Vulnerability Management

Response to CISA Advisory (AA23-347A): Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.

CISA and NSA’s Top 10 Control Misconfigurations? Use BAS and MITRE ATT&CK to Defend Against Them

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released their top 10 list of common cybersecurity misconfigurations. Some of these include your standard slew of don’t use default software settings, don’t make weak passwords, and don’t practice poor MFA hygiene. No surprise there for most security teams, but apparently, it’s common enough that they all made the top 10 list of things people do anyway.