Welcome!

ADVERSARIES ARE EXPLOITING CRITICAL F5 BIG-IP RCE

Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388, affecting F5 BIG-IP. On May 4, 2022, F5 released a security advisory for a remote code execution vulnerability in the iControl REST component of its BIG-IP product with a CVSSv3 base score of 9.8. Threat actors can exploit this vulnerability to bypass...

YOU ARE SAFE WHEN YOU MAKE THE BEST USE OF REMOVABLE MEDIA:

Removable media has been a staple of modern-day computing for decades. Removable media is very easily lost, which could result in the compromise of large volumes of sensitive information stored on it. It is more important than ever to make sure removable media is used in a safe and protected way. What is Removable Media?...

CVE-2022-22954: CRITICAL RCE IN VMWARE WORKSPACE ONE ACCESS AND VMWARE IDENTITY MANAGER

Attackers have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver crypto miners onto vulnerable systems. The software vendor released a security advisory for the vulnerability on April 6, 2022, warning about the possibility of a threat actor with network access triggering a server-side template injection that results...

Spring4Shell: Patched RCE Vulnerability in Spring Core and Spring Cloud Frameworks Finally

Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. On March 30, 2022, the security community became widely aware of vulnerabilities related to spring, the popular open-source Java framework. What is Spring4Shell? Spring4Shell is a bug in Spring Core, a popular application...

Product Security

Your Passion…Your Product…Is it Secure enough? Are you passionate about your product? I am sure you are! You spent a few months or years coming up with a great idea. You worked hard to design, probably did multiple iterations, and built a world-class product. Your product gained traction, built a user base and trust. You...

Cloud Infrastructure Security

Focuses on configuration review and risk associated with your Cloud Infrastructure components. We perform the below steps Scope of Assessment We review the configuration of below Cloud Services AWS Azure AWS – Some of the sample services and components within those services Azure – Some of the sample services and components within those services Approach...

Infrastructure Risk Assessment

RiskSek provides a Holistic View of the Risk associated with your On-Premises Infrastructure using our Intelligent Risk Assessment and Scoring Approach. On-Prem Infrastructure Security Focuses on configuration review and risk associated with your On-Premises Security Infrastructure components. Scope of Assessment We review the configuration of Network Firewalls Intrusion Detection Systems Proxy Filters Privilege Management Systems...

Holistic View To Cyber Risk

RiskSek is about evaluating Cyber Security Risk by analysing business processes, applications, dataflows through quality tools & methodologies. We are passionate about securing your environment by diving deep into data landscape & understanding telemetrics to evaluate cyber risks in a holistic manner. Our Approach Our vision is to provide Holistic Cyber Risk of your Applications...