Blog Entries

28. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 28 – New Vulnerabilities Added To The KEV

On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains the vulnerabilities that are most likely to be used in attacks. Organizations should monitor and review it periodically and prioritize their patching efforts based on it. We…

Read More
11. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity installation, including unauthenticated RCE (remote code execution). CVE…

Read More
16. 11. 2023 Beatrice Dall'Omo Red Team, SEC4U

Don’t Do Without EPSS: Vulnerability Prioritization

During a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors related to available resources and time, company assets, severity, compatibility with fix methodologies, and others.  There is no…

Read More
13. 06. 2023 Beatrice Dall'Omo Red Team, SEC4U

What We Know about the MOVEit Transfer 0-day

0-day vulnerabilities are predicted to grow more and more, posing new threats for the cybersecurity. It’s hard to predict them and when their exploit occurs, since developers and vendors are unaware of the flaw until they are actually exploited. Hence, there is no ready patch available for a 0-day vulnerability. MOVEit Transfer 0-day On May…

Read More
02. 01. 2023 Beatrice Dall'Omo Red Team, SEC4U

Focus on the noPac Attack

In December 2021 Microsoft revealed two vulnerabilities concerning an Active Directory Domain Services privilege elevation, classified as CVE-2021-42278 and CVE-2021-42287. By combining the two exploits in the so-called noPac attack, a malicious actor could perform a privilege escalation by impersonating the Domain Administrator after starting out as a standard user. This would lead to a…

Read More
14. 06. 2022 Mirko Ioris Red Team, SEC4U

How People Reacted to Follina, the New 0-day

Zero-day vulnerabilities pose a serious threat in the field of cybersecurity. These flaws are usually discovered and exploited by criminals before security researchers even know of their existence. Because of this, we call them 0-day. It indicates the amount of time the “good people” have had to study and solve the problem. So if this…

Read More
29. 01. 2018 Roberto Palmarin Log-SIEM, NetEye

From Software Inventory to Vulnerabilities!

Now that your company has invested time and resources in gathering information about your entire installed base of software and equipment, how can we analyze and measure its level of security protection?  Can we identify the vulnerabilities in your company’s software?  Can we create a scoring function that measures security and how it changes over…

Read More

Archive