A series of MOVEit Transfer vulnerabilities have affected 520 organizations and over 32 million individuals. The Russian-speaking ransomware gang CL0P has claimed responsibility for the attacks, which date back to May 2023. Organizations that have not yet applied the patches across all instances are still at risk. CyCognito’s platform can help customers to find where MOVEit Transfer is being used across their attack surface and identify exposed risks.
Read more about The MOVEit Hacking Spree: Impact, Perspective and Detecting it in Your Attack Surface
CyCognito Blog
Research
Search the Blog
Discover valuable external risk insights. Learn how to bridge gaps in external attack surface and enhance security with actionable strategies.
Read more about External Risk Insights: Mind the Gaps in the External Attack Surface
Solving meaningful external risk challenges requires the right information at the right time in the hands of the right people.
Read more about Shrink your External Attack Surface with Better Communications
What is the economic impact of adding an External Attack Surface Management platform to your 2024 cybersecurity roadmap?
Read more about Study: EASM Products Boost Security While Reducing CostsA critical bug in OpenSSL versions 3.0+ dashes security team hopes that this Halloween will include treats and no tricks.
Read more about Heartbleed-like Critical OpenSSL Bug Impacts Versions 3+Despite eradication efforts, Log4j continues to haunt large corporations eight months after the critical vulnerability was discovered.
Read more about Risky Business: Enterprises Can’t Shake Log4jMergers and acquisitions, poorly managed web apps and insecure PII represent biggest risks tied to external attack surfaces in 2022.
Read more about Exclusive EASM Report: Mergers and Acquisitions Top 2022 External Attack Surface Management RisksOn May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.
Read more about Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IPNIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
Read more about One month in: CyCognito looks at Spring4Shell
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more about Detecting and Validating Spring4Shell Vulnerability: CVE-2022-22965