Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
There is confirmed exploitation of the critical WSO2 vulnerability CVE-2022-29464 (CVSS: 9.8). WSO2 is an open-source technology provider that maintains a variety of products relating to Application Program Interface (API) and Identity management. CVE-2022-29464 is an unrestricted file upload vulnerability impacting multiple WSO2 products. Successful exploitation allows for unauthenticated Remote Code Execution (RCE). The vulnerability was initially disclosed on April 1st, 2022, and in the wild exploitation was confirmed by CISA in late April.
Proof-of-Concept (PoC) exploits are publicly available for this vulnerability; as such, eSentire Threat Intelligence assesses that multiple threat actor groups are currently exploiting the vulnerability in real-world attacks. Organizations are strongly recommended to apply the mitigations outlined in the following “What you should do about it” section.
In order to exploit CVE-2022-29464, threat actor(s) would upload a malicious JSP (web shell) script to the vulnerable upload route /fileupload/toolsAny on the victim’s webserver and take the advantage of a path traversal (also known as directory traversal) vulnerability to write and run the web shell from the web root (for example repository/deployment/server/webapps). Public reporting suggests that to date, exploitation has resulted in the deployment of cryptocurrency-mining malware and web shells. Web shells and miner malware are often leveraged as early-stage payloads, prior to additional malicious activity. As PoC exploits are publicly available, there is the potential for widespread exploitation of CVE-2022-29464 in the near future.
Impacted WSO2 products:
[1] https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738
[2] https://www.cisa.gov/uscert/ncas/current-activity/2022/04/25/cisa-adds-seven-known-exploited-vulnerabilities-catalog
[3] https://github.com/wso2/carbon-kernel/pull/3152
[4] https://github.com/wso2/carbon-identity-framework/pull/3864
[5] https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/167