Critical OMI Vulnerabilities in Linux Azure VM Deployments

Critical OMI Vulnerabilities in Linux Azure VM Deployments 17 September, 2021 Event Summary Four vulnerabilities have been identified in the Open Management Infrastructure (OMI) used for managing Linux and UNIX VM’s with Microsoft Azure implementations.  Of these, the most severe vulnerability allows for Remote Code Execution (RCE), while the remaining three allow for privilege escalation […]

Fortinet VPN Credential Compromise and Leak

Fortinet VPN Credential Compromise and Leak 10 September, 2021 Event Summary Threat actors have obtained and leaked almost 500,000 Fortinet VPN credentials, including user names and passwords.  They were able to obtain these credentials via a previously disclosed vulnerability, CVE-2018-13379, labeled as a FortiOS system file leak through SSL VPN via specially crafted HTTP resource […]

Atlassian Confluence Server and Data Center RCE Vulnerability

Atlassian Confluence Server and Data Center RCE Vulnerability 3 September, 2021 Executive Summary Atlassian Confluence and the U.S. Cyber Command have issued a security advisory regarding an OGNL injection vulnerability that exists in multiple versions of the Confluence Server and Data Center products. This Remote Code Execution (RCE) vulnerability could allow authenticated users, and in […]

Microsoft Azure Cosmos DB Primary Key Exposure

Microsoft Azure Cosmos DB Primary Key Exposure 27 August, 2021 Executive Summary Microsoft has disclosed an issue in their flagship Azure Database, Cosmos DB.  Wiz Research Security’s research team discovered the ability to access the Primary Key that controls access to databases used by thousands of companies. This vulnerability has been dubbed as “ChaosDB”. Exploitations […]

The Internet of Things: A New Opportunity for Hackers

The Internet of Things: A New Opportunity for Hackers The Internet of Things is an exciting and innovative technological evolution that is changing the way we live, do business, and interact.  The IoT provides improvements in efficiency, convenience, and overall business processes.  Such technological advancements are welcomed and ought to be embraced.  However, from a […]

2021 Mid-Year Phishing Report

phishing report

2021 Mid-Year Phishing Report Authored by Joel Garcia, Cyber Security Operator III at Security On-Demand As the world re-opens and employees make the transition back to some normalcy, scammers remain hard at work to score payoffs and gain unauthorized access. Looking back, the FBI’s 2020 Internet Crime Report ranks email fraud as the most financially […]