Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388, affecting F5 BIG-IP. On May 4, 2022, F5 released a security advisory for a remote code execution vulnerability in the iControl REST component of its BIG-IP product with a CVSSv3 base score of 9.8. Threat actors can exploit this vulnerability to bypass...
Removable media has been a staple of modern-day computing for decades. Removable media is very easily lost, which could result in the compromise of large volumes of sensitive information stored on it. It is more important than ever to make sure removable media is used in a safe and protected way. What is Removable Media?...
Attackers have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver crypto miners onto vulnerable systems. The software vendor released a security advisory for the vulnerability on April 6, 2022, warning about the possibility of a threat actor with network access triggering a server-side template injection that results...
Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. On March 30, 2022, the security community became widely aware of vulnerabilities related to spring, the popular open-source Java framework. What is Spring4Shell? Spring4Shell is a bug in Spring Core, a popular application...
Your Passion…Your Product…Is it Secure enough? Are you passionate about your product? I am sure you are! You spent a few months or years coming up with a great idea. You worked hard to design, probably did multiple iterations, and built a world-class product. Your product gained traction, built a user base and trust. You...
Focuses on configuration review and risk associated with your Cloud Infrastructure components. We perform the below steps Scope of Assessment We review the configuration of below Cloud Services AWS Azure AWS – Some of the sample services and components within those services Azure – Some of the sample services and components within those services Approach...
RiskSek provides a Holistic View of the Risk associated with your On-Premises Infrastructure using our Intelligent Risk Assessment and Scoring Approach. On-Prem Infrastructure Security Focuses on configuration review and risk associated with your On-Premises Security Infrastructure components. Scope of Assessment We review the configuration of Network Firewalls Intrusion Detection Systems Proxy Filters Privilege Management Systems...
RiskSek is about evaluating Cyber Security Risk by analysing business processes, applications, dataflows through quality tools & methodologies. We are passionate about securing your environment by diving deep into data landscape & understanding telemetrics to evaluate cyber risks in a holistic manner. Our Approach Our vision is to provide Holistic Cyber Risk of your Applications...