On Friday, May 27, Security vendor nao_sec identified a malicious document leveraging a zero-day RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT). The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word.

On Tuesday, June 14, 2022, Citrix released patches for multiple vulnerabilities, including CVE-2022-27511, an unauthenticated remote privilege escalation vulnerability affecting Citrix Application Delivery Management (ADM). The vulnerability allows an unauthenticated user to remotely corrupt an affected system to reset the administrator password at the next device reboot. Successful exploitation allows a threat actor to gain initial access using the default credentials via SSH after a device reboot.

After a two-year hiatus, we couldn’t have been happier to spend the week in the Bay area with our customers, partners, and peers at the RSA Conference. The opportunity to showcase our latest solutions and technologies while connecting with some of the smartest people in the industry is something we’ve missed dearly, and meeting with our customers in person has made the 2022 conference sweeter than ever before.

Summer is here and phishing season is in full swing. May saw a troubling range of phishing attacks carried out against a wide array of targets, from retirement planners to school systems to national defense. Bundle all of those efforts together with a disturbing ransomware attack on the air travel industry and you have all the evidence you need of the dangers of inadequate cybersecurity at every level.

On Tuesday, May 31, 2022, Volexity responsibly disclosed a remote code execution (RCE) vulnerability to Atlassian affecting all supported versions of Confluence Server & Data Center. The Object-Graph Navigation Language (OGNL) injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

When you hear the words “brute force," subtlety is probably not the first thing that comes to mind. Indeed, classic brute-force cyber attacks use the most straightforward tactics—trial and error—to gain entry into a protected system. When brute force works, the attack's type, depth, and severity depend on the attacker's goals.

On Friday, May 27, 2022, Security vendor nao_sec identified a malicious document leveraging a zero-day remote code execution RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT). The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word.

According to the 2021 IBM X-Force Threat Intelligence Index , the finance and insurance industry sector experienced the most cyber attacks for the fourth year in a row. It’s no mystery why: Hackers go where the money is. And according to Verizon's 2021 Data Breach Investigations Report (DBIR), financial gain was the most common motive in data breaches across all industries: 93 percent of breaches involving companies with fewer than 1,000 employees were financially motivated.

As the attack surface expands and cyber threats continue to evolve, most organizations make security awareness training a key part of their cybersecurity programs. Especially now with growing evidence that social engineering tactics reap big rewards for bad actors and cataclysmic outcomes for enterprises of every size. To wit, a study has found that 88% of all data breaches involve mistakes by employees.

Of the many industries attracting threat actor attention, the legal sector is gaining heightened interest from run-of-the-mill cybercriminals and nation-state actors alike. In late February, the State Bar of California disclosed that it experienced a breach allowing access to thousands of case records and case profile data, along with confidential court records.