Resources

CVE-2023-36884 – Nation-State RCE Targets Government Agencies with Malicious Microsoft Office Documents
David Azria & Batya Steinherz | July 13, 2023

Updated on 27/07/2023 On July 11th, Microsoft announced they had uncovered a zero-day bug found in numerous Windows and Office products with a criticality…

CVE-2023-23397 – Outlook vulnerability
Zur Ulianitzky & David Azria & Bill Ben Haim | March 16, 2023

On March 14, Microsoft released the regular Patch tuesday. During this patch Tuesday, Microsoft released 74 new patches addressing CVEs within Microsoft products. Exploiting…

CVE 2023-21716- Microsoft Word RCE
Zur Ulianitzky & David Azria & Bill Ben Haim | March 07, 2023

Overview On March 5, a security researcher named Joshua J.Drake shared details about CVE-2023-21716, a Microsoft Word vulnerability that was patched during February 2023…

Extracting Encrypted Credentials from Common Tools
Zur Ulianitzky and David Azria | January 02, 2023

Overview During our day to day research, we face the question of what can be extracted from a  compromised machine in order to move…

CVE-2022-42475 – Critical RCE Fortinet Vulnerability 
David Azria & Zur Ulianitzky | December 15, 2022

On December 12th, Fortinet, one of the foremost players in the firewall, AV, intrusion prevention systems, and endpoint security ecosystem, announced the discovery of…

XM Cyber Advisory – OpenSSL Critical Vulnerability
Zur Ulianitzky and David Azria | October 31, 2022

Overview According to the OpenSSL team, on November 1st, 2022, a new version, number 3.0.7 will be released (https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html). It’s interesting to note that…

XM Cyber Advisory – Follina, CVE-2022-30190, Zero Day
Zur Ulianitzky and Bill Ben Haim | June 05, 2022

On May 27, a new zero day critical vulnerability called Follina was discovered by the nao_sec security research team. The vulnerability resides in malicious…

XM Cyber Advisory – Spring4Shell, Zero Day
Zur Ulianitzky; Ilay Grossman | March 31, 2022

Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…

Go beyond Log4Shell and see the entire attack path with XM Cyber

We know you’re working tirelessly to get ahead of the log4j vulnerability. Here at XM Cyber, we can help you prioritize your remediation efforts…

Go Beyond Log4Shell and See the Entire Attack Path
March 01, 2022

We understand the facts: The most common open-source library (Java) has already been identified with 3 CVEs and counting, with over 3 million attacks…

Time to go beyond Log4Shell and see the entire attack path
December 16, 2021

Today’s organizations are overwhelmed since the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228, CVE-2021-45046). If prioritizing your vulnerabilities was a daunting…

XM Cyber Advisory – Log4Shell, CVE-2021-44228
December 12, 2021

Overview Last Thursday, December 9, the Log4Shell vulnerability, CVE-2021-44228 (CVSS score 10), was discovered. This remote code execution (RCE) vulnerability was being exploited in…

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.