Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On Tuesday, November 8, 2022, VMware disclosed three critical-severity vulnerabilities impacting VMware Workspace ONE Assist Server versions 21.x and 22.x. If successfully exploited, the reported vulnerabilities could lead to a threat actor obtaining administrative access to the application without the need to authenticate.

On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass (CVE-2022-27516) vulnerability affecting several versions of Citrix ADC and Citrix Gateway. This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances as Citrix-managed cloud services are not affected. A threat actor could leverage these vulnerabilities in specific circumstances.

On November 8, 2022, Microsoft published their November 2022 Security Update and patched six actively exploited vulnerabilities. The vulnerabilities impact Windows and Exchange Server.

Cloud adoption is vastly increasing. Right now, 9o% of businesses are using or plan to use a multi-cloud environment. While the cloud, which refers to internet-accessed servers that are not directly managed by the business, can help organizations scale in a cost-effective manner, they also create new cybersecurity risks.

We’ve made it through spooky season once again, but there is still plenty of scary business unfolding in the world of cybersecurity. October offered several useful cautionary tales for organizations, including a company that took fast action and averted a threat, one that overlooked a security gap for far too long, another that offered a crucial reminder about improper conduct, and one more that … well, we’re not quite sure what the heck happened with that one.

On October 25, 2022, the OpenSSL project announced the existence of a critical vulnerability in the OpenSSL library affecting OpenSSL versions 3.0.0 and above, as well as any application with an embedded, impacted OpenSSL library. This announcement did not include any details on what this vulnerability is or how it can be exploited. On November 1, 2022, a cryptographic library used for encrypting communications in a wide variety of applications on the internet.

On October 28th, 2022, ConnectWise disclosed a critical remote code execution (RCE) vulnerability affecting ConnectWise Recover (version 2.9.7 and earlier) and R1Soft Server Backup Manager (version 6.16.3 and earlier). A threat actor could leverage an authentication bypass vulnerability in these products (CVE-2022-36537) to leak server private key files, software licenses, and system configuration files and ultimately achieve RCE as the system superuser.

As security teams struggle to scale security programs to meet both attack surface and threat landscape growth and complexity, many are engaging managed detection and response (MDR) providers to accelerate their operating models. With no end in sight for the cybersecurity skills shortage, MDR services can bring immediate expert resources online, together with proven, best-of-breed processes and tools that can help security teams gain control and set themselves up for future security program success.

On Tuesday, October 25th 2022, VMware disclosed a critical remote code execution vulnerability (CVE-2021-39144, CVSS 9.8) in VMware Cloud Foundation NSX-V versions 3.x and older. A threat actor could perform remote code execution in the context of ‘root’ on the appliance due to an unauthenticated endpoint that leverages XStream for input serialization.

The Infrastructure Investment and Jobs Act (IIJA) includes cybersecurity and will to hand out millions to state and local governments to help them improve their security posture and ward off future cyber threats. Getting your entity’s share of the $185 million (for calendar year 2022), however, is more complicated than emailing the federal government or asking your state for some cash. With a deadline of Nov.