It’s October bringing fall weather, pumpkin spiced lattes and a month dedicated to cybersecurity awareness.
Blog
Exploiting Kaseya Unitrends Backup Appliance – Part 2
This is the second installment of the Exploiting Unitrends series and will focus on several critical unauthenticated SQL Injection vulnerabilities leading to remote code execution.
Exploiting Kaseya Unitrends Backup Appliance – Part 1
Multiple vulnerabilities were discovered in the Unitrends Backup appliance and client software. An attacker with network access to the management interface or backup ports on the client or server could be exploited to compromise the machine. Both suffer from critical remote code execution vulnerabilities.
Understanding Zero Trust: Beyond a Buzzword
The concept of Zero Trust has evolved from an industry catchphrase to an essential security framework. At its core, Zero Trust operates on the principle of “never trust, always verify,” eliminating the notion that threats only exist outside your network perimeter. For businesses navigating today’s complex threat landscape, implementing Zero Trust means verifying every user, […]
The Human Element: Why Security Awareness Training Still Matters
Despite advanced technical defenses, social engineering remains among the most effective attack vectors. Our incident response team has observed a 40% increase in sophisticated phishing campaigns targeting specific employees with access to sensitive systems.
Ransomware Recovery: Planning for the Unthinkable
The question is no longer if your organization will face a ransomware threat, but when. While prevention remains critical, equally important is your ability to recover quickly and completely when prevention measures fail.
CyberOne Announces Strategic Plans for National Expansion
Plano, TX – November 16, 2021 — CyberOne, a trusted cybersecurity advisory and solutions leader, announced today its plans to spin off from the CRITICALSTART brand as an independent company.
How To Reverse Engineer the SolarWinds Hack
Author: Quentin Rhoads-Herrera, Director of Professional Services When it comes to security incidents involving malware, most of us rely on the information provided by the investigating firm to understand what the malware does, why it does it, and how to find it in our own environment. However, if you are interested in more in-depth details […]
Death to Vulnerability Management As We Know It
Vulnerability Management concepts are changing. The idea that vulnerability management is limited to scanning alone is being replaced with a wider and more comprehensive view. It’s now transforming to a concept called vulnerability identification, which is an umbrella for any type of service or activity centered around identifying vulnerabilities. This can include scanning and penetration […]
Multiple Vulnerabilities Discovered in Aviatrix
Versions Tested: Aviatrix Cloud Controller UserConnect-5.3.1516 Aviatrix VPN Client 2.8.2 Product: https://aviatrix.com/cloud-network-platform/ Security Advisories: https://docs.aviatrix.com/HowTos/security_bulletin_article.html Summary: CyberOne‘s TEAMARES recently discovered multiple vulnerabilities in the Aviatrix Cloud Controller appliance v5.3.1516 and Aviatrix VPN client v2.8.2 for Linux, macOS, and Windows. TEAMARES would like to thank the Aviatrix security team for partnering with us to get the issues resolved. […]