Solutions: Application Penetration Test

Michelle Drolet

What You Need to Know: A ransomware attack was deployed against an unnamed target, using Mitel’s VoIP appliance an entry point. CVE-2022-29499 is actively being used by attackers to achieve remote code execution and to gain initial access to their victim’s environment. The vulnerability is rated 9.8 in severity on the CVSS vulnerability scoring system.

Michelle Drolet

What You Need to Know: Today, VMware issued patches for two security flaws discovered in Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerabilities are tracked as CVE-2022-22972 and CVE-2022-22973 and could be exploited to backdoor enterprise networks. The first vulnerability, CVE-2022-22972 has a critical CVSS score of 9.8 and is an authentication bypass

Michelle Drolet

What You Need to Know: This week, ESET researchers discovered three new cyberattacks against Ukraine: HermeticWizard, HermeticRansom, and IsaacWiper. There is a new exploit, HermeticWizard, which spreads HermeticWiper across local networks via WMI and SMB. HermeticWizard is a worm that was deployed on a Ukrainian system on February 23, 2022. The malware starts by trying

Michelle Drolet

What You Need to Know: Security teams are in a hurry to patch an unknown active vulnerability that was found in Apache’s Log4j and is now named Log4Shell. Log4j is a Java-based open-source library used by apps and services, and the newly found vulnerability could allow an attacker to compromise millions of devices across the

Michelle Drolet

Covid-19 has disrupted our lives and caused a lot of stress and panic globally. Even though lockdowns may be relaxing, cyber-attacks are showing no signs of slowing down. The pandemic has created the perfect environment for hacktivists to strike with a high degree of success. Let’s understand the top five reasons for this: 1. Expanding

Michelle Drolet

Trends in Data Breaches and Comprehensive Responses Does your organization have a data breach response plan? Join Michelle Drolet and a team of industry experts for an interactive Q&A panel and discover the best practices for breach response and how to strengthen your organization’s cyber resilience. About the Webinar Join this interactive Q&A panel with

Michelle Drolet

Four ways to implement and maintain security testing. Cybercriminals had a fantastic time in 2014 – breaching major retailers such as Home Depot and Kmart, major financial institutions (notably JPMorgan Chase), and a slew of smaller companies. Indeed, cybercrimes are growing more common, more costly, and taking longer to resolve. Those are among the key findings

Michelle Drolet

1.2 billion logins scooped up by CyberVor hacking crew – what you need to do Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. Researchers monitored the gang for over seven months, thought to be “fewer than a dozen men in

Michelle Drolet

Despite all the news about hackers infiltrating major corporations, most businesses continue to leave themselves woefully unprotected. Some surveys estimate more than 70% of businesses perform vulnerability tests on less than 10% of their cloud, mobile and web applications. A majority also confess they have been hacked at least once in the last two years.

Michelle Drolet

When the healthcare.gov website was launched on Oct. 1 it didn’t take long for technical issues to hit the headlines. Americans trying to register for health care found the website unusable. There were glitches, extremely long loading times, and serious errors, but most worrying of all for anyone entrusting sensitive data to the system was the lack