Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

The Hacker News reported on important patch released by Cisco.

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system.

Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.

Read further on The Hacker News

Goodfirms Publishes Interview with Trilight CEO

The, a renowned B2B service suppliers reviews service has chosen Trilight Security CEO for the interview.

Goodfirms: Please introduce your company and give a brief about your role within the organization.

Trilight CEO: We are Trilight Security, a cybersecurity services provider. Basically, we are the MSSP and provide managed security service to our SMB customers and larger enterprises. I’m one of the co-founders of the company and currently perform CEO duties...

Read further on the

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

The Hacker News describes he way how the Microsoft flaw is being utilized by hackers.

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines.

"[T]he stealer is a PowerShell script, short with powerful collection capabilities — in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment," SafeBreach Labs researcher Tomer Bar said in a report published Wednesday.

Read more on The Hacker News

Navigating The Threat Landscape 2021 – From Ransomware to Botnets

The Hacker News studies Global Threat Landscape Report which indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021.

When new threats emerge, attackers take advantage of them – however, most businesses are only aware of the current threats. Organizations struggle to address these threats due to their resource sophistication and their lack of understanding of evolving threat landscapes. For these reasons, organizations need visibility on the advanced threats especially targeting their infrastructure. This article will outline the evolution in the cyber threat landscape 2021.

Read further on The Hacker News

Trilight Security Featured as One of the Most Reviewed IT Services Companies in Estonia

This year marks an important milestone for Trilight Security as we are celebrating our first year in the IT industry! Over the past year, we’ve been working with small and mid-market businesses across industries such as financial services, information technology, business services, and more.

The Manifest recognized our efforts and named us a Most Reviewed IT Services Company in Estonia! This award is due to the numerous positive reviews we’ve received so far.

Our journey began in Tallinn, Estonia when Trilight Security was founded with the mission of providing world-class cybersecurity services. Since then, we’ve worked with various clients in Europe and beyond.

Our collaboration with organizations from aerospace industry demonstrates the scale and impact of our work. We partnered with the Ukrainian-based aerospace agency in 2020, and we conducted tests on their IT infrastructure. We simulated attacks and identified vulnerabilities in their system. Our work allowed the client to meet their country’s IT requirements. They praised our superb knowledge throughout the process.

Positive feedback from such customers led the Manifest to include us on their list of Most Reviewed IT Services Companies in Estonia for 2021! 

The Manifest is a B2B resource guide that analyzes and compiles industry data. Their website features leading companies to allow entrepreneurs and business managers to connect with the perfect agencies for their needs. 

We’re proud to receive this award from the Manifest. This recognition speaks to our expertise as an IT agency, and it affirms our dedication to our clients. Being recognized as an industry leader is no small feat, and with this award, we’re only inspired to continue improving our technology and innovating our approaches.

Do you have any projects in mind? Contact us today, and let’s discuss how we can work together to reach your goals! 

Penetration Testing Your AWS Environment - A CTO's Guide

The Hacker News explains how AWS environment should assessed from the point of view of cybersecurity.

There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration tests involving AWS:

  • Your externally accessible cloud infrastructure
  • Any application(s) you're building or hosting
  • Your internal cloud infrastructure
  • Your AWS configuration itself
  • Secrets management

Read further on The Hacker News

New Malware Targets Windows Subsystem for Linux to Evade Detection

The Hacker News reports an new malware focusing on Linux systems.

A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.

The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent payloads.

Read further on The Hacker News

Stolen Credentials Led to Data Theft at United Nations

The Threat Post reported on cybersecurity incident in U.N.O. caused by credentials theft.

A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed.

That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to “further attacks” linked to the breach, Stéphane Dujarric, spokesman for the UN Secretary-General, told Bloomberg, which broke the news in a report published Thursday.

Read further on The Threat Post

Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers

The Hacker News reported on critical Cosmos database flow which can potentially affect thousands of Azure customers.

Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization.

The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the vulnerability has a trivial exploit that doesn't require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies."

Read further on The Hacker News

Trilight Security Has Been Featured 4th Among Top 40 IT Service Companies in Estonia

The Manifest, a renowned business news and how-to website, a sister website of Clutch, which is a famous B2B ratings and reviews platform. The Manifest launched in February 2018 and since then won a reputation for the data-driven benchmarks, how-to guides and agency shortlist.

In August, 2021, The Manifest published its new shortlist TOP 40 IT SERVICES COMPANIES IN ESTONIA, where Trilight Security has been featured at high fourth place among top Estonian IT Services companies, and basically, the top company regarding cybersecurity specialization.

Trilight Security Team is proud to get yet another confirmation of its skills and efforts in cybersecurity field.

Read the shortlist on The Manifest