Blog

Context On June 28, 2022, Palo Alto Unit 42 researchers reported technical details and a proof of concept (PoC) exploit code for CVE-2022-30137, which they have designated FabricScape. CVE-2022-30137 is rated at 6.7 or medium severity, and affects Microsoft Service Fabric. Service Fabric is commonly used with Azure and hosts over one million applications daily. Microsoft released a patch…

Summary The Common Weakness Enumeration (CEV) organization has released their 2022 Top 25 Most Dangerous Software Weaknesses list. This list demonstrates the most common and impactful software weaknesses occurring during the year of 2022. To create the list, the CWE Team leveraged Common Vulnerabilities and Exposures (CVE) data found within the National Institute of Standards and Technology (NIST) National Vulnerability…

A vulnerability is a flaw or weakness in a system that, if exploited, would allow a user to gain unauthorized access to conduct an attack. Vulnerabilities can exist within applications, operating systems, software, hardware, or anywhere else in your network. They can  result from a misconfiguration in a security setting, an organizational policy that falls…

Context On June 24, 2022, AhnLab Security Emergency response Center (ASEC) researchers reported the technical details of an ongoing phishing campaign that uses malicious files disguised as copyright claim documents to deliver the LockBit ransomware. The use of copyright claims as a theme is an ongoing trend in ransomware phishing campaigns observed in the wild….

Vulnerability management is the process of identifying, prioritizing, remediating, and reporting on vulnerabilities to proactively reduce your cyber risk. As organizations transition to the cloud, and the number of open-source libraries increases, vulnerability management gets more and more difficult. In 2021, there were more than 20,000 CVEs (common vulnerabilities and exposures) reported, a 212% increase…

A vulnerability is a flaw or weakness in a system that, if exploited, would allow a user to gain unauthorized access to conduct an attack. Vulnerability management is the process of identifying, prioritizing, remediating, and reporting on vulnerabilities to proactively reduce your cyber risk. Because new vulnerabilities are constantly being introduced, vulnerability management is not…

Businesses interested in scaling up operations are turning to hybrid cloud environments as a cost-effective solution. Hybrid clouds provide the best of both worlds, allowing companies to expand their network without investing in additional, costly on-premises servers that must be maintained. While there are a number of benefits to a hybrid cloud environment, it is,…

Context On June 9, 2022, SentinelLabs disclosed technical details of a new Chinese-speaking cyberespionage group designated Aoqin Dragon. According to researchers at SentinelLabs, the group has been operating a cyberespionage campaign against government, education, and telecommunication organizations in Southeast Asia and Australia from at least 2013 to the present. SentinelLabs researchers also assessed with moderate…

In a recent report, Gartner states that “through 2022, at least 95 percent of cloud security failures will be the customer’s fault.” So much for shared responsibility! The reality is that the public cloud providers are only responsible for the infrastructure required to host the cloud, while the consumer remains responsible for the data, applications,…

Context On the evening of June 7, 2022, the United States National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) released a joint advisory detailing the tactics, techniques, and procedures (TTPs) used by unspecified Chinese state-backed threat actors to target unspecified telecommunication and network service organizations…