium-sized businesses in the UK, Netherlands, Vietnam, Taiwan, and Australia. […]

Read More
KNOTWEED Activity Detection: CVE-2022-22047 Vulnerability and Multiple Windows & Adobe Zero-Day Exploitation by the European Private-Sector Offensive Actor (PSOA)
KNOTWEED Activity Detection: CVE-2022-22047 Vulnerability and Multiple Windows & Adobe Zero-Day Exploitation by the European Private-Sector Offensive Actor (PSOA)

On July 27, 2022, Microsoft cybersecurity researchers published a notice observing the recently revealed malicious activity of the European private-sector offensive actor (PSOA) tracked as KNOTWEED, which leverages a set of Windows and Adobe zero-day exploits, including the newly patched CVE-2022-22047 vulnerability. According to the research, threat actors launch targeted cyber-attacks against organizations in Europe […]

Read More
CVE-2022-32223 Detection: New Vulnerability in Node.js
CVE-2022-32223 Detection: New Vulnerability in Node.js

Researchers discovered that Node.js, an open source server environment, is susceptible to dynamic link library (DLL) hijacking if OpenSSL is installed on the target. The affected versions include all of the 16.x, and 14.x releases lines. Detect CVE-2022-32223 To timely identify possible system breaches through the exploitation of the CVE-2022-32223 flaw, download a Sigma rule […]

Read More
CVE-2022-28219 Detection: Critical RCE Vulnerability in Zoho ManageEngine ADAudit Plus
CVE-2022-28219 Detection: Critical RCE Vulnerability in Zoho ManageEngine ADAudit Plus

Zoho’s ManageEngine operates cost-effective network management frameworks leveraged by over 40,000 enterprises worldwide. Due to the software popularity and its wide use across the globe, cyber threats detected in Zoho’s products could have a severe impact on thousands of compromised businesses, which earlier happened with the critical zero-day vulnerability in ManageEngine Desktop Central products.  On […]

Read More
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability

The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]

Read More