CVE-2023-50164: Apache Struts Path Traversal Vulnerability
Threat actors began attempting to exploit CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework […]
CVE-2023-36553: Command Injection Vulnerability in FortiSIEM
Fortinet, a major cybersecurity company, recently published an advisory regarding a critical vulnerability affecting its FortiSIEM Report Server. Background: The […]
Critical Vulnerability Patched in SAP Business One Product
SAP, a well-known commercial software provider, has disclosed three new vulnerabilities in its Security Patch Day release for November 2023. […]
Exploitation of Apache ActiveMQ Vulnerability CVE-2023-46604
Rapid7 Managed Detection and Response (MDR) found potential exploitation of Apache ActiveMQ CVE-2023-46604 in two distinct customer scenarios on Friday, […]
CVE-2023-4966 (Citrix Bleed) Active Exploitation
Citrix published a security bulletin on October 10, 2023, regarding a vulnerability (CVE-2023-4966) that affects the NetScaler ADC and NetScaler […]
CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
BIG-IP, a comprehensive portfolio of hardware platforms and software solutions from F5 Networks, focuses on security, dependability, and performance. These […]
Leveraging DETT&CT Framework
Building detection is a difficult task, particularly with an increasing number of data sources. It might be challenging for detection […]
A Sneaky Cross-Platform Threat Targeting Redis Server: P2PInfect Worm
Unit 42 cloud researchers discovered a new peer-to-peer (P2P) worm on July 11, 2023, which they have named P2PInfect. Background: […]
Alert Advisory: Analysis of the Microsoft Storm-0558 SaaS Breach
The operators of Storm-0558 stole a Microsoft account (MSA) consumer signing key to forge tokens for Azure Active Directory (AD) […]
Threat Hunting Unauthorized RDP Post-Exploitation
Users of Microsoft Windows systems can access a remote desktop on systems remotely to administer one or more workstations and/or […]
How SBOM Plays a Key Role in CSOC
In general, 75% of codebases use open-source software, according to the 2021 Open Source Security and Risk Study report. Costs […]
Rise in ICS Vulnerabilities
Due to concerns about interoperability, high uptime requirements, and occasionally the age of devices, patching vulnerabilities in industrial contexts has […]
CVE-2023-23397 – Critical Outlook Vulnerability
On March 14th, 2023, Microsoft released patches for approximately 80 newly found security vulnerabilities. There were two zero-day attacks among […]
Managed 24×7 Cyber Threat Detection and Response in OT/ICS
Industrial Control Systems (ICS) and Operational Technology (OT) play a critical role in the functioning of essential industries such as […]
Emotet Epoch 5
The notorious Emotet malware has returned with a new tactic to evade macro-based security restrictions and infect systems. This time, […]
Detecting Rogue Devices on Enterprise Network
Organizations rely on wired networks in today’s hyperconnected environment to link devices and facilitate internal communication. However, it has become […]
Protecting VMWare ESXi Hypervisors from Ransomware
One of the top platforms in the virtualization sector is VMware. Organizations can more effectively use the computing power of […]
Wi-Fi Security – Monitoring Hacking Attempts
Wired Ethernet is no longer the best option for many enterprises. The preferred network access technology for users and endpoints […]
2022 is Over But What Did We Learn From Our Work
Throughout the year, numerous new incidents and rising threats were unveiled to the horror of many. In 2022, the world […]
Why Threat Actors are Now using Rust to Develop New Ransomware?
Rust, a relatively new programming language, was introduced in 2015 and has since gained popularity for its pleasant developer experience […]
Methods to Perform Encrypted Traffic Analysis (ETA)
In addition to considerably enhancing security and user privacy, the introduction of network traffic encryption, such as TLS, has also […]
Why Compromise Assessment Should Be a Part of Your Threat Detection and Response Ecosystem
A typical compromise assessment plan uses specialized software and scripts combined with forensic data to find compromises or problems that […]
WIP19 APT Targeting Organizations in Middle East
With signed malware, a new cyberespionage group has been hitting telecom companies and IT, service providers. The group, known as […]
Using Steganography to Hide Malware – Witchetty APT Case Study
Steganography has been used in the real world on the Windows and macOS operating systems. Attackers have been detected to […]