Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Join Kurtis Armour, Director, Product Management for a briefing with Cloud…
Join eSentire for an evening of axe throwing at Bury the Hatchet in New…
Join eSentire in the November Banking and Finance Digital Best Practice…
On April 30th, 2020, cybersecurity firm F-Secure announced two major vulnerabilities affecting the "Salt" management framework; and as of May 2nd, 2020, the vulnerabilities were exploited by threat actors in the wild . Salt is a widely used configuration tool created by the opensource project SaltStack. If exploited. the vulnerabilities allow for an unauthenticated threat actor to perform remote code execution with root permissions on affected devices. After performing a business impact review, all organizations using SaltStack are highly recommended to apply security patches.
What we’re doing about it
What you should do about it
The vulnerabilities stem from the default communication protocol, ZeroMQ, used in Salt. There are two separate vulnerabilities that attackers can exploit in unison to allow for unauthenticated remote code execution on the master and minion agents on Salt managed systems. CVE-2020-11651 allows for authentication bypass, while CVE-2020-11652 is used for directory traversal.
As of April 30th, 2020, F-Secure was able to identify over 6,000 vulnerable instances exposed to the public which could be exploited. A recent report indicates that these vulnerabilities are actively being exploited; threat actors used the two vulnerabilities to breach servers related to core infrastructure for the mobile operating system LineageOS .