Fortinet VPN Credential Compromise and Leak

Fortinet VPN Credential Compromise and Leak 10 September, 2021 Event Summary Threat actors have obtained and leaked almost 500,000 Fortinet VPN credentials, including user names and passwords.  They were able to obtain these credentials via a previously disclosed vulnerability, CVE-2018-13379, labeled as a FortiOS system file leak through SSL VPN via specially crafted HTTP resource […]

Microsoft Azure Cosmos DB Primary Key Exposure

Microsoft Azure Cosmos DB Primary Key Exposure 27 August, 2021 Executive Summary Microsoft has disclosed an issue in their flagship Azure Database, Cosmos DB.  Wiz Research Security’s research team discovered the ability to access the Primary Key that controls access to databases used by thousands of companies. This vulnerability has been dubbed as “ChaosDB”. Exploitations […]

2021 Mid-Year Phishing Report

phishing report

2021 Mid-Year Phishing Report Authored by Joel Garcia, Cyber Security Operator III at Security On-Demand As the world re-opens and employees make the transition back to some normalcy, scammers remain hard at work to score payoffs and gain unauthorized access. Looking back, the FBI’s 2020 Internet Crime Report ranks email fraud as the most financially […]

Active VPN Reconnaissance Campaign from Russia Based IP

Active VPN Reconnaissance Campaign from Russia Based IP Event Summary Security On-Demand has discovered a Russian based IP performing an active VPN scanning and password spraying campaign.  This IP was observed performing this activity as of May 30, 2021.  We are taking this opportunity to alert our client base and recommend any preemptive actions to […]

‘Fancy Product Designer’ Website Plugin Zero-Day Vulnerability

‘Fancy Product Designer’ Website Plugin Zero-Day Vulnerability 2 June, 2021 Event Summary On May 31, 2021, the WordFence Threat Intelligence team discovered and disclosed a critical file upload vulnerability in ‘Fancy Product Designer’ plugin.  This vulnerability affects both WordPress and WooCommerce websites and allows for Remote Code Execution (RCE). The Fancy Product Designer plugin exists […]

Threat Flash Alert: Nobelium Spear-Phishing Campaign

Threat Flash Alert: Nobelium Spear-Phishing Campaign Executive Summary Microsoft’s Threat Intelligence Center (MSTIC) has released an advisory pertaining to a new Spear-Phishing campaign by the Russian threat group dubbed Nobelium.  Nobelium has been labeled responsible for the Solar Winds compromise that took place in 2020.   The start date for this campaign dates back to January […]