SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 34
The Consensus Security Vulnerability Alert
Untitled
INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Analysis of RAR Exploit Files (CVE-2023-38831)
Published: 2023-08-28
Last Updated: 2023-08-28 07:44:29 UTC
by Didier Stevens (Version: 1)
My tool zipdump.py can be used to analyse the latest exploits of vulnerability CVE-2023-38831 in WinRAR.
The vulnerability is exploited with specially crafted ZIP files.
Here is the output of zipdump analyzing a PoC file I created...
What you want to look for, is:
a folder ending with a space character (" /")
a file with the same name as the folder (also ending with space character)
a file inside folder 1, starting with filename 2 and with an extra extension, like .bat
When this ZIP file is opened with a vulnerable version of WinRAR, and file 2 is double-clicked, file 3 is extracted and executed...
Read the full entry:
https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164/
Python Malware Using Postgresql for C2 Communications
Published: 2023-08-25
Last Updated: 2023-08-25 08:54:25 UTC
by Xavier Mertens (Version: 1)
For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common because HTTP is allowed on most networks...
I found a malicious Python script that is pretty well obfuscated. The applied technique reduces its VT score to 6/60! It's based on a mix of Based64- and Hex-encoded data...
Read the full entry:
https://isc.sans.edu/diary/Python+Malware+Using+Postgresql+for+C2+Communications/30158/
Survival time for web sites
Published: 2023-08-29
Last Updated: 2023-08-29 08:35:20 UTC
by Bojan Zdrnja (Version: 1)
Many, many years ago we (SANS Internet Storm Center) published some interesting research about survival time of new machines connected to the Internet. Back then, when Windows XP was the most popular operating system, it was enough to connect your new machine to the Internet and get compromised before you managed to download and install patches. Microsoft changed this with Windows XP SP2, which introduced the host based firewall that was (finally) enabled by default, so a new user had a better chance of surviving the Internet.
We still collect and publish some information about survival time, and you can see that at https://isc.sans.edu/survivaltime.html.
Now, 20 years after, most of us do not have our workstations and laptops connected directly to the Internet, however new web sites get installed and put (on the Internet) every second. I recently had to put several web sites up and was surprised as how fast certain scans happened so I decided to do some tests on survival time of new web sites.
Read the full entry:
https://isc.sans.edu/diary/Survival+time+for+web+sites/30170/
Internet Storm Center Entries
Home Office / Small Business Hurricane Prep (2023.08.28)
https://isc.sans.edu/diary/Home+Office+Small+Business+Hurricane+Prep/30166/
macOS: Who?s Behind This Network Connection? (2023.08.26)
https://isc.sans.edu/diary/macOS+Whos+Behind+This+Network+Connection/30160/
How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary] (2023.08.23)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-38831 - WinRAR before 6.23 allows remote code execution via a ZIP archive containing a benign file and a folder with the same name, leading to the execution of potentially malicious content.
cve-2023-38831 - winrar-zero-day/
cve-2023-38831-winrar-zero-day/">https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
CVE-2023-38035 - Ivanti MobileIron Sentry versions 9.18.0 and below are vulnerable to an authentication bypass due to an insufficiently restrictive Apache HTTPD configuration in MICS Admin Portal.
CVE-2020-19909 - Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via crafted value as the retry delay.
Product: Haxx CurlCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-19909ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8634NVD References: - https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/- https://github.com/curl/curl/pull/4166CVE-2023-32315 - Openfire XMPP server's administrative console is vulnerable to a path traversal attack, allowing unauthenticated users to access restricted pages reserved for administrators.Product: OpenfireCVSS Score: 0** KEV since 2023-08-24 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32315ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8628CVE-2023-36844 - Juniper Networks Junos OS on EX Series is vulnerable to an unauthenticated attacker modifying certain PHP environment variables, potentially leading to integrity loss and enabling exploitation of other vulnerabilities.Product: Juniper NetworksCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36844ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8636CVE-2020-22217 - Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.Product: C-Ares CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-22217NVD References: https://github.com/c-ares/c-ares/issues/333CVE-2020-22219 - FLAC before 1.4.0 allows remote attackers to run arbitrary code via a buffer overflow vulnerability in function bitwriter_grow_ in the encoder.Product: FLAC Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-22219NVD References: https://github.com/xiph/flac/issues/215CVE-2020-35357 - GSL (GNU Scientific Library), versions 2.5 and 2.6, allow arbitrary code execution through a buffer overflow when calculating the quantile value using gsl_stats_quantile_from_sorted_data.Product: GNU Scientific LibraryCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-35357NVD References: - https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859- https://savannah.gnu.org/bugs/?59624CVE-2021-29390 - libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.Product: Libjpeg-Turbo CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-29390NVD References: - https://bugzilla.redhat.com/show_bug.cgi?id=1943797- https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595- https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.cCVE-2021-32292 - Json-c through 0.15-20200726 is vulnerable to a stack-buffer-overflow in parseit function (json_parse.c), enabling an attacker to execute arbitrary code.Product: Json-C Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-32292NVD References: https://github.com/json-c/json-c/issues/654CVE-2021-33388 - dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.yProduct: dpic Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-33388NVD References: https://gitlab.com/aplevich/dpic/-/issues/8CVE-2021-33390 - dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.Product: dpic Project CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-33390NVD References: https://gitlab.com/aplevich/dpic/-/issues/10CVE-2022-36648 - QEMU's of_dpa_cmd_add_l2_flood hardware emulation vulnerability in the rocker device model allows remote attackers to crash the host and potentially execute code by running a malformed program in the guest OS.Product: QEMUCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36648NVD References: https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.htmlCVE-2022-47022 - Open-MPI hwloc 2.1.0 allows denial of service or other unknown impacts due to vulnerabilities in topology-linux.c.Product: Open-MPI hwlocCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-47022NVD References: https://github.com/open-mpi/hwloc/issues/544CVE-2022-48174 - Busybox before 1.35 allows stack overflow in ash.c:6030, enabling arbitrary code execution in the Internet of Vehicles environment.Product: Busybox CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-48174NVD References: https://bugs.busybox.net/show_bug.cgi?id=15216CVE-2022-48522 - Perl 5.34.0 has a stack-based crash vulnerability in function S_find_uninit_var, enabling remote code execution or local privilege escalation.Product: Perl CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-48522NVD References: https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345CVE-2023-24517 - Pandora FMS File Manager component in version v767 and earlier versions on all platforms allows unrestricted file upload, enabling an attacker to execute arbitrary system commands.Product: Pandora FMSCVSS Score: 9.8NVD: https:…
CVE-2023-32315 - Openfire XMPP server's administrative console is vulnerable to a path traversal attack, allowing unauthenticated users to access restricted pages reserved for administrators.
CVE-2023-36844 - Juniper Networks Junos OS on EX Series is vulnerable to an unauthenticated attacker modifying certain PHP environment variables, potentially leading to integrity loss and enabling exploitation of other vulnerabilities.
CVE-2020-22217 - Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
CVE-2020-22219 - FLAC before 1.4.0 allows remote attackers to run arbitrary code via a buffer overflow vulnerability in function bitwriter_grow_ in the encoder.
CVE-2020-35357 - GSL (GNU Scientific Library), versions 2.5 and 2.6, allow arbitrary code execution through a buffer overflow when calculating the quantile value using gsl_stats_quantile_from_sorted_data.
CVE-2021-29390 - libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.
CVE-2021-32292 - Json-c through 0.15-20200726 is vulnerable to a stack-buffer-overflow in parseit function (json_parse.c), enabling an attacker to execute arbitrary code.
CVE-2021-33388 - dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y
CVE-2021-33390 - dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than
CVE-2022-36648 - QEMU's of_dpa_cmd_add_l2_flood hardware emulation vulnerability in the rocker device model allows remote attackers to crash the host and potentially execute code by running a malformed program in the guest OS.
CVE-2022-47022 - Open-MPI hwloc 2.1.0 allows denial of service or other unknown impacts due to vulnerabilities in topology-linux.c.
CVE-2022-48174 - Busybox before 1.35 allows stack overflow in ash.c:6030, enabling arbitrary code execution in the Internet of Vehicles environment.
CVE-2022-48522 - Perl 5.34.0 has a stack-based crash vulnerability in function S_find_uninit_var, enabling remote code execution or local privilege escalation.
CVE-2023-24517 - Pandora FMS File Manager component in version v767 and earlier versions on all platforms allows unrestricted file upload, enabling an attacker to execute arbitrary system commands.
CVE-2023-36281 - Langchain v.0.0.171 is vulnerable to remote code execution through a json file passed to the load_prompt parameter.
CVE-2020-24113 - Yealink W60B version 77.83.0.85 allows directory traversal, leading to information disclosure and DoS.
CVE-2023-38734 - IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 incorrectly assigns privileges when importing users from an LDAP directory.
CVE-2023-4404 - The Donation Forms by Charitable plugin for WordPress up to version 1.7.0.12 allows unauthenticated attackers to escalate privileges and specify their own user role during registration.
CVE-2023-4041 - Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) enables Code Injection and Authentication Bypass due to Buffer Copy without Size Check, Out-of-bounds Write, and Download without Integrity Check vulnerabilities, affecting both "Standalone" and "Application" versions.
CVE-2023-41028 - Juplink RX4-1500 WiFi router versions 1.0.2 through 1.0.5 allow authenticated attackers to execute arbitrary code as root via a stack-based buffer overflow.
CVE-2023-40572 - XWiki Platform is vulnerable to a CSRF attack that allows remote code execution and compromises the confidentiality, integrity, and availability of the entire installation.
CVE-2023-40573 - XWiki Platform allows remote code execution through a vulnerability in its job scheduler, which has been patched in versions 14.10.9 and 15.4RC1.
CVE-2023-40706 - SNAP PAC S1 Firmware version R10.3b allows for unlimited login attempts, making it vulnerable to brute-force attacks on the built-in web server login.
CVE-2023-39834 - PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
CVE-2023-40891 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.
CVE-2023-40892 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.
CVE-2023-40893 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
CVE-2023-40894 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.
CVE-2023-40895 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.
CVE-2023-40896 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.
CVE-2023-40897 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.
CVE-2023-40898 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg.
CVE-2023-40899 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.
CVE-2023-40900 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.
CVE-2023-40901 - Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.
CVE-2023-40799 - Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.
CVE-2023-40846 - Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.
CVE-2023-4419 - LMS5xx is susceptible to unauthorized remote attackers with low skills to reconfigure settings or disrupt device functionality due to hard-coded credentials.
CVE-2023-4420 - The SICK LMS5xx is vulnerable to unauthorized disclosure of sensitive information due to lack of TLS, allowing a remote attacker to intercept and manipulate the communication.
CVE-2023-32757 - e-Excellence U-Office Force file uploading function allows unauthenticated remote attackers to upload arbitrary files and execute arbitrary commands or disrupt service.
CVE-2023-40571 - Weblogic-framework version 0.2.3 and prior may allow remote code execution due to a deserialization vulnerability in which the returned data packets are not verified.
CVE-2023-4543 - IBOS OA 4.5.5 is susceptible to a critical remote SQL injection vulnerability through the manipulation of unknown code found in ?r=recruit/contact/export&contactids=x, and its exploit has been disclosed publicly (VDB-238048).
CVE-2023-4545 - IBOS OA 4.5.5 is susceptible to a critical SQL injection vulnerability in an unknown function of the file ?r=recruit/bgchecks/export&checkids=x, allowing for remote exploitation.
CVE-2023-4548 - SPA-Cart eCommerce CMS 1.9.0.3 is vulnerable to remote SQL injection via the filter[brandid] argument in the GET Parameter Handler component, allowing for critical attacks.
CVE-2023-4556 - SourceCodester Online Graduate Tracer System 1.0 is affected by a critical vulnerability in the function mysqli_query of the file sexit.php, allowing remote attackers to launch an SQL injection attack by manipulating the argument id, potentially leading to unauthorized access to the system.
CVE-2023-4557 - SourceCodester Inventory Management System 1.0 is vulnerable to remote SQL injection via manipulation of the "customer" argument in the file app/ajax/search_purchase_paymen_report.php (VDB-238158).
CVE-2023-4558 - SourceCodester Inventory Management System 1.0 is vulnerable to remote SQL injection via the "staff_data.php" file, allowing attackers to manipulate the argument "columns[0][data]" and potentially execute malicious SQL queries.
CVE-2023-4559 - Bettershop LaikeTui allows for unrestricted upload via manipulation of a specific functionality in the component POST Request Handler's file index.php?module=api&action=user&m=upload, possibly enabling remote attackers to launch an attack.
CVE-2023-26270 - IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) allows remote attackers to execute arbitrary code via an angular template injection flaw.
CVE-2023-38024 - SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability allowing remote unauthenticated attackers to access the system and perform arbitrary operations or disrupt service via hard-coded Telnet credentials.
CVE-2023-38025 - The SpotCam FHD 2 by SpotCam Co., Ltd. has a vulnerability of OS command injection, allowing remote unauthenticated attackers to execute arbitrary system commands or disrupt service.
CVE-2023-38026 - SpotCam FHD 2 by SpotCam Co., Ltd. has a vulnerability that allows remote attackers to access the system using hard-coded uBoot credentials, potentially leading to unauthorized system operations or service disruption.
CVE-2023-38027 - SpotCam Sense by SpotCam Co., Ltd. is susceptible to OS command injection, allowing remote unauthenticated attackers to execute arbitrary system commands or disrupt service.
CVE-2023-38028 - Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication, allowing unauthenticated remote attackers to gain unauthorized access and read system information and user data without being able to control the system or disrupt services.
CVE-2023-38029 - "ADM100 and ADM-100FP attendance devices by Saho have inadequate filtering and validation in their file uploading function, enabling unauthenticated remote attackers to execute arbitrary files and system commands, potentially disrupting service."
CVE-2023-40748 - PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php.
CVE-2023-40749 - PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.
CVE-2023-40756 - PHPJabbers Callback Widget v1.0 allows user enumeration during password recovery, enabling brute force attacks.
CVE-2023-40757 - PHPJabbers Food Delivery Script v3.1 allows user enumeration, enabling a brute force attack by distinguishing valid and invalid users during password recovery.
CVE-2023-40758 - PHPJabbers Document Creator v1.0 allows user enumeration during password recovery, enabling a brute force attack with valid users.
CVE-2023-40759 - PHP Jabbers Restaurant Booking Script v3.0 allows user enumeration during password recovery, facilitating brute force attacks by revealing valid users.
CVE-2023-40760 - PHP Jabbers Hotel Booking System v4.0 is vulnerable to user enumeration during password recovery, allowing for a brute force attack with valid user accounts.
CVE-2023-40761 - PHPJabbers Yacht Listing Script v2.0 allows user enumeration during password recovery, enabling a brute force attack.
CVE-2023-40762 - PHPJabbers Fundraising Script v1.0 allows user enumeration during password recovery, enabling a brute force attack with valid users.
CVE-2023-40763 - PHPJabbers Taxi Booking Script v2.0 allows user enumeration during password recovery, facilitating brute force attacks by disclosing user validity through different error messages.
CVE-2023-40764 - PHP Jabbers Car Rental Script v3.0 allows user enumeration during password recovery, enabling an attacker to conduct successful brute force attacks.
CVE-2023-40765 - PHPJabbers Event Booking Calendar v4.0 allows user enumeration during password recovery, enabling an attacker to easily identify valid users for a potential brute force attack.
CVE-2023-40766 - PHPJabbers Ticket Support Script v3.2 allows user enumeration during password recovery, enabling brute force attacks through the difference in error messages.
CVE-2023-40767 - PHPJabbers Make an Offer Widget v1.0 allows user enumeration during password recovery, enabling a brute force attack with valid users.
CVE-2023-39560 - ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
CVE-2023-41359 - FRRouting FRR through 9.0 allows an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c during AIGP validation due to a lack of byte availability check.
CVE-2023-41360 - FRRouting FRR through 9.0 allows unauthorized access to the initial byte of the ORF header in bgpd/bgp_packet.c.
CVE-2023-41361 - FRRouting FRR 9.0 allows for a potential remote code execution due to insufficient length validation in bgpd/bgp_open.c.
CVE-2023-23770 - Motorola MBTS Site Controller accepts hard-coded backdoor password that cannot be changed or disabled.
CVE-2023-34039 - Aria Operations for Networks has an Authentication Bypass vulnerability allowing unauthorized access to its CLI.
CVE-2023-41265 - Qlik Sense Enterprise for Windows versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier are vulnerable to remote privilege escalation through tunneling HTTP requests in the raw HTTP request, allowing execution of backend server commands; this has been fixed in subsequent patches August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
CVE-2023-4596 - The Forminator plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the affected site's server, potentially enabling remote code execution.
Sponsors
CardinalOps
*********** Sponsored By CardinalOps ***********Take the newly released SANS Detection Engineering Survey to share your insights on the state of practice in “detection engineering” and provide guidance on how to improve your capabilities in keeping up with rapidly changing threats. As a special thank you, you'll be entered into our drawing for a chance to win a $250 Amazon gift card. Take the survey now:
Sumo Logic | AWS
Tune in on Thu, September 14 at 1:00pm ET for our upcoming webcast: Filling the Human Gap with Technology - Artificial Intelligence May Know You Better Than You Know Yourself. In this webcast, we'll discuss what impact human targets have on cybersecurity and more! | Register Now:
SANS
Free Virtual Event on Fri, September 15 | Join Matt Bromiley and invited speakers for the XDR/EDR Solutions Forum as we work towards one objective: Make it harder, if not impossible, for adversaries to achieve their objectives. Join the conversation, register now:
Cloudflare
Upcoming Webcast on Tue, September 19 | How Cloudflare Helps Financial Institutions Improve Visibility Into a Complex Threat Landscape - Q2 Case Study | Register now: