Arctic Security
@ArcticSecurity
Followers
388
Following
40
Media
68
Statuses
157
Arctic Security is a change agent – a cybersecurity disruptor – with one mission: to help you defend your assets with cyber threat intelligence.
Oulu, Suomi
Joined November 2017
Recently, @larihuttunen published a write-up on #VMware #hypervisor #vulnerabilities and how vulnerability management alone is not a solution to this #PublicExposure. @LabsSentinel, added urgency to this issue by observing hypervisors held for ransom. https://t.co/nWRTH5r9Bs
0
0
2
Digital markets act and cybersecurity
arcticsecurity.com
Digital Markets Act will diversify mobile app stores, a change that brings cybersecurity implications with it. We should approach it with security in mind.
0
1
2
Even a perfect storm comes with warnings
arcticsecurity.com
Multiple cybersecurity problems coinciding can amplify each other. Early warning provides the necessary lead time for companies and society to prepare.
0
0
0
Regardless of what you think of the concept of a #cryptocurrency, we think systemic theft is a #cybercrime. On this #PatchTuesday, @bweintraub34 examines "Theft-as-a-Service on #Ethereum" in his guest blog post on Public Exposure. https://t.co/usPBfy2k1C
2
17
225
Running a #LAMP server used to be what the cool kids did. Nowadays, cold LAMPin' #IT ain't cutting it no more. Check out the latest write-up by @larihuttunen. https://t.co/puwPmpmbZy
2
0
12
It's #PatchTuesday again and Juhani "Jussi" Eronen from @CERTFI concludes his series of three write-ups on attack surface management with an important topic: "How to Identify Attack Surface that Must be Addressed". Read the full story at Public Exposure: https://t.co/8IgLsA00sQ
1
0
2
The #OpenSSL project has given early warning on a critical #zeroday #vulnerability affecting OpenSSL versions 3.0.0 - 3.0.6. Arctic EWS will help you identify your vulnerable servers today. https://t.co/TdezrGUphG
0
1
0
Yesterday, it was Patch Tuesday again and Public Exposure published a new write-up. Enjoy! #CyberSecurityMonth
https://t.co/H8NT8Fxc8o
0
0
1
Using environmental protection laws to require cybersecurity controls may be the way to go.
arcticsecurity.com
The prevalence of management interfaces open to the internet exposes companies to unexpected types of damage from cybersecurity threats.
0
0
1
Read the whole story on Public Exposure by @larihuttunen. https://t.co/TzuPENa8VG END OF 🧵
public-exposure.inform.social
[nominal] The opening of a subject to widespread discussion and debate.
0
0
1
To sum up, we will definitely start covering more web application frameworks, since they can give our customers a lot of additional insights into the state of their security posture in general. 14/
1
0
1
Looking at the hosts with vulnerable jQuery components on them in further detail, painted a picture of a broader set of problems. In that sense jQuery turned out to be a great "canary in the coal mine". 13/
1
0
1
Looking at the HTML titles, we got a sense of the types of vulnerable applications out there. - online banking sites - cloud infrastructure management interfaces - SSL VPN servers - firewall administration applications - authentication pages with login in the title 12/
1
0
1
Approximately 21% are EOL which raises our eyebrows even further. 11/
1
0
1
Approximately 26% of all the publicly reachable Jquery UI web applications contain a version of Jquery which is vulnerable to CVE-2020-11022. 10/
1
0
2
In addition to being vulnerable, jQuery versions 1.x and 2.x are EOL, i.e. no longer supported. 8/
1
0
1
Since jQuery UI depends on jQuery, vulnerabilities in a dependency highlight the nature of these vulnerabilities in general. 7/
1
0
1
For the study to be representative, we defined cpe:/a:jquery/jquery_ui as our subject group, which in total gives us a population of roughly 1.9 million IPs. 6/
1
0
1