CVE-2024-23897 – Jenkins RCE Exploited in Ransomware Attacks
Introduction On August 19th, CISA added a new vulnerability to its catalog of Known Exploited Vulnerabilities (KEV). Being tracked…
CVE Advisory
Attack Techniques in Okta – Part 1 – A (Really) Deep Dive into Okta Key Terms
Welcome to the first installment of our blog series on attack techniques within Okta. Okta is an identity management service…
Blog
CVE-2023-50164 – Remote Code Execution (RCE) Flaw in Apache Struts
On Dec 7th, open-source web server software provider Apache disclosed a new vulnerability with a CVSS score of 9.8, which…
CVE Advisory
CVE-2023-36884 – Nation-State RCE Targets Government Agencies with Malicious Microsoft Office Documents
Updated on 27/07/2023 On July 11th, Microsoft announced they had uncovered a zero-day bug found in numerous Windows and Office…
CVE Advisory
CVE-2023-23397 – Outlook vulnerability
On March 14, Microsoft released the regular Patch tuesday. During this patch Tuesday, Microsoft released 74 new patches addressing CVEs…
CVE Advisory
CVE 2023-21716- Microsoft Word RCE
Overview On March 5, a security researcher named Joshua J.Drake shared details about CVE-2023-21716, a Microsoft Word vulnerability that was…
CVE Advisory
Extracting Encrypted Credentials from Common Tools
Overview During our day to day research, we face the question of what can be extracted from a compromised machine…
Blog
CVE-2022-42475 – Critical RCE Fortinet Vulnerability
On December 12th, Fortinet, one of the foremost players in the firewall, AV, intrusion prevention systems, and endpoint security ecosystem,…
CVE Advisory
XM Cyber Advisory – OpenSSL Critical Vulnerability
Overview According to the OpenSSL team, on November 1st, 2022, a new version, number 3.0.7 will be released (https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html). It’s…
Blog
XM Cyber Advisory – Follina, CVE-2022-30190, Zero Day
On May 27, a new zero day critical vulnerability called Follina was discovered by the nao_sec security research team. The…
CVE Advisory
Prevent cyber attacks in Azure before they happen
Misconfigurations within Azure environments are more common than you think. It’s important to learn and understand how attackers can exploit…
Webinars
Decrypting VMware Workstation Passwords for Fun
Overview At XM Cyber, we have been hard at work on the techniques that attackers use against your VMware environments.…
Blog
See XM Cyber In Action
