X-Industry

Intelligence agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.  The Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which Proof-of-Concept (PoC) exploit code exists publicly.

“Malicious cyber actors generally have the most success exploiting known vulnerabi

A vulnerability has been discovered in Adobe ColdFusion which could allow for arbitrary code execution.  Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications.  Successful exploitation of this vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts w

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.  Google Chrome is a web browser used to access the internet.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full us

Vulnerability management comprises the entirety of workflows geared toward maintaining an up-to-date inventory of a company's digital assets, checking them for imperfections, and addressing the detected security loopholes.  It revolves around the principle of monitoring and hardening the security condition of a corporate IT infrastructure continuously to ensure proactive defenses against different forms of exploitation.

There is a difference between the use of garden-variety vulnerability scanne

Our friends at the State of NJ, NJCCIC has provided a valuable alert - Vulnerable VMware ESXi Servers Targeted in Ransomware Attacks.  

Ransomware groups are actively exploiting a 2-year-old heap-overflow vulnerability, CVE-2021-21974 (CVSS v3.1 8.8), affecting OpenSLP used in VMware ESXi servers for versions 6.x and prior to 6.7, though threat actors may be leveraging other vulnerabilities or attack vectors, as earlier builds of ESXi appear to have also been compromised.  European cybersecurity

Cyber threats are an all too common danger for companies in all critical infrastructure sectors.  Historically, the threat of cyber-attack was thought to be largest against financial institutions, retail chains, and the medical sector.  However, as manufacturing has become more reliant on data and technology, the threat of cyber-attacks on the industry has grown.  This especially true for critical manfacturing, like aviation and the defense industrial base (DIB), but true for any manfacturing. 

GPS, or Global Positioning Systems, have become a staple of our lives – especially in the transportation sector.  Whether you are broadcasting your location for a rideshare or trying to find the quickest way to avoid traffic on your commute it seems that paper maps and printed directions have become a thing of the past.  It comes as no surprise that the more we rely on interconnected devices the more susceptible to cyber attacks we become.   This is exemplified through the Cybersecurity & Infras

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.   

Link to full report: IR-22-139-001_IntelSummary139.pdf

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.   

Link to full report: IR-22-097-001_IntelSummary097.pdf

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions. 

Link to full report: IR-22-083-001_IntelSummary083.pdf

Our Red Sky Alliance research predictions for 2021 are not necessarily in any order of importance yet presented as what we believe are the most important.

Ransomware…Ransomware… Ransomware

2020 saw a dramatic rise in ransomware activity.  While it is difficult to predict specifically what ransomware authors will do next, it can be expected that they will continue to do what has worked well for them in the past if it continues as profitable.  Ransomware ‘payment’ amounts saw a 217% rise in 2020 f