Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • Netizen Cybersecurity Bulletin (March 27th, 2025)

    Netizen Cybersecurity Bulletin (March 27th, 2025)

    Overview:

    • Phish Tale of the Week
    • Alleged Oracle Cloud Breach Sparks Controversy
    • Windows Zero-Day Exposes NTLM Credentials—Unofficial Patch Now Available
    • How can Netizen help?

    Phish Tale of the Week

    Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this email, the actors are appearing as an unnamed company. They’re sending us a text message, telling us that a new device was added to our Coinbase account, and that it’s imperative that we contact the number below. It seems both urgent and genuine, so why shouldn’t we? Luckily, there’s plenty of reasons that point to this being a scam.

    Here’s how we can tell not to fall for this phish:

    1. The first warning sign for this SMS is the context in which it was sent. When I recieved this SMS, I immediately knew not to click on the link due to the fact that I did not recently add any device to my Coinbase account. On top of that, it’s very apparent that this message was blasted out to random numbers: the message doesn’t even include my name or attempt to provide any level of familiarity.
    2. The second warning signs in this email is the messaging. This message tries to create a sense of opportunity and urgency in order to get you to take action by using language such as “if this was not you, contact us.” Phishing and smishing scams commonly attempt to create a sense of urgency/confusion in their messages in order to get you to click their link without thinking about it first. Always be sure to thoroughly inspect the style and tone of all texts before following a link or other attachment sent through SMS.
    3. The final warning sign for this email is the wording; in our case the smisher uses the incomplete sentence “Verification code to add a new device is 156232.” All of these factors point to the above being a smishing text, and a very unsophisticated one at that.


    General Recommendations:

    phishing attack will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via your text messages. 

    1. Scrutinize your messages before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the message come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    2. Verify that the sender is actually from the company sending the message.
    3. Did you receive a message from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    4. Do not give out personal or company information over the internet.
    5. Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing messages pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this month’s Cybersecurity Brief:

    Alleged Oracle Cloud Breach Sparks Controversy

    Despite Oracle’s denial of a breach in its Oracle Cloud federated SSO login servers, multiple companies have confirmed that data samples shared by the threat actor are valid. The claim, initially made by a threat actor known as ‘rose87168,’ alleges the theft of authentication data and encrypted passwords belonging to 6 million users.

    Last week, ‘rose87168’ claimed to have infiltrated Oracle Cloud servers and began selling what they claimed to be authentication data, including SSO and LDAP passwords. The attacker further asserted that the stolen credentials could be decrypted with the information contained in the stolen files. As proof, they offered to share portions of the data with anyone who could assist in recovering the passwords.

    The threat actor also released multiple text files, including what appeared to be a database, LDAP data, and a list of 140,621 domains linked to various companies and government agencies. However, some of the domains appear to be test accounts, and multiple domains are associated with single companies, raising questions about the full extent of the breach.

    Alongside the leaked data, ‘rose87168’ provided an Archive.org link containing a text file allegedly tied to Oracle’s systems. BleepingComputer analyzed these files and reached out to impacted organizations, some of whom confirmed that the data matches real customer or employee information.

    Despite these confirmations, Oracle has maintained that no breach has occurred. The company has yet to publicly address whether an internal investigation is underway or provide further clarification regarding the authenticity of the leaked records.

    Security Operations Center (SOC) teams should remain vigilant and take proactive measures in light of this potential breach. Organizations using Oracle Cloud services should:

    • Conduct an immediate review of access logs for any suspicious authentication attempts.
    • Enforce password resets for all users, particularly those with SSO and LDAP access.
    • Strengthen authentication mechanisms by implementing multi-factor authentication (MFA).
    • Monitor threat intelligence sources for further updates on the breach and associated risks.

    Until Oracle provides more transparency, SOC teams must assume a heightened security posture to mitigate potential exploitation of compromised credentials.

    To read more about this article, click here.

    Windows Zero-Day Exposes NTLM Credentials—Unofficial Patch Now Available

    A newly discovered Windows zero-day vulnerability allows remote attackers to steal NTLM credentials by simply tricking victims into viewing malicious files in Windows Explorer. This vulnerability, which has not yet been assigned a CVE-ID, affects all Windows versions from Windows 7 to the latest Windows 11 release, as well as Server 2008 R2 through Server 2025.

    NTLM authentication has long been a target for attackers due to its susceptibility to relay and pass-the-hash attacks. In these scenarios, threat actors force network devices to authenticate to attacker-controlled servers or use stolen NTLM hashes to impersonate users and gain unauthorized access to systems. Once inside, attackers can move laterally within a network, exfiltrate sensitive data, and escalate privileges.

    ACROS Security researchers uncovered this new SCF File NTLM hash disclosure flaw while working on fixes for a separate NTLM vulnerability. The exploit requires minimal user interaction—simply previewing a malicious file in Windows Explorer can trigger the attack, leaking NTLM hashes to a remote adversary.

    While Microsoft has yet to release an official fix, ACROS Security has developed a free, unofficial micropatch through its 0patch platform. The micropatch prevents the flaw from being exploited, offering an immediate safeguard for users and organizations concerned about NTLM hash theft.

    Microsoft has acknowledged the risks associated with NTLM authentication and has previously announced plans to phase it out in future Windows 11 versions. However, with NTLM still widely used in corporate environments, this new vulnerability underscores the urgent need for organizations to transition to more secure authentication methods, such as Kerberos or modern multifactor authentication solutions.

    SOC teams should immediately assess their exposure to this vulnerability and consider deploying the 0patch micropatch as a temporary mitigation. Additionally, organizations should enforce NTLM relay attack mitigations, monitor network traffic for suspicious authentication attempts, and prioritize upgrading authentication protocols to reduce reliance on NTLM.

    To read more about this article, click here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Critical VMware Tools Vulnerability CVE-2025-22230: What You Need to Know

    Critical VMware Tools Vulnerability CVE-2025-22230: What You Need to Know

    Broadcom has released security updates to address a high-severity authentication bypass vulnerability in VMware Tools for Windows. The flaw, tracked as CVE-2025-22230, arises from an improper access control weakness and was reported by Sergey Bliznyuk of Positive Technologies, a Russian cybersecurity firm previously sanctioned for allegedly trafficking hacking tools.

    Exploitation Risk and Impact

    The vulnerability allows local attackers with low privileges to escalate their access and perform high-privilege operations within a Windows guest VM. Since the exploit requires no user interaction and has low attack complexity, it poses a serious risk for organizations relying on VMware-based virtualization. If exploited, an attacker with a foothold inside a virtualized environment could gain elevated privileges, potentially leading to data theft, system manipulation, or lateral movement within the network.

    VMware’s security advisory warns:
    “A malicious actor with non-administrative privileges on a Windows guest VM may gain the ability to perform certain high-privilege operations within that VM.”

    Broader VMware Security Concerns

    This latest vulnerability follows Broadcom’s recent patching of three VMware zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226), highlighting an ongoing trend of targeted attacks against VMware environments. Given VMware’s widespread use in enterprise and government IT infrastructure, attackers are actively exploiting security gaps in virtualization tools to gain privileged access and establish persistence.

    What SOC Teams Need to Know

    Security Operations Center (SOC) teams should take immediate action to mitigate the risk posed by CVE-2025-22230 and other recently patched VMware vulnerabilities. Key steps include:

    • Prioritize patching: Apply Broadcom’s security updates for VMware Tools on all affected Windows guest VMs as soon as possible.
    • Monitor privileged access: Implement enhanced logging and monitoring for unusual privilege escalations and administrative operations within virtualized environments.
    • Restrict local user privileges: Limit non-administrative access within guest VMs to reduce the attack surface for privilege escalation attempts.
    • Harden VMware configurations: Disable unnecessary services and enforce strict access controls to minimize the risk of exploitation.
    • Threat hunting: Look for indicators of compromise (IoCs) related to unauthorized privilege escalation or suspicious lateral movement within VMware-based environments.

    With VMware environments increasingly targeted by attackers, SOC teams must proactively assess their virtualization security posture to prevent unauthorized access and privilege escalation risks.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Critical Ingress NGINX Controller Vulnerability Enables Unauthenticated Remote Code Execution

    Critical Ingress NGINX Controller Vulnerability Enables Unauthenticated Remote Code Execution

    A set of five critical security vulnerabilities in the Ingress NGINX Controller for Kubernetes has been disclosed, potentially allowing unauthenticated remote code execution (RCE). Security researchers warn that over 6,500 Kubernetes clusters are at immediate risk if their Ingress NGINX Controller is exposed to the public internet.

    Vulnerability Details and Severity

    The vulnerabilities—CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974—have been collectively named IngressNightmare by cloud security firm Wiz. Each has been assigned a CVSS score of 9.8, making them among the most severe Kubernetes-related security flaws in recent history.

    It is important to note that these vulnerabilities do not impact the NGINX Ingress Controller, a separate implementation used for NGINX and NGINX Plus. However, organizations using the Ingress NGINX Controller should immediately assess their exposure and take remedial action.

    How Attackers Can Exploit These Vulnerabilities

    The core issue lies within the admission controller component of the Ingress NGINX Controller. Exploiting these flaws enables attackers to gain unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster. This could allow threat actors to escalate privileges, exfiltrate sensitive data, or completely take over an affected Kubernetes environment.

    What SOC Teams Need to Know

    Security operations center (SOC) teams must act swiftly to mitigate potential threats stemming from IngressNightmare. Immediate steps include identifying affected instances, ensuring that the Ingress NGINX Controller is not exposed to the public internet, and applying any available security patches. Continuous monitoring for suspicious activity, particularly unauthorized access attempts and privilege escalation behaviors, should be prioritized.

    Organizations relying on Kubernetes should also conduct a thorough audit of role-based access control (RBAC) configurations and implement strict security policies to minimize the risk of lateral movement in case of a breach.

    Recommended Mitigation Steps

    1. Check for exposure – Ensure that the Ingress NGINX Controller is not accessible from the public internet.
    2. Apply patches – Monitor vendor advisories and apply security updates as soon as they become available.
    3. Review access policies – Limit permissions to prevent unauthorized access to sensitive cluster resources.
    4. Enable logging and monitoring – Implement robust logging and threat detection mechanisms to identify potential exploitation attempts.
    5. Conduct security audits – Regularly review Kubernetes security configurations to identify and remediate misconfigurations.

    Organizations that fail to address these vulnerabilities risk severe security breaches, including data theft and full cluster compromise. Immediate action is necessary to protect Kubernetes environments from exploitation.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Netizen: Monday Security Brief (3/24/2024)

    Netizen: Monday Security Brief (3/24/2024)

    Today’s Topics:

    • Coinbase Targeted in GitHub Actions Supply Chain Attack, 218 Repositories Exposed
    • FBI Issues Warning on Malicious Online File Converters
    • How can Netizen help?

    Coinbase Targeted in GitHub Actions Supply Chain Attack, 218 Repositories Exposed

    A sophisticated supply chain attack exploiting the GitHub Action “tj-actions/changed-files” was initially directed at one of Coinbase’s open-source projects before rapidly expanding to impact a broader range of repositories. Security researchers at Palo Alto Networks Unit 42 revealed that the attack aimed to exploit the public CI/CD flow of Coinbase’s agentkit project, likely as a stepping stone for further compromises. However, the attackers were unsuccessful in accessing Coinbase’s secrets or publishing malicious packages under its name.

    The attack was discovered on March 14, 2025, when researchers identified that the compromised GitHub Action had been altered to inject malicious code capable of exfiltrating sensitive secrets from repositories utilizing the workflow. The vulnerability has been designated CVE-2025-30066, carrying a CVSS score of 8.6, indicating a high-severity risk.

    According to security firm Endor Labs, approximately 218 GitHub repositories inadvertently leaked sensitive information due to this compromise. The stolen credentials include DockerHub, npm, and other package management tokens, potentially exposing organizations to further supply chain attacks.

    While Coinbase itself avoided direct exposure of its sensitive assets, the breach demonstrates how open-source repositories and CI/CD pipelines remain attractive attack surfaces for threat actors.

    Organizations relying on GitHub Actions should immediately audit their workflows, rotate exposed credentials, and implement stricter security controls to mitigate future risks.

    FBI Issues Warning on Malicious Online File Converters

    The FBI Denver Field Office has issued a warning about a growing cyber threat involving fake online document converters. Cybercriminals are exploiting these tools to steal personal information and, in some cases, deploy ransomware on victims’ devices.

    The warning follows an increase in reports of malware infections linked to fraudulent file conversion services. These seemingly legitimate websites offer free document conversion, file merging, and download tools, but instead, they serve as a front for malicious activity.

    According to the FBI, cybercriminals operate fraudulent file converter websites that claim to convert files between formats—such as .doc to .pdf—or merge multiple files into a single document. However, when users upload files, these sites either inject malware into the downloaded document or prompt victims to install malicious software under the guise of a converter tool.

    The malware can be used for a range of attacks, including data theft, keylogging, spyware deployment, and ransomware infections. The FBI urges victims of these scams to report any suspicious file converter services and to remain cautious when downloading files from unverified sources.

    How to Protect Yourself

    • Avoid using free, unverified file converters found through search engines.
    • Download software only from trusted sources such as official vendor websites.
    • Use antivirus software and endpoint protection to detect and block malware.
    • Regularly update your operating system and security patches to reduce vulnerabilities.

    The FBI’s warning underscores the importance of cyber hygiene in preventing malware infections. Users should remain skeptical of too-good-to-be-true free online tools and always verify the legitimacy of the websites they use.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • New Windows Zero-Day Exploited by State-Backed Hackers for Over Seven Years—Microsoft Declines to Patch

    New Windows Zero-Day Exploited by State-Backed Hackers for Over Seven Years—Microsoft Declines to Patch

    At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a critical Windows zero-day vulnerability since 2017. The flaw has been used in sophisticated data theft and cyber espionage campaigns, enabling attackers to gain unauthorized access to sensitive information and compromise systems worldwide. Despite the severity of the vulnerability and the scale of its exploitation, Microsoft has declined to issue a patch, claiming that the flaw “does not meet the bar for servicing.”

    Technical Details of the Vulnerability

    The vulnerability, tracked internally by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, was first identified by security researchers Peter Girnus and Aliakbar Zahravi. The flaw is linked to Shell Link (.lnk) files, which Windows uses to create shortcuts. Exploiting this vulnerability allows attackers to execute arbitrary code on the victim’s system, potentially enabling them to install malware, steal sensitive information, and escalate privileges within the network.

    “We discovered nearly a thousand Shell Link samples that exploit ZDI-CAN-25373, but the actual number of exploitation attempts is likely far higher,” Girnus and Zahravi stated in their report. They also confirmed that the vulnerability has been actively exploited in the wild for years, with evidence suggesting that multiple nation-state actors have used it in cyber espionage campaigns.

    Microsoft’s Response

    Despite being presented with detailed proof-of-concept exploits through Trend Micro’s bug bounty program, Microsoft decided not to release a security patch. The company categorized the flaw as not severe enough to warrant a fix under its current servicing criteria.

    “Microsoft tagged it as ‘not meeting the bar for servicing’ in late September and said it wouldn’t release security updates to address it,” the researchers reported. This decision has drawn criticism from the cybersecurity community, as the flaw remains a viable attack vector for state-sponsored actors.

    Potential Impact and Threat Landscape

    The fact that the vulnerability allows remote code execution makes it highly dangerous, especially when used by advanced persistent threat (APT) groups with nation-state backing. Cybersecurity experts warn that this flaw could be leveraged for a wide range of attacks, including intellectual property theft, infrastructure sabotage, and infiltration of government networks.

    The exploitation of ZDI-CAN-25373 highlights the persistent threat posed by zero-day vulnerabilities, particularly when state-sponsored actors are involved. Without a patch from Microsoft, organizations running Windows systems remain exposed to potential attacks, making it essential for security teams to implement compensating controls and enhance monitoring for suspicious activity.

    No CVE Assignment Yet

    Microsoft has yet to assign a CVE-ID to ZDI-CAN-25373, leaving security researchers and system administrators without an official reference point for tracking and mitigating the issue. In the absence of a patch, Trend Micro recommends that organizations tighten security controls around Shell Link files and increase endpoint monitoring to detect signs of exploitation.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Understanding the Transition from CCRI to CORA

    Understanding the Transition from CCRI to CORA

    The Command Cyber Readiness Inspection (CCRI) was a comprehensive cybersecurity evaluation conducted by the United States Department of Defense (DoD). Its primary goal was to assess the cybersecurity posture of DoD Information Networks, with a focus on Command, Mission, Threat, and Vulnerability. By evaluating military commands, installations, and other DoD organizations, the CCRI aimed to safeguard critical data, networks, and assets. The inspection served to ensure that DoD information systems adhered to stringent cybersecurity standards and maintained resilience against potential threats and vulnerabilities.

    In the past, the CCRI focused on identifying weaknesses and vulnerabilities, as well as ensuring compliance with DoD cybersecurity regulations. This included areas such as network security, hardening, configuration management, physical security, and overall information assurance. The goal was to identify gaps in cybersecurity practices, evaluate the organization’s adherence to DoD standards, and improve defenses across critical systems.

    Transition to Cyber Operational Readiness Assessment (CORA)

    As cybersecurity threats evolved and the landscape of the DoD’s information networks became more complex, the CCRI inspection underwent significant changes. To reflect this new approach, the inspection program was rebranded as the Cyber Operational Readiness Assessment (CORA) in March 2024. The shift from a traditional inspection to an operational readiness mission marked a broader evolution in the DoD’s efforts to continuously monitor, assess, and mitigate risks across its information networks.

    The Cyber Operational Readiness Assessment (CORA) program was launched by the Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) after a nine-month pilot. CORA aims to validate current, future, and emerging technologies that help the DoD monitor and secure its cyber terrain, improving overall security and preparedness across the Department of Defense Information Network (DODIN).

    Key Inspection Areas Under CORA

    The core focus of both CCRI and CORA revolves around assessing the cybersecurity and operational readiness of DoD entities. While the program has evolved, the inspection areas remain critical in identifying vulnerabilities and improving the defense posture. These inspection areas include:

    1. Information Assurance (IA) and Cybersecurity: This area evaluates the organization’s cybersecurity practices, ensuring information systems and networks are protected and compliant with DoD cybersecurity policies. It includes an assessment of access controls, network security, vulnerability management, and overall adherence to best practices in cybersecurity.
    2. Computer Network Defense (CND): This area focuses on the organization’s capabilities to defend against cyber threats, attacks, and intrusions. The inspection assesses the organization’s incident response procedures, its ability to detect and mitigate cybersecurity incidents, and overall readiness to handle cyberattacks effectively.
    3. Information Management: This inspection area reviews the organization’s management of sensitive and classified information. It ensures that proper access controls are in place, data is appropriately classified, and systems are in place to prevent unauthorized access or data breaches.

    Frequency of CORA Inspections

    Under the new CORA framework, inspections are no longer scheduled on a fixed timeline. Instead, CORA will implement a risk-based approach to determine the frequency of assessments. This approach will take into account the mission-criticality of the organization, the current cybersecurity threats it faces, and the availability of resources for the assessment teams.

    This risk-based model means that certain high-priority or high-risk organizations may undergo CORA evaluations multiple times a year, while others may not receive an inspection for several years. This is a departure from the traditional CCRI model, where inspections followed a more rigid schedule, typically occurring on an annual, biennial, or ad-hoc basis.

    Scoring Criteria for CORA

    One of the significant changes from the CCRI to CORA is the evolution of the scoring criteria. In the past, the CCRI used a pass/fail system, where a score of 70 or above was considered passing. However, with the introduction of CORA, the assessment criteria have shifted to a data-driven approach, incorporating intelligence and threat data, such as information from the MITRE ATT&CK framework, to evaluate the organization’s susceptibility to current and emerging cyber threats.

    Rather than focusing purely on a numerical score, CORA now emphasizes risk mitigation efforts. Even in the presence of vulnerabilities, organizations that demonstrate progress in mitigating those risks are considered to be making valuable strides in improving their cybersecurity posture. This approach is designed to reflect a more nuanced understanding of cybersecurity resilience and provide a more comprehensive view of an organization’s readiness.

    Conclusion

    The transition from CCRI to CORA represents a significant shift in how the DoD evaluates its cybersecurity readiness. The new approach prioritizes continuous monitoring, risk-based assessments, and a focus on proactive defense strategies. By emphasizing the need to adapt to evolving threats and improving coordination across DoD entities, the Cyber Operational Readiness Assessment (CORA) program aims to strengthen the resilience and security of the Department of Defense’s information networks. As the program continues to evolve, it will play a crucial role in safeguarding the DoD’s critical data and infrastructure against the growing and dynamic landscape of cybersecurity threats.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Understanding C3PAOs in CMMC Compliance

    Understanding C3PAOs in CMMC Compliance

    The Cybersecurity Maturity Model Certification (CMMC) was created to establish a uniform standard for cybersecurity practices, specifically targeting organizations within the Defense Industrial Base (DIB). This model ensures that entities handling sensitive data, including Controlled Unclassified Information (CUI), Critical Technology Information (CTI), Federal Contract Information (FCI), and ITAR data, are able to safeguard such information adequately. To support DoD contractors in their compliance journey, the CMMC Accreditation Body (CMMC-AB) offers various certifications, including C3PAOs (CMMC Third-Party Assessment Organizations).

    In this article, we focus on the role of a C3PAO, a key player in ensuring organizations meet the CMMC standards.

    What Exactly is a C3PAO?

    A CMMC Third-Party Assessment Organization (C3PAO) is a group authorized by the CMMC-AB to perform official assessments of an Organization Seeking Compliance (OSC). Once an OSC enters into a contract with a C3PAO, the latter conducts a thorough evaluation to determine whether the OSC complies with the necessary CMMC level.

    In essence, C3PAOs play a crucial role in helping contractors in the DIB become certified by assessing their alignment with CMMC standards. It’s important to note that C3PAOs focus solely on conducting assessments—they do not provide consulting services, as this would create a conflict of interest. To assist in the pre-assessment phase, organizations often rely on Registered Provider Organizations (RPOs). RPOs offer guidance on compliance, help with policy creation, and ensure that the systems are configured to meet CMMC requirements. However, a C3PAO cannot act as both an RPO and an assessor for the same organization to maintain objectivity.

    For contractors handling FCI or CUI, encountering the DFARS 7021 clause in their contracts is inevitable. As the Department of Defense (DoD) implements CMMC, contractors will be required to undergo these assessments before their contracts are renewed. By 2025, all DoD contracts will contain this clause, making CMMC compliance a key requirement for doing business with the DoD.

    How Does a C3PAO Assessment Work?

    To determine which CMMC level an organization should pursue, contractors must assess their contracts to understand the cybersecurity requirements. Once this is clear, a C3PAO conducts an assessment based on the specific level of compliance required. This includes evaluating domains and practices in line with the desired CMMC level. As of now, C3PAOs are still in the process of being fully authorized to assess OSCs, but once they are, the process will become an integral part of CMMC certification.

    In certain cases, a C3PAO may work under contract with a Certified CMMC Assessor (CCA) to conduct the assessment. If you’re unsure of the level your organization needs to achieve, consulting a C3PAO is the best next step.

    Steps to Become a C3PAO

    Becoming an official C3PAO is a detailed process involving several steps, including:

    • Ownership Requirements: The organization must be 100% US-citizen owned or undergo a Foreign Ownership, Control, or Interest (FOCI) investigation if the company is public, has an Employee Stock Ownership Plan (ESOP), or operates as a global partnership.
    • CMMC Level 3 Compliance: The organization must pass an audit verifying its compliance with CMMC Level 3 standards.
    • Organizational Background Check: The C3PAO is subject to a background check by the CMMC-AB through Dun & Bradstreet. The company must also have a DUNS number and be registered in the CMMC-AB Marketplace.
    • ISO 17020 Certification: The organization must hold an ISO 17020 certification.
    • Insurance and Liability Policies: The C3PAO must carry general liability insurance, including errors and omissions and cybersecurity breach policies.
    • Partnerships: The C3PAO must have a relationship with at least one Registered Practitioner (RP), Certified CMMC Professional (CCP), CMMC Assessor (CCA), or Professional Assessor (PA).
    • Annual Fee: A $3,000 USD annual fee is required to maintain C3PAO certification.

    If the C3PAO uses a Cloud Service Provider (CSP) to handle or store CUI data, it must ensure that the CSP meets FEDRAMP High standards or that any gaps are properly addressed.

    Choosing the Right C3PAO for Your Organization

    Selecting the right C3PAO is crucial to ensuring your compliance journey runs smoothly. A reputable C3PAO will not only guide you through the assessment process but also ensure that your organization meets all necessary cybersecurity requirements as you prepare for CMMC certification.

    Working with a C3PAO is essential for contractors aiming to secure and retain DoD contracts. Without CMMC certification, contractors may lose the ability to bid on or participate in DoD projects. C3PAOs not only verify compliance but also help organizations strengthen their overall cybersecurity posture, ensuring long-term protection of sensitive data and operational integrity.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 








  • RBAC vs ABAC: Choosing the Right Access Control for Your Business

    RBAC vs ABAC: Choosing the Right Access Control for Your Business

    Controlling access to data and systems is essential for maintaining the security and integrity of an organization’s IT infrastructure. Various access control models—such as Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Policy-Based Access Control (PBAC), Access Control Lists (ACL), and Discretionary Access Control (DAC)—offer different methods for managing user permissions. Understanding these models’ strengths and limitations is critical for selecting the most suitable solution for your organization’s security requirements.

    What is RBAC?

    Role-Based Access Control (RBAC) is a widely used access control method that grants or restricts user access based on predefined roles within an organization. In an RBAC system, administrators assign roles to users according to their job responsibilities, which then determine their access to specific resources and data. This structured approach helps enforce the principle of least privilege, ensuring that users have only the access necessary to perform their duties. RBAC can also define how users interact with data, such as assigning read-only or read/write permissions. This helps prevent unauthorized modifications and enhances overall data integrity.

    One of the main advantages of RBAC is its ability to strengthen security by limiting access to only what is necessary for each role. By following the principle of least privilege, RBAC reduces the potential damage from a data breach and limits the exposure of sensitive information. RBAC also simplifies access management, as it allows IT administrators to assign permissions at a role level rather than managing individual user permissions. This reduces administrative overhead and makes it easier to onboard new employees or adjust access when roles change. Additionally, RBAC supports compliance readiness by allowing administrators to quickly generate reports showing who has access to specific data and systems, which helps meet regulatory requirements.

    However, RBAC also has some limitations. Setting up an RBAC system requires a thorough understanding of an organization’s structure and data flows, which can be time-consuming and complex. If the system is not properly maintained, role sprawl can occur, where too many roles are created, leading to administrative confusion and potential security gaps. Despite these challenges, RBAC remains one of the most effective and widely adopted access control models.

    What is ABAC?

    Attribute-Based Access Control (ABAC) goes beyond RBAC by granting access based on user attributes rather than predefined roles. Attributes can include user characteristics such as department, job title, security clearance, location, and device type. When a user attempts to access a resource, the system evaluates whether the user’s attributes meet the access requirements defined by security policies.

    ABAC’s strength lies in its flexibility and granularity. Because access is controlled by dynamic attributes rather than fixed roles, ABAC allows organizations to implement complex access policies tailored to specific situations. For example, a user might be allowed to access a sensitive file only if they are working from a secure corporate network during business hours. ABAC can also accommodate rapidly changing business needs and user contexts without requiring administrators to create or modify roles constantly.

    The benefits of ABAC include increased flexibility and more precise control over data access. It also enhances security by adapting to real-time conditions, such as denying access if a user logs in from an unfamiliar location or device. However, ABAC can be more complex to implement and manage than RBAC due to the need to define and maintain detailed attribute-based policies. Without proper oversight, attribute sprawl—where too many attributes are defined, creating conflicts and inconsistencies—can undermine security and make the system difficult to manage.

    What is PBAC?

    Policy-Based Access Control (PBAC) is closely related to ABAC but focuses on centralizing access decisions based on predefined security policies. In PBAC, access permissions are determined by evaluating policies that define which attributes, roles, and environmental factors allow or restrict access.

    PBAC offers the flexibility of ABAC with the added benefit of a centralized policy framework, making it easier for organizations to enforce consistent access controls across all systems and applications. By defining clear policies, PBAC allows for more automated decision-making and reduces the risk of human error. This model is particularly useful in large enterprises with complex access requirements that span multiple departments and systems. However, like ABAC, PBAC requires careful policy design and ongoing maintenance to avoid conflicts and unintended access.

    What is an ACL?

    Access Control Lists (ACL) provide a more traditional approach to access control by defining which users or system processes can access specific resources and what actions they are allowed to perform. An ACL is essentially a list of permissions attached to an object, such as a file or directory. Each entry in the list specifies a user or group and the types of access allowed (e.g., read, write, execute).

    ACLs are straightforward to implement and effective for managing access to individual files and resources. However, they lack the scalability and flexibility of RBAC and ABAC. Managing large numbers of ACLs across an enterprise can quickly become unmanageable, leading to inconsistent permissions and potential security gaps. ACLs are best suited for small-scale environments or situations where fine-grained control over specific resources is necessary.

    What is DAC?

    Discretionary Access Control (DAC) allows resource owners to define who can access their resources and what level of access they are granted. In a DAC model, the owner of a file or resource determines access permissions for other users. This model provides a high degree of flexibility but relies heavily on user discretion, which can lead to inconsistent security practices and increased risk of insider threats.

    DAC is relatively easy to implement and allows users to share resources quickly. However, it is also prone to misconfiguration and accidental data exposure, especially in large organizations where managing individual permissions becomes impractical. For this reason, DAC is typically used in combination with other access control models to balance flexibility with security.

    RBAC vs. ABAC: Key Differences

    RBAC and ABAC differ primarily in how they define and enforce access controls. RBAC is role-centric, meaning that permissions are assigned based on predefined roles. This makes RBAC simpler to implement and manage but less flexible when dealing with dynamic access requirements. ABAC, on the other hand, is attribute-centric, granting access based on a combination of user, environmental, and resource attributes. This allows for more granular control but requires more complex policy management.

    RBAC is well-suited for organizations with stable, clearly defined roles and responsibilities. It simplifies user provisioning and reduces administrative workload. ABAC is better for dynamic environments where access requirements change frequently and need to account for real-time context, such as location, device type, and user behavior. Combining RBAC and ABAC can provide a balanced approach, leveraging the simplicity of RBAC with the flexibility of ABAC.

    Choosing the Right Access Control Model

    Selecting the right access control model depends on your organization’s size, structure, and security requirements. RBAC is ideal for organizations with well-defined roles and stable access needs. ABAC offers greater flexibility and is better suited for dynamic environments with complex access requirements. PBAC combines the benefits of RBAC and ABAC by centralizing policy enforcement. ACLs and DAC are useful for specific use cases but may not provide the scalability and consistency needed for enterprise-wide security.

    Organizations should evaluate their current access control strategy and consider combining multiple models to achieve the best balance of security, flexibility, and ease of management. Implementing a hybrid approach that leverages RBAC for baseline access control and ABAC or PBAC for dynamic adjustments can provide comprehensive security while simplifying access management.

    Conclusion

    Access control is a cornerstone of any effective cybersecurity strategy. Understanding the differences between RBAC, ABAC, PBAC, ACLs, and DAC allows security teams to implement a tailored approach that meets their organization’s unique needs. While RBAC remains a popular choice due to its simplicity and ease of use, ABAC and PBAC offer more advanced capabilities for managing dynamic access requirements. By carefully evaluating business needs and security risks, organizations can create a robust access control framework that protects sensitive data and ensures regulatory compliance.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Netizen: Monday Security Brief (3/17/2024)

    Netizen: Monday Security Brief (3/17/2024)

    Today’s Topics:

    • Widespread GitHub Phishing Campaign Targets Developers with Fake “Security Alert” Issues
    • Apache Tomcat Vulnerability Actively Exploited Within 30 Hours of Public Disclosure
    • How can Netizen help?

    Widespread GitHub Phishing Campaign Targets Developers with Fake “Security Alert” Issues

    A large-scale phishing campaign has targeted nearly 12,000 GitHub repositories by creating fake “Security Alert” issues designed to trick developers into authorizing a malicious OAuth app. This campaign, which was reported in March 2025, grants attackers full control over compromised GitHub accounts and the associated code repositories.

    The phishing attack begins when a developer receives a “Security Alert” issue within their GitHub repository. The issue warns of an unusual login attempt from a specific location — Reykjavik, Iceland — and from the IP address 53.253.117.8. The message claims that the user’s account has been compromised and urges them to take immediate action, such as:

    • Updating their password
    • Reviewing and managing active sessions
    • Enabling two-factor authentication (2FA)

    To increase the sense of urgency, the phishing message includes a link to an OAuth app authorization page. Once the victim grants permissions to the malicious OAuth app, the attackers gain full access to the GitHub account, including the ability to:

    • Modify or delete code repositories
    • Steal intellectual property
    • Create new repositories or issues
    • Access private and sensitive data
    • Launch further attacks using the compromised account

    Cybersecurity researcher Luc4m first identified the campaign and reported it publicly. The attack appears to be well-coordinated, as the identical phishing message has been distributed across thousands of repositories. The use of OAuth app authorization allows attackers to bypass traditional login protections, including 2FA, as OAuth tokens remain valid even if the user’s password is changed.

    GitHub and security experts have recommended that affected developers take immediate action, including:

    • Revoking OAuth tokens associated with unknown or suspicious apps.
    • Changing account passwords and enabling two-factor authentication.
    • Reviewing authorized OAuth apps and removing any that are unfamiliar or unnecessary.
    • Monitoring repository activity for any unauthorized changes or access.

    GitHub is working to identify and remove the malicious issues and is advising developers to stay vigilant against similar social engineering attempts.

    Apache Tomcat Vulnerability Actively Exploited Within 30 Hours of Public Disclosure

    A newly disclosed security flaw affecting Apache Tomcat has been actively exploited in the wild just 30 hours after the release of a public proof-of-concept (PoC). The vulnerability, tracked as CVE-2025-24813, poses a significant threat as it enables remote code execution (RCE) or information disclosure under specific conditions.

    The vulnerability impacts multiple versions of Apache Tomcat, including:

    • Apache Tomcat 11.0.0-M1 to 11.0.2
    • Apache Tomcat 10.1.0-M1 to 10.1.34
    • Apache Tomcat 9.0.0-M1 to 9.0.98

    This broad version range indicates that many production environments using Apache Tomcat could be exposed to attacks if not promptly patched.

    The vulnerability arises from a misconfiguration involving the handling of HTTP PUT requests and file uploads. Successful exploitation requires a combination of the following conditions:

    • Writes enabled for the default servlet (disabled by default)
    • Support for partial PUT (enabled by default)
    • A target URL for security-sensitive uploads that is a sub-directory of a target URL for public uploads
    • Attacker knowledge of the names of security-sensitive files being uploaded

    If these conditions are met, an attacker could craft a malicious request that bypasses security controls and gains unauthorized access to sensitive files or executes remote code on the target system.

    Remote code execution vulnerabilities in widely used servers like Apache Tomcat are particularly dangerous because they provide attackers with a direct pathway to compromise critical systems. Once exploited, attackers can execute arbitrary commands, escalate privileges, install backdoors, and move laterally across networks. This could lead to data breaches, system disruptions, and potential exposure of sensitive information.

    Apache has released security patches to address CVE-2025-24813. Organizations using vulnerable versions of Apache Tomcat should immediately:

    • Update to the latest patched version of Apache Tomcat.
    • Disable support for HTTP PUT requests unless explicitly needed.
    • Restrict public access to sensitive file upload paths.
    • Implement strict access controls and monitoring to detect any suspicious activity.

    Patching and securing Apache Tomcat environments is critical to minimizing the risk of exploitation and safeguarding sensitive data and systems.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Medusa Ransomware Hits Over 300 Critical Infrastructure Organizations in the U.S.

    Medusa Ransomware Hits Over 300 Critical Infrastructure Organizations in the U.S.

    The Medusa ransomware operation has reportedly impacted over 300 organizations across critical infrastructure sectors in the United States, according to a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The advisory, issued in March 2025, highlights the growing threat posed by Medusa ransomware and urges organizations to strengthen their defenses to mitigate the risk of future attacks.

    Scope and Impact of the Medusa Ransomware Operation

    According to CISA, Medusa ransomware developers and affiliates have targeted a wide range of critical infrastructure sectors, including healthcare, education, legal, insurance, technology, and manufacturing. The advisory confirms that as of February 2025, over 300 victims have been identified, underscoring the widespread and potentially devastating impact of these attacks.

    Medusa ransomware operates using a double-extortion model, where attackers not only encrypt an organization’s data but also exfiltrate it, threatening to publish the stolen information unless a ransom is paid. This tactic increases the pressure on victims, as it exposes them to both operational disruption and data breaches, which can lead to regulatory penalties and reputational damage.

    Mitigation Recommendations from CISA, FBI, and MS-ISAC

    To defend against Medusa ransomware, CISA, the FBI, and MS-ISAC have issued several key recommendations aimed at reducing both the likelihood and impact of an attack:

    1. Patch known vulnerabilities – Ensure that all operating systems, software, and firmware are updated with the latest security patches to close off known entry points for attackers.
    2. Implement network segmentation – Restrict communication between critical and non-critical systems to limit the spread of ransomware.
    3. Enforce least privilege access – Limit user access to only the systems and data necessary for their job functions to reduce potential attack surfaces.
    4. Deploy endpoint detection and response (EDR) tools – Use advanced monitoring tools to detect and respond to suspicious activity in real time.
    5. Maintain offline backups – Regularly back up data and store backups offline to ensure they remain accessible even if the network is compromised.
    6. Conduct regular security training – Educate employees about phishing tactics, social engineering, and safe cyber practices to minimize human error.
    7. Monitor for and block known Medusa infrastructure – Keep an updated list of known malicious IP addresses, domains, and file signatures associated with Medusa ransomware and block them at the network level.

    Strategic Implications for Critical Infrastructure Security

    The success of Medusa attacks reflects a broader trend where ransomware groups target sectors that cannot afford prolonged downtime, thereby increasing the likelihood that victims will pay the ransom.

    The coordinated response from CISA, the FBI, and MS-ISAC highlights the need for a unified defense strategy. Organizations are encouraged to adopt a proactive approach to cybersecurity, combining technical measures with organizational policies to create a multi-layered defense strategy. Additionally, the advisory reinforces the importance of public-private sector collaboration in responding to cyber threats, as shared threat intelligence and coordinated incident response can significantly reduce the impact of large-scale ransomware campaigns.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.