Resources

March 29, 2022 SonicWall Patches a Critical SonicOS RCE Vulnerability SonicWall has released a security advisory addressing a critical vulnerability in SonicOS which may lead to an unauthenticated remote code execution in a wide range of SonicWall firewall products. The Vulnerability CVE-2022-22274 (CVSS 3.0: 9.4, Critical) – A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated…

March 23, 2022 ‘Okta’ Data Breach – 23/03 Update ‘Okta’ has published an updated statement regarding the incident. The statements are updated frequently and can be found on ‘Okta’s official blog. Meanwhile, Microsoft – who has also fallen victim to ‘LAPSUS$’s attacks – has addressed the recent spike in cybersecurity incidents caused by the threat group…

March 16, 2022 Apple has patched 3 remote code execution vulnerabilities in the ‘WebKit’ component, affecting macOS Monterey prior to version 12.3. Overall, Apple has patched 87 vulnerabilities over multiple products. The full updated products list can be found on the Apple security updates page. The RCE Vulnerabilities All RCE vulnerabilities are in the ‘WebKit’ component, one…

March 10, 2022  Microsoft Patches 3 Zero-Days & 3 Critical RCE vulnerabilities As part of the monthly security rollup updates, Microsoft has patched 3 Zero-Days, one being actively exploited in the wild, and 3 Critical-Rated Microsoft Security vulnerabilities.  In total, Microsoft has patched 71 vulnerabilities, not including 21 Microsoft Edge vulnerabilities.  The Vulnerabilities: The Zero-Day…

February 16, 2022  Google has released an emergency update, addressing an exploited in the wild zero-day vulnerability in Chrome. No further details were released regarding the vulnerability except that it is a ‘use after free’ bug in the animation component, a type of vulnerability that typically leads to remote code execution on affected systems.  The…

Building a SOC is no small feat. A company should be ready to invest extensive resources into the technology and personnel needed to get a SOC up and running, plan long-term to maintain and optimize tools and systems, and provide regular training for SOC analysts. Before you embark down this path, we recommend learning what it really takes to build and maintain a SOC.