Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing outside attack surface. Netizen’s Security Operations Center (SOC) has compiled four vulnerabilities from November that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2022-42896:
Linux Kernel Memory Leak Leading To RCE via Bluetooth. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. This is a Use-After-Free (UAF) vulnerability that incorrectly uses the dynamic memory of a program by not clearing the memory pointer letting an attacker hack the program. The vulnerability is within the Linux Kernel and lets an attacker use the blue-tooth l2cap_connect and l2cap_le_connect_reqfunctions to execute RCE when within the proximity of a victim. The NIST Attack Complexity score rating for this vulnerability is rated as low.
CVE-2022-44784:
File Inclusion vulnerability in the program Appalti & Contratti version 9.12.2. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. This web platform utilizes several web applications to support the Italian public administration. This vulnerability has a low attack complexity and does not require user interaction. The platform has a set of services which can be manipulated through user input to allow a file inclusion attack. This can then lead to an attacker gaining RCE (Remote Code Execution) on the server.
CVE-2022-26717:
A Use-After-Free (UAF) issue was addressed with improved memory management in tv OS 15.5, watch OS 8.6, iOS 15.5 and iPad OS 15.5, mac OS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. This vulnerability is found in webkitgtk (A port of WebKit which is a web browser engine used by Safari, Mail. App Store and other apps on MacOS, iOS, and Linux). An improper input validation allows an attacker who has network access to gain arbitrary code execution.
CVE-2022-3446:
Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and has a high impact on confidentiality, integrity, and availability. A successful exploitation requires user interaction and a manipulation of input that can lead to a buffer overflow condition which can allow an attacker to gain unauthorized access to a network.
Conclusion:
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Allentown, PA: Netizen Corporation, an ISO 27001:2013, ISO 9001:2015, and CMMI Level 3 certified provider of cybersecurity and related solutions for defense, government and commercial markets, has for the fifth year in a row received a HIRE Vets Platinum Medallion award from the U.S. Department of Labor for the hiring, retention, support and training of military veterans and families. This level of award is given only to select companies demonstrating superior commitments to veteran employment and the military/veteran community. Netizen employs a significant percentage of veterans while providing free training, college scholarships, and paid internships to help veterans and military families obtain careers in high-demand technical fields such as cybersecurity.
The HIRE Vets Medallion program was established under the Honoring Investments in Recruiting and Employing American Military Veterans (HIRE Vets) Act signed into law on May 5, 2017 to recognize employers who hire, retain and support military veterans. The Platinum Medallion is the highest level of award a company can receive for this program and the citation states that “[Netizen] has demonstrated a model of patriotism worthy of praise as well as a recognition of the value veterans bring to the workplace.”
“Netizen is proud to employ a significant portion of military veterans. We acknowledge the diverse array of skills, talents, and backgrounds that this provides us with as a company. Such diversity of thought and experience is truly something that sets us apart while also providing fellow military veterans and families with opportunities for learning and advancement,” said Michael Hawkins, Netizen’s CEO and a U.S. Army veteran.
About Netizen Corporation: Once America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and a top-50 fastest-growing private company overall according to the 2019 and 2020 Inc. 5000 lists of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop products such as the award-winning Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement five years in a row. Learn more at Netizen.net.
POINT OF CONTACT Tristan Boheim Account Executive 1-800-450-1773 press@netizen.net
Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from October that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2021-27855:
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 may allow an attacker with valid credentials to get a login foothold and then leverage administration privilege escalation. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. The older versions of FatPipe may be affected as well. This vulnerability doesn’t require user interaction and the complexity of the attack is considered low. The FatPipe software allows companies to centrally manage their WAN’s (Wide Area Networks).
CVE-2022-23642:
Sourcegraph is a code search and navigation engine for developers. Sourcegraph prior to version 3.37 is vulnerable to RCE (Remote Code Execution) in the `gitserver` service. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. The service works as a git exec proxy and the vulnerability causes a failure to restrict an attacker from calling ‘git config’ that allows an attacker to set the git ‘core.sshCommand’ option to allow a connection. The exploitation depends upon how Sourcegraph is deployed. The attacker may be able to make an HTTP request to the gitserver and exploit it. A POC Is available on GitHub… https://github.com/Altelus1/CVE-2022-23642
CVE-2022-41082:
Microsoft Exchange Server Remote Code Execution Vulnerability. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. This vulnerability allows an attacker to get RCE (Remote Code Execution) when the Exchange Powershell is accessible to an attacker. This vulnerability can be chained together with CVE-2022-41040 in an exploit. This vulnerability doesn’t require user interaction and the complexity of attack is considered low.
CVE-2022-41040:
Microsoft Exchange Server Elevation of Privilege Vulnerability. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. This vulnerability is one of two reported zero-day vulnerabilities that affect Microsoft Exchange Server 2013, 2016 & 2019 and it is an SSRF (Server-Side Request Forgery) vulnerability. This vulnerability can allow an attacker with valid credentials to remotely trigger the vulnerability CVE-2022-41082. But valid credentials are needed to exploit either of these two vulnerabilities.
CVE-2021-3100:
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. After Amazon deployed it’s Log4j patches, this vulnerability which allowed an attacker to escape the container and perform privilege escalation, was discovered.
Conclusion:
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from September that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2022-33891:
Apache Spark Vulnerability. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and has a proof of concept exploit available on GitHub (https://github.com/HuskyHacks/cve-2022-33891 & https://github.com/west-wind/CVE-2022-33891) for a Shell Command Injection. This vulnerability affects Apache Spark < 3.0.3 and earlier, 3.1.1 – 3.1.2, as well as versions 3.2.0 – 3.2.1. The Apache Spark, which is an open-sourced processing system used to handle big data workloads, provides the capability to enable ACL’s (Access Control Lists). If this feature is enabled, an attacker can perform an impersonation attack using whatever username the attacker chooses to use. The attacker may then be able to get to the permission check function to create and execute a Unix Shell command through their input.
CVE-2021-30551:
Google Chrome Zero-Day Vulnerability. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and is known to be exploited in the wild. This affects Google Chrome version prior to 91.0.4472.101 on Windows, Mac, and Linux operating systems. The vulnerability will allow an attacker to craft a` special HTML page that could cause a heap corruption (A mishandling of memory in software) such as a Buffer Overflow and allow RCE to gain control of a system.
CVE-2022-35823:
Microsoft SharePoint Remote Code Execution Vulnerability. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and has been reported as exploited in wild. The Microsoft products that are affected are SharePoint Enterprise Server, SharePoint Server, SharePoint Server Subscription Edition and SharePoint Foundation. The attack complexity is rated low and has a high affect on confidentiality & Integrity. This vulnerability can allow an attacker to perform RCE (Remote Code Execution) to run specially created code on chosen business systems which will allow an attacker to get sensitive business information.
CVE-2022-22026:
Windows CSRSS (Client Server Run-Time Subsystem) Elevation of Privilege Vulnerability. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. It is reported that an unknown function of the CSRSS component doesn’t adequately check privileges which can give unintended control to the attacker. The attack complexity is rated low and has a high effect on confidentiality & Integrity.
CVE-2021-44224:
Apache HTTP Server Vulnerability. This vulnerability has a NIST CVSSv3 base score rating of 8.2/10 and affects HTTP Server versions 2.4.7 – 2.4.51. A specially crafted URI (Uniform Resource Identifier) sent to the server as a forward proxy can cause a crash or allow an SSRF (Server-Side Request Forgery) which gives an attacker the ability to access or modify resources. There is the potential for DOS (Denial of Service) or data confidentiality compromise.
Conclusion:
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
U.S Congressmen Introduce New Changes to Include Cryptocurenecy in 2015 Bill
American Airlines Breached in Cyber Incident
How can Netizen help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors and come in many different forms. In this instance, we see not a phishing scam, but a SMSishing scam targeting two different groups. One text appears to be a notification that we have new funds available in our account, while the other is asking us to confirm whether or not we sent $569.89 to a person using Zelle. Both of these scams rely on similar principles to get a response out of their target.
Here’s how we know not to click on either of these links:
The first red flags in these texts are the senders’ addresses. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In this case, neither message comes from a number or address we are familiar with and have in our contacts. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
The second warning signs in these texts are the messaging. Each text tries to elicit a response by using urgent financial information as the key. One instance refers to new funds being made available to our account, the other a notification that we may have sent money to a random person. SMSishing scams commonly use words and tactics similar to phishing scams to elicit an immediate response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
The final warning sign for these texts are the malicious links and attachments on each message. The first message contains both an attachment and link that we can’t verify are safe to open, while the second text offers us two different numbers to call/text to remedy this issue. Always be on the lookout for suspicious attachments, links, and numbers scammers may look to trick you with.
General Recommendations:
A phishing email and smsishing scam will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
U.S Congressmen Introduce New Changes to Include Cryptocurenecy in 2015 Bill
United States Senators Marsha Blackburn and Cynthia Lummis have introduced changes to the Cybersecurity Information Sharing Act of 2015 bill that would permit “voluntary information sharing of cyber threat indicators among cryptocurrency companies.” This change would directly tie in one of the most unregulated industries with the federal government allowing never before seen levels of oversight in cryptocurrencies. Crypto firms would now be able to report breaches, cyber incidents, and other suspicious activity to U.S government branches like CISA for immediate assistance in remediating these issues.
Senator Blackburn had this to add regarding her proposed changes “Some bad actors have used cryptocurrency as a way to hide their illegal practices and avoid accountability,” leading many to believe these changes will also shine a light on cryptocurrency being used in cyber-crimes. “The Cryptocurrency Cybersecurity Information Sharing Act will update existing regulations to address this misuse directly. It will provide a voluntary mechanism for crypto companies to report bad actors and protect cryptocurrency from dangerous practices.” Allowing crypto firms to report bad actors to government authorities directly will immediately throw a wrench into the plans of extortionists worldwide.
Many criminals hailed cryptocurrency as the preferred monetary demand in most hacks/breaches. The anonymity that cryptocurrencies provide is perfect for ransomware groups who look to cover their tracks while they remain on the run. This proposed change would remove one of the principles cryptocurrencies were developed for and signal a complete shift in untraceable payments. Law enforcement agencies would work hand in hand with crypto firms to hunt down cyber criminals as they transfer or withdraw ransoms from their accounts.
Lummis and Blackburn both noted the rampant unregulated nature that cryptocurrency firms have operated within for the past few years as a critical reason for these changes. Having a dialogue around information-sharing practices between crypto firms and government agencies may further legitimize crypto as a payment method moving forward. However, cryptocurrencies were founded with security and anonymity in mind. How will this change impact the public perception of crypto if the founders of these payments are so quick to cooperate with law enforcement agencies?
American Airlines is sounding the alarms for a handful of its customers to a data breach, where an “unauthorized threat actor” accessed names, birthdays, mailing and email addresses, phone, driver’s license and passport numbers, and even medical information by compromising an employee’s email addresses. According to American, the airline uncovered the breach in July and immediately retained the services of a third-party cybersecurity firm to assist with the triage from the incident. However, American Airlines disclosing this breach in September has left many patrons wondering why it took so long to raise the alarm.
American spokesman Curtis Blessing had this to add when questioned about the incident “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts.”
Many in the information security community have questioned if American is downplaying this breach. Reports from inside the airline show that the threat actor was able to compromise the O365 accounts of numerous American employees and remained undetected for a period. During this time, they sent out multiple phishing emails posing as a legitimate representative of American Airlines and gained access to countless sensitive files within American’s SharePoint server.
American was quick to downplay the incident with Andrea Koos, Senior Manager for Corporate Communications at American Airlines, stating that a “very small number” of customers were affected by this breach. However, in a regulatory filing with the Office of the Attorney General of Maine, American claimed the breach impacted 1,708 customers and employees. To remedy this breach, American has offered all affected parties a two-year subscription to Experian’s IdentityWorks identity fraud protection suite. This breach follows a different cyber incident that occurred in March 2021 against SITA, a global air information firm where hackers breached the servers and gained access to Passenger Service System (PSS) used by multiple airlines, including American.
For more information, check out the rest of the article here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing outside attack surface. Netizen’s Security Operations Center (SOC) has compiled eight vulnerabilities from August that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2022-33636 & CVE-2022-22021:
Microsoft’s Edge Chromium based Browser vulnerability. The NIST CVSSv3 base score is a rating of 8.3/10 and is a RCE (Remote Code Execution) vulnerability. In order to exploit this vulnerability, an attacker must create a race condition which is a common problem with multithreaded applications. A race condition occurs when two processes or threads of a computer program try to access the same resource at the same time and can allow an attacker to have access to secure areas. This can lead to an escape from a browser’s sandbox, which is a physical isolation of the user’s internet activity and their computer. Although the severity is rated high, the amount of user interaction needed causes the severity to be downgraded. An attacker needs to design a website that will exploit the Microsoft Edge vulnerability and trick a user into viewing the attacker’s website. This would require some form of social engineering to take place such as email phishing.
CVE-2021-42321:
Microsoft Exchange Server Vulnerability. The NIST CVSSv3 base score is a rating of 8.3/10 and is an RCE (Remote Code Execution) vulnerability. There is a Metasploit module that can allow the execution of an exploit payload on the following Exchange Servers: 2019 CUIO before Security Update 3, the 2019 CU11 before Security Update 2, the 2016 CU21 before Security Update 3 as well as 2016 CU22 before Security Update 2. In order to exploit this vulnerability, the attacker has to authenticate. The vulnerability exists with the ChainedSerializationBinder (Used to ensure that types specified in the serialized data are valid to prevent the deserialization of dangerous types which are malicious). There is a typo within the ChainedSerializationBinder deny list so that if an entry is typed as System.Security.ClaimsPrincipal instead of System.Security.Claims.ClaimsPrincipal, an attacker can use this vulnerability to bypass the ChainedSerializationBinder deserialization deny list and execute code as NT AUTHORITY/SYSTEM or Root User.
CVE-2022-23277:
Microsoft Exchange Server Vulnerability. The NIST CVSSv3 base score is a rating of 8.8/10 and is a RCE (Remote Code Execution) vulnerability. This vulnerability is similar to CVE-2021-42321, but for Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 before MAR22SU, it also requires authentication in order to exploit the vulnerability.
CVE-2021-1585:
Cisco (ASDM) Adaptive Security Device Manager/Launcher Vulnerability. The NIST CVSSv3 base score is a rating of 8.3/10 & CISCO gives a CVSSv3 score of 7.5. The ASDM allows you to manage the Cisco Secure Firewall. The vulnerability could allow RCE (Remote Code Execution by an unauthenticated attacker on a user’s OS. The vulnerability is because of improper signature verification of code exchanged between the ASDM and the Launcher. An attacker can use this vulnerability through a MITM (Man in the Middle) attack where there is an interception between the ASDM, the Launcher, and malicious code that is injected. In order to be able to leverage this vulnerability, the attacker needs to do some social engineering to get a user to begin communication between the Launcher and the ASDM. There are two types of reverse payloads that could be used to get RCE: jjs.exe based (A JavaScript engine that is shipped with Java that executes in memory and can give you a command prompt on the workstation) or Longtime Sunshine (Post exploitation framework) based. It has been reported by Cisco that this issue was fixed in ASDM 7.18.1.150, but Rapid7 has informed Cisco that the issue was, in fact, not fixed. Cisco retracted ASDM 7.18.1.150 and attempted to fix the issue 7.18.1.152. However, it has been reported that the issue remains exploitable as long as the user clicks through a pop-up.
CVE-2022-37401 & CVE-2022-37400:
Apache OpenOffice vulnerability. The NIST CVSSv3 base score is a rating of 8.8/10. The vulnerability affects Apache OpenOffice version before 4.1.13. Similar to some web browsers, the Apache OpenOffice allows the user to store web connection passwords in a user’s configuration database. These stored passwords are encrypted, and there is a user master key to access the passwords. The vulnerability is in a poorly encoded master key which causes a weakening of the randomness from 128 to 43 bits. This makes the passwords that are stored vulnerable to a brute force attack if the attack has access to the user’s configuration database file.
CVE-2022-35794:
Windows Secure Socket Tunneling Protocol (SSTP) Vulnerability. The NIST CVSSv3 base score is a rating of 8.1/10 and is an RCE (Remote Code Execution) vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767. In order to successfully exploit this vulnerability, an attacker must create a race condition which is a common problem with multithreaded applications. A race condition occurs when two processes or threads of a computer program try to access the same resource at the same time and can allow an attacker to have access to secure areas. This vulnerability could allow an unauthenticated attacker to send a specially worded connection request to a Remote Access Server and get RCE on the Remote Access Server.
Conclusion:
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Whistleblower Comes Forward Alleging Major CybersecurityIssues at Twitter
U.S FBI and CISA Issue Alert for Zeppelin Ransomware
How can Netizen help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that ADT Monitoring wants to give us a $100 Visa Reward Card. We are then prompted to “start the confirmation process below” and follow the link below to receive our bonus. This email contains a note with an enticing offer for a free $100 reward card, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.
Take a look below:
The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
The second warning sign in this email is the “FINAL MESSAGE” notice in the main message. Phishing scams commonly use words like this to elicit a quick response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
The final warning sign for this email is the $100 bonus ADT Visa Reward Cart. Threat actors use monetary incentives to entice unsuspecting consumers with phishing tricks. Always be on the lookout for offers that look too good to be true.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
Whistleblower Comes Forward Alleging Major CybersecurityIssues at Twitter
Earlier this week, the tech community was shocked as a whistleblower complaint was filed against social media giant Twitter. The complaint filed by Peiter “Mudge” Zatko alleges Twitter has violated multiple SEC and FTC regulations in addition to egregious mishandling of user information and lax security practices.
Zatko, a former DARPA program manager, and freelance hacker, previously served as the head of security for Twitter before departing the company in January 2022. Before joining Twitter in 2020, Zatko was a well-renowned security researcher and prolific hacker credited with pioneering buffer overflow work and contributing heavily to advancements in code injection, exploitation of embedded systems, and many other security facets.
Six months after his departure from Twitter, Zatko filed an 84-page whistleblower complaint with Congress alleging the communications firm he previously worked for was ridden with security and privacy issues, in addition to lying to federal regulators and the federal government. The complaint also alleges that Twitter does not prioritize removing spam/bot accounts from their community like their CEO previously claimed, does not actively monitor for insider threats from employees or external contractors, and suffered 20 security breaches in 2020 alone, which should have called for weekly security reports to a government regulator, and that over half of Twitter’s employees are given overarching access to user data and systems they don’t need access to.
The last claim made by Zatko is the most alarming to many in the information security community. In 2020, Twitter suffered a security incident that saw the accounts of hundreds of celebrities and politicians compromised, with threat actors posting links to their bitcoin wallets offering free payments to unsuspecting Twitter users. Experts believe this breach was initiated via social engineering practices that targeted Twitter employees. Once the threat actors gained access to employee accounts, they could pivot across the internal network with relatively little resistance since the account they acquired was highly privileged and shouldn’t have been.
Cases like this are why many security professionals believe organizations everywhere must adapt toward a least privileged security model. This principle dictates that employees should only have access to materials and systems that are necessary for their daily job functions and nothing more. It may be inconvenient for the employee to go up the ladder to a superior for higher access, but it will stop unnecessary privileges from being granted to too many employees, therefore, reducing the overall attack surface of the organization.
U.S FBI and CISA Issue Alert for Zeppelin Ransomware
The Cybersecurity and Infrastructure Security Agency (CISA) has released a notice for all organizations to be on the lookout for a resurgence in Zeppelin ransomware. Zeppelin is a spinoff of the Delphi-based Vega malware family and operates as a ransomware as a service (RaaS). This family emerged in 2019 after growing in popularity on Russian-backed hacker markets. Zeppelin grew in notoriety after targeting multiple U.S tech and healthcare organizations, demanding exorbitant ransoms after encrypting their environments.
Threat actors deploying this ransomware frequently target remote desktop protocols (RDP) and SonicWall firewall vulnerabilities in conjunction with phishing campaigns to breach their target networks initially. After the initial compromise, the threat actors then stealthily map the organizations to find where their main data troves and backups reside. Following this, culprits then deploy the Zeppelin ransomware through a PowerShell loader and begin encrypting the entire network.
Once the breach and initial encryption occur, threat actors leave a detailed note on the amount of ransom to be paid and where to send the money. Typical ransom amounts for this RaaS range anywhere from a couple of thousand dollars for smaller organizations to millions in bitcoin for enterprise-grade firms. Researchers have also noticed that in recent campaigns, Zeppelin actors have begun encrypting files multiple times to increase the complexity of their attacks and reduce the chances of decrypting the files without numerous sets of keys.
CISA joined with The FBI to release this joint statement on ransomware gangs “The FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities”.
To combat the rise in ransomware, organizations worldwide are being advised to implement multi-factor authentication (MFA) immediately, implement a least-privileged access policy, and increase their password security requirements. Firms must strengthen their information security policies to defend against ransomware gangs and the rise of RaaS.
For more information, check out the rest of the article here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from July that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2022-30222:
CVE-2022-30222 has been given a CVSSv3 score of 8.4/10. This Windows Shell Remote Code Execution Vulnerability allows an unauthenticated threat actor to execute code on an affected system by interacting with the login screen with a specific input. This vulnerability is especially worrisome since attackers targeting this CVE require no user involvement and have little complexity to their attack parameters. Prioritize patching this vulnerability immediately if you use RDP in your environment. For more on this vulnerability, check out this link.
CVE-2022-24545:
CVE-2022-24545 has been given a CVSSv3 score of 5.1/10. This vulnerability actively exploits a Remote Code Execution vulnerability affecting Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022. The vulnerability itself stems from having enabled the registry key “DisableRestrictedAdmin.” Currently, no patch exists, the safest course of action is to, securely enable Remote Desktop Connection. For more on this vulnerability, check out this link.
CVE-2022-30216:
CVE-2022-30216 has been given a CVSSv3 score of 8.8/10. This vulnerability is a low complexity Windows Server service tampering vulnerability. An authenticated attacker could use this CVE to upload a certificate to the service server. Microsoft has identified this issue as a major one that needs to be patched immediately, given the low complexity and minimal credentials required to activate that exploit. If an attacker was able to a certificate on the target server, the attacker could then pivot and perform remote code execution on the desired targets. For more on this vulnerability, check out this link.
CVE-2022-25762
CVE-2022-25762 has been given a CVSSv3 score of 8.6/10. This vulnerability affects Apache Tomcat versions 9.0.0.M1 to 9.0.2o and 8.5.0 to 8.5.75. A remote attacker can potentially utilize this CVE to compromise the data confidentiality, integrity, and availability of the affected system. “If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.” For more on this vulnerability, check out this link.
Google Chrome Vulnerabilities:
Google disclosed five high threat level vulnerabilities in July, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479, CVE-2022-2480, and CVE-2022-2481. If successfully exploited, one of the most severe of these vulnerabilities could allow for arbitrary code execution via a logged-on user. If the user’s privileges are high enough, a threat actor could create new accounts with full user rights, install programs, view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Affected users are being urged to update Chrome to the newest version immediately. For more on these vulnerabilities, check out this link.
Conclusion:
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
T-Mobile Agrees to $500 million in 2021 Data Breach Settlement
Idaho Universities helping fill Cyber Workforce Gap
How can Netizen help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that Louis Vuitton is offering a 90% off Limited-Time Offer. We are then prompted to “shop now” and follow the link below to the store. This email contains a note about with an enticing offer for discounted luxury merchandise, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.
Take a look below:
The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
The second warning sign in this email is the “Limited-Time Offer” notice below the main message. Phishing scams commonly use words like this to elicit a quick response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
The final warning sign for this email is the large red “Shop Now” call to action. Threat actors use call-to-action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the target’s system with malware or other software with the intention of stealing information or further extortion.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
T-Mobile Agrees to $500 million in 2021 Data Breach Settlement
.
Almost a year ago, telecommunications giant T-Mobile suffered another data breach. The company, which is no stranger to sub-par data security parameters and cybersecurity incidents, admitted to a data breach in August last year that saw PPI of over 76 million U.S residents scattered across the Dark Web. In this breach, hackers were able to retrieve the names, social security numbers, drives licenses numbers, physical addresses, and more from each of the affected individuals. Unfortunately for T-Mobile, this breach will end up costing them a lot more than just the reputation damage.
On Monday, reports began circulating that T-Mobile had reached a settlement agreement for the 2021 data breach. In fillings submitted to a federal district court in Missouri, T-Mobile has agreed to pay out $350 million to class action lawsuit claims stemming from the breach last year. T-Mobile has also agreed to invest over $150 million in the next two years to increase its data security practices and upgrade related technology.
If approved by the court, this settlement will resolve virtually all the claims brought against the mobile carrier by former, current, and prospective customers after the August 2021 data breach. This settlement will also safeguard T-Mobile from admitting any guilt or wrongdoing in this matter, with this civil agreement expected to be the last formal mention of last year’s cybersecurity incident.
Overall, information security experts worldwide are eager to see if any of the proposed $150 million investment in data security will materialize into actual defense upgrades. T-Mobile has a history of making grandiose claims following incidents similar to this, with four separate significant cybersecurity intrusions occurring at the organization in the four years.
Idaho Universities helping fill Cyber Workforce Gap
Ransomware attacks and cybersecurity incidents have surged all across the country. Businesses of all shapes and sizes are being targeted at unprecedented rates. Before, larger, enterprise-grade companies were the main focus of threat actors, but the rise of ransomware attacks has brought smaller organizations into the mayhem. This increase in attacks has shown that every organization needs a plan to secure its information and bolster its cyber defenses. However, investing in outside information security firms or creating an in-house cybersecurity position can be costly for many businesses.
The problem mentioned above is where the Boise State University’s Institute for Pervasive Cybersecurity comes to the rescue. Students inside this program are paired with rural businesses and municipalities in Idaho and gain real-world experience on the frontlines of cybersecurity. Marlin Roberts, who manages the program, believes, “The days of being safe simply because you were small and unimportant are gone. The cybercriminals are interested in just about anything. The advent of ransomware has made it lucrative to go ahead and steal data to basically extort money from these entities.”
Luckily for businesses in Idaho, students at the Institute for Pervasive Cybersecurity have come to the rescue at the perfect moment. A CyberSeek report showcased that there are over 5,000 cybersecurity job openings in the state of Idaho, with over 3,500 of them in the Boise metro area. Companies that haven’t been able to fill these roles or that don’t have the funding for these positions can seek outside help through Boise State University’s program. This opportunity has been further expanded through additional funding via the Idaho Workforce Development Council. Earlier this month, Boise State University was awarded an $806,000 grant to double the number of students training in their CyberDome defense program.
Executive Director of the Council, Wendi Secrist, added, “One of the things the council is really interested in and focused on is, ‘How do we better integrate work-based learning into all forms of education?” This additional funding will further expand the program to assist more small businesses throughout Idaho and grant valuable experience to the students tasked with protecting these companies. Employers have repeatedly echoed that cybersecurity job seekers need real-world expertise when applying for positions. Certificates and grades are outstanding on a resume, but few IT managers and CISOs feel comfortable handing over the keys to their IT infrastructure to someone without practical experience.
Marlin Roberts believes that the additional funding to Boise State University’s program will expand the roles and responsibilities students in the CyberDome are able to learn. “It’s a winning combination,” said Roberts.
For more information, check out the rest of the article here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Ever received an email telling you that you just won a brand-new car? What about a robocall saying your car’s extended warranty is about to expire? Or maybe you’ve seen a more elaborate ploy where someone included personal details such as your phone carrier and device model in an attempt to get you a free upgrade for your phone. All these ploys are phishing attempts where an unknown threat actor tries to solicit personal or financial information from their target. In 2020 the U.S. FBI reported that phishing attacks were the most reported form of cyber-attack, with the FBI’s Internet Crime Complaint Center reporting twice as many phishing attacks than other forms of cyber incidents. Let’s check out all the ways cybercriminals will try to lure you in with tricky phishing attempts:
Business Email Compromise (BEC):
Business Email Compromises, or BEC for short, is often the most seen phishing attempt in modern corporations. This strategy usually involves the threat actor spoofing an email of a finance or human resources coworker to create a false sense of legitimacy. They then send out targeted emails to other individuals in the company to collect sensitive information they will later use to expand their access or, if damaging enough, blackmail the company with the information they have already collected internally. The best way for employees to fight this phishing attempt is to be hyper-vigilant when checking their emails. If something looks off, report it immediately to your IT administrator.
Vishing:
Vishing, also commonly known as Voice Phishing, is a method where an outside threat actor will call their target over the phone and attempt to extract personal or financial information immediately. Hackers will commonly use social engineering during this method to trick their targets into providing information they weren’t aware was classified. An example would be a target receiving a call from their IT department saying their account was temporarily disabled for security reasons and they need their PIN to restore access. To spot this fraudulent attempt, monitor the caller ID for users attempting to contact you. Frequently, outside threat actors won’t be able to mirror a legitimate number you are used to receiving calls from, so the number will be completely foreign.
Smishing:
Smishing is a phishing method entirely reliant on mobile SMS communications. In this case, an outside threat actor will send a text message to their target with a malicious link embedded in their message or look to extract valuable, sensitive information. These attacks will often include click-bait taglines such as WARNING, You have been selected, or Congratulations you just won to elicit an immediate response from their targets. To protect yourself from this type of phishing attempt, don’t respond to unknown numbers that text your device; if the offer looks too good to be true, chances are it’s a scam.
Spear Phishing:
Spear Phishing is a phishing attempt where threat actors will target a specific individual or group of people within an organization. Typically, they will already have personal information for this individual or group and use it to their advantage and craft a specially designed message that immediately grabs the target’s attention. A great example of spear phishing is an attacker targeting a group of employees by impersonating pay software they are used to receiving their salaries from. In this message, a threat actor would use the details they’ve already gathered to create legitimacy in the message to their target. A great way to spot spear phishing attempts is to carefully check the sender address of any suspicious emails you may receive. Additionally, find ways to verify the message, whether calling or visiting the sender directly.
Whaling:
Whaling is very similar to spear phishing, except it primarily focuses on the top individuals in an organization, think C-Suite individuals. These phishing attempts will often consist of messages from top-level employees like a COO or CFO directing their subordinates to fill out a survey or submit their information for HR. Attempts like this are highly-effective since most people find it difficult to confront their superiors about suspicious messages and usually do as they are told. To defend against this type of phishing attempt, always verify the message in person or over the phone with your supervisor. Executives would much rather deal with an overly cautious employee than one who unsuspectingly submits personal information to an outside threat actor.
Conclusion:
In conclusion, phishing attempts have skyrocketed in companies worldwide. They require only minor slip-ups and can be detrimental to an organization’s security. Threat actors have increased their efforts with these attempts since they require hardly any technical prowess to pull off. Remember, a safe rule of thumb is to always check with your IT administrators if you think a message looks suspicious. Vigilance is vital when fighting phishing attempts.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Netizen Blog and News 
You must be logged in to post a comment.