Critical OMI Vulnerabilities in Linux Azure VM Deployments

Critical OMI Vulnerabilities in Linux Azure VM Deployments 17 September, 2021 Event Summary Four vulnerabilities have been identified in the Open Management Infrastructure (OMI) used for managing Linux and UNIX VM’s with Microsoft Azure implementations.  Of these, the most severe vulnerability allows for Remote Code Execution (RCE), while the remaining three allow for privilege escalation […]

Cryptojacking: Is Your Browser Mining Crypto?

Cryptojacking: Is Your Browser Mining Crypto? 25% of businesses are estimated to have been victims of cryptojacking. Crypto mining in and of itself is neither malicious nor a security event. However, the same tools and domains that any random individual may use to legitimately mine their own crypto are also being used by botnets to […]

Fortinet VPN Credential Compromise and Leak

Fortinet VPN Credential Compromise and Leak 10 September, 2021 Event Summary Threat actors have obtained and leaked almost 500,000 Fortinet VPN credentials, including user names and passwords.  They were able to obtain these credentials via a previously disclosed vulnerability, CVE-2018-13379, labeled as a FortiOS system file leak through SSL VPN via specially crafted HTTP resource […]

Atlassian Confluence Server and Data Center RCE Vulnerability

Atlassian Confluence Server and Data Center RCE Vulnerability 3 September, 2021 Executive Summary Atlassian Confluence and the U.S. Cyber Command have issued a security advisory regarding an OGNL injection vulnerability that exists in multiple versions of the Confluence Server and Data Center products. This Remote Code Execution (RCE) vulnerability could allow authenticated users, and in […]

Microsoft Azure Cosmos DB Primary Key Exposure

Microsoft Azure Cosmos DB Primary Key Exposure 27 August, 2021 Executive Summary Microsoft has disclosed an issue in their flagship Azure Database, Cosmos DB.  Wiz Research Security’s research team discovered the ability to access the Primary Key that controls access to databases used by thousands of companies. This vulnerability has been dubbed as “ChaosDB”. Exploitations […]

“ProxyShell” & “ProxyLogon” Patch Reminder

“ProxyShell” & “ProxyLogon” Patch Reminder Patch Notice Summary Security On-Demand’s Threat Recon Unit is issuing a patch reminder for vulnerabilities that exist in Microsoft Exchange servers.  We have previously reported on these patches and recommend patching any vulnerable systems that may not have received previous patches. We are observing that threat groups are actively scanning […]