SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 05
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Exploit Flare Up Against Older Atlassian Confluence Vulnerability
Published: 2024-01-29
Last Updated: 2024-01-29 14:01:16 UTC
by Johannes Ullrich (Version: 1)
Last October, Atlassian released a patch for CVE-2023-22515. This vulnerability allowed attackers to create new admin users in Confluence. Today, I noticed a bit a "flare up" in a specific exploit variant.
Rapid 7 published a good summary of the vulnerability. As so often, the vulnerability is pretty straightforward once you see it. During the initial setup, Confluence asks the user to configure an administrator. After setup is complete, the user needs to log in using this initial administrator account to configure additional users. Using the vulnerability, an attacker can flip the "setup complete" state. No authentication is required to do so. An attacker can first enable the initial setup behavior, us it to add a new administrator account, and complete the attack by disabling the setup page to make the application appear normal for other users.
Read the full entry:
https://isc.sans.edu/diary/Exploit+Flare+Up+Against+Older+Altassian+Confluence+Vulnerability/30600/
A Batch File With Multiple Payloads
Published: 2024-01-26
Last Updated: 2024-01-26 07:22:51 UTC
by Xavier Mertens (Version: 1)
Windows batch files (.bat) are often seen by people as very simple but they can be pretty complex or.. contain interesting encoded payloads! I found one that contains multiple payloads decoded and used by a Powershell process. The magic is behind how comments can be added to such files. The default (or very common way) is to use the "REM" keyword. But you can also use a double-colon ...
Read the full entry:
https://isc.sans.edu/diary/A+Batch+File+With+Multiple+Payloads/30592/
Facebook AdsManager Targeted by a Python Infostealer
Published: 2024-01-25
Last Updated: 2024-01-25 06:00:14 UTC
by Xavier Mertens (Version: 1)
These days, many pieces of malware are flagged as “infostealers” because, once running on the victim’s computer, they search for interesting data and exfiltrate them. Classic collected data are:
* credentials
* cookies
* cryptocurrency details
* technical information about the victim (public IP, OS version running processes, etc)
* …
Credentials and cookies are used to take over web services used by the victim. For convenience, many people use the “remember me” feature on many websites. This allows the user to come back later to the websites without the need to authenticate again for a specific amount of time (ex: 1 day, 1 week, … sometimes “forever”!)
If some cookies are fascinating (ex: access to webmail, corporate services, …), what could be a practical example of abuse? Yesterday, I found another malicious Python script that behaves like an infostealer. It collects data from the following browsers ...
Read the full entry:
https://isc.sans.edu/diary/Facebook+AdsManager+Targeted+by+a+Python+Infostealer/30590/
Internet Storm Center Entries
The Fun and Dangers of Top Level Domains (TLDs) (2024.01.31)
https://isc.sans.edu/diary/The+Fun+and+Dangers+of+Top+Level+Domains+TLDs/30608/
What did I say to make you stop talking to me? (2024.01.30)
https://isc.sans.edu/diary/What+did+I+say+to+make+you+stop+talking+to+me/30604/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-22527 - Atlassian Confluence Data Center and Server Template Injection Vulnerability
CVE-2023-22515 - Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
CVE-2024-23222 - Apple Multiple Products Type Confusion Vulnerability
CVE-2024-23897 - Jenkins 2.441 and earlier allows unauthenticated attackers to read arbitrary files by exploiting a feature in its CLI command parser.
Product: JenkinsCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23897ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8828NVD References: - http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html- http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html- https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314CVE-2024-21326 - Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityProduct: Microsoft Edge (Chromium-based)CVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21326MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21326CVE-2024-0769 - The D-Link DIR-859 1.06B01 is vulnerable to a critical path traversal issue in the HTTP POST Request Handler component, allowing remote attackers to exploit it even though it is no longer supported and should be retired.Product: D-Link DIR-859CVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0769ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8824CVE-2024-22651 - There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.Product: D-Link DIR-815 routerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22651NVD References: https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.mdCVE-2024-22751 - D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.Product: D-Link DIR-882 A1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22751NVD References: - https://github.com/5erua/vuls/blob/main/dir882.md- https://www.dlink.com/en/security-bulletin/CVE-2024-23624 - D-Link DAP-1650 devices are vulnerable to a command injection attack, allowing an unauthenticated attacker to execute commands on the device as root.Product: D-Link DAP-1650CVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23624NVD References: https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/CVE-2024-23625 - D-Link DAP-1650 devices are vulnerable to command injection, allowing unauthenticated attackers to gain root-level command execution.Product: D-Link DAP-1650CVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23625NVD References: https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/CVE-2024-0204 - Fortra's GoAnywhere MFT prior to 7.4.1 allows unauthorized creation of an admin user via the administration portal, bypassing authentication.Product: Fortra GoAnywhere MFTCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0204ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8822CVE-2024-22076 - MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution.Product: MyQ Print ServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22076NVD References: - https://docs.myq-solution.com/en/print-server/8.2/- https://docs.myq-solution.com/en/print-server/8.2/technical-changelog#id-%288.2%29ReleaseNotes-8.2%28Patch43%29CVE-2024-22660 - TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfgProduct: Totolink A3700RCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22660NVD References: https://github.com/Covteam/iot_vuln/tree/main/setLanguageCfgCVE-2024-22662 - TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRulesProduct: Totolink A3700RCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22662NVD References: https://github.com/Covteam/iot_vuln/tree/main/setParentalRulesCVE-2024-22663 - TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfgProduct: Totolink A3700RCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22663NVD References: https://github.com/Covteam/iot_vuln/tree/main/setOpModeCfg2CVE-2023-52038 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.Product: Totolink X6000RCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52038NVD References: https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.mdCVE-2023-52039 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.Product: Totolink X6000RCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52039NVD References: https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.mdCVE-2023-52040 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.Product: Totolink X6000RCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52040NVD References: https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.mdCVE-2024-22203 - Whoogle Search prior t…
CVE-2024-21326 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2024-0769 - The D-Link DIR-859 1.06B01 is vulnerable to a critical path traversal issue in the HTTP POST Request Handler component, allowing remote attackers to exploit it even though it is no longer supported and should be retired.
CVE-2024-22651 - There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
CVE-2024-22751 - D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.
CVE-2024-23624 - D-Link DAP-1650 devices are vulnerable to a command injection attack, allowing an unauthenticated attacker to execute commands on the device as root.
CVE-2024-23625 - D-Link DAP-1650 devices are vulnerable to command injection, allowing unauthenticated attackers to gain root-level command execution.
CVE-2024-0204 - Fortra's GoAnywhere MFT prior to 7.4.1 allows unauthorized creation of an admin user via the administration portal, bypassing authentication.
CVE-2024-22076 - MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution.
CVE-2024-22660 - TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
CVE-2024-22662 - TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules
CVE-2024-22663 - TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
CVE-2023-52038 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
CVE-2023-52039 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
CVE-2023-52040 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
CVE-2024-22203 - Whoogle Search prior to 0.8.4 allows server-side request forgery due to unvalidated user-controlled variables, leading to unauthorized access to internal and external resources on behalf of the server.
CVE-2024-22205 - Whoogle Search versions 0.8.3 and prior allow for server-side request forgery due to unsanitized user input in the `window` endpoint, allowing unauthorized access to internal and external resources, fixed in version 0.8.4.
CVE-2024-23636 - SOFARPC, a Java RPC framework, allows an attack through a gadget chain that overcomes its blacklist mechanism, posing a security risk prior to version 5.12.0.
CVE-2023-51210 - Webkul Bundle Product 6.0.1 is vulnerable to SQL injection that allows remote code execution via the id_product parameters in the UpdateProductQuantity function.
cve-2023-51210 - in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91
cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91">https://medium.com/%40nasir.synack/uncovering-critical-vulnerability-cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91
CVE-2023-52221 - UkrSolution Barcode Scanner and Inventory manager is vulnerable to Unrestricted Upload of File with Dangerous Type.
CVE-2024-22284 - Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.
CVE-2024-22309 - Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVE-2024-0822 - Overt-engine allows the creation of unauthorized users due to an authentication bypass vulnerability in CreateUserSession command.
Product: Overt-engine CreateUserSessionCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0822NVD References: - https://access.redhat.com/security/cve/CVE-2024-0822- https://bugzilla.redhat.com/show_bug.cgi?id=2258509CVE-2023-7227 - SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior allow attackers to execute arbitrary commands with root privileges via a command injection vulnerability in the DDNS settings.Product: SystemK NVR 504/508/516CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7227NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-02CVE-2024-0884 - SourceCodester Online Tours & Travels Management System 1.0 is vulnerable to a critical remote SQL injection in payment.php (function exec), allowing attackers to manipulate the id argument and potentially exploit the system.Product: Mayurik Online Tours & Travels Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0884NVD References: - https://blog.csdn.net/Q_M_0_9/article/details/135846415- https://vuldb.com/?ctiid.252035- https://vuldb.com/?id.252035CVE-2024-22638 - liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php.Product: Livesite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22638NVD References: https://packetstormsecurity.com/files/176420/liveSite-2019.1-Remote-Code-Execution.htmlCVE-2024-22922 - Projectworlds Vistor Management System in PHP v1.0 is vulnerable to privilege escalation through a crafted script sent to the login page in POST/index.php, enabling remote attackers to gain elevated privileges.Product: Projectworlds Visitor Management System In PHPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22922NVD References: - http://projectworlds.com- http://visitor.com- https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.mdCVE-2024-23613 - Symantec Deployment Solution version 7.9 is vulnerable to a buffer overflow allowing remote code execution as SYSTEM.Product: Symantec Deployment SolutionCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23613NVD References: https://blog.exodusintel.com/2024/01/25/symantec-deployment-solution-axengine-exe-buffer-overflow-remote-code-executionCVE-2024-23614 - Symantec Messaging Gateway versions 9.5 and before are vulnerable to a remote code execution flaw due to a buffer overflow vulnerability.Product: Symantec Messaging GatewayCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23614NVD References: https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/CVE-2024-23615 - Symantec Messaging Gateway versions 10.5 and before are vulnerable to a remote code execution as root due to a buffer overflow.Product: Symantec Messaging GatewayCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23615NVD References: https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/CVE-2024-23616 - Symantec Server Management Suite version 7.9 and before is vulnerable to a buffer overflow that allows remote code execution as SYSTEM.Product: Symantec Server Management SuiteCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23616NVD References: https://blog.exodusintel.com/2024/01/25/symantec-server-management-suite-axengine-exe-buffer-overflow-remote-code-execution/CVE-2024-23617 - Symantec Data Loss Prevention versions 14.0.2 and before are vulnerable to a remote code execution exploit via a crafted document.Product: Symantec Data Loss PreventionCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23617NVD References: https://blog.exodusintel.com/2024/01/25/symantec-data-loss-prevention-wp6sr-dll-stack-buffer-overflow-remote-code-execution/CVE-2024-23618 - Arris SURFboard SGB6950AC2 devices are susceptible to an arbitrary code execution vulnerability, granting unauthorized attackers root-level code execution.Product: Arris SURFboard SGB6950AC2CVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23618NVD References: https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/CVE-2024-23619 - IBM Merge Healthcare eFilm Workstation has a hardcoded credential vulnerability that allows remote attackers to achieve information disclosure or remote code execution.Product: IBM Merge Healthcare eFilm WorkstationCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23619NVD References: https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure/CVE-2024-23621 - IBM Merge Healthcare eFilm Workstation license server allows remote code execution due to a buffer overflow vulnerability which can be exploited by an unauthenticated attacker.Product: IBM Merge Healthcare eFilm Workstation license serverCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2…
CVE-2023-7227 - SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior allow attackers to execute arbitrary commands with root privileges via a command injection vulnerability in the DDNS settings.
CVE-2024-0884 - SourceCodester Online Tours & Travels Management System 1.0 is vulnerable to a critical remote SQL injection in payment.php (function exec), allowing attackers to manipulate the id argument and potentially exploit the system.
CVE-2024-22638 - liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php.
CVE-2024-22922 - Projectworlds Vistor Management System in PHP v1.0 is vulnerable to privilege escalation through a crafted script sent to the login page in POST/index.php, enabling remote attackers to gain elevated privileges.
CVE-2024-23613 - Symantec Deployment Solution version 7.9 is vulnerable to a buffer overflow allowing remote code execution as SYSTEM.
CVE-2024-23614 - Symantec Messaging Gateway versions 9.5 and before are vulnerable to a remote code execution flaw due to a buffer overflow vulnerability.
CVE-2024-23615 - Symantec Messaging Gateway versions 10.5 and before are vulnerable to a remote code execution as root due to a buffer overflow.
CVE-2024-23616 - Symantec Server Management Suite version 7.9 and before is vulnerable to a buffer overflow that allows remote code execution as SYSTEM.
CVE-2024-23617 - Symantec Data Loss Prevention versions 14.0.2 and before are vulnerable to a remote code execution exploit via a crafted document.
CVE-2024-23618 - Arris SURFboard SGB6950AC2 devices are susceptible to an arbitrary code execution vulnerability, granting unauthorized attackers root-level code execution.
CVE-2024-23619 - IBM Merge Healthcare eFilm Workstation has a hardcoded credential vulnerability that allows remote attackers to achieve information disclosure or remote code execution.
CVE-2024-23621 - IBM Merge Healthcare eFilm Workstation license server allows remote code execution due to a buffer overflow vulnerability which can be exploited by an unauthenticated attacker.
CVE-2024-23622 - IBM Merge Healthcare eFilm Workstation license server allows a remote attacker to achieve remote code execution with SYSTEM privileges due to a stack-based buffer overflow vulnerability.
CVE-2024-23626 - Motorola MR2600 is vulnerable to command injection, allowing remote attackers to execute arbitrary commands by exploiting the 'SaveSysLogParams' parameter, with the possibility of bypassing authentication.
CVE-2024-23627 - Motorola MR2600 is susceptible to a command injection vulnerability in the 'SaveStaticRouteIPv4Params' parameter, allowing remote authenticated attackers to execute arbitrary commands with possible authentication bypass.
CVE-2024-23628 - Motorola MR2600 is vulnerable to command injection in the 'SaveStaticRouteIPv6Params' parameter, allowing remote attackers to achieve command execution by bypassing authentication.
CVE-2024-23629 - Motorola MR2600 web component allows an attacker to bypass authentication and retrieve sensitive information.
CVE-2024-23630 - Motorola MR2600 is vulnerable to an arbitrary firmware upload, allowing authenticated attackers to achieve code execution by bypassing authentication.
CVE-2024-0402 - GitLab CE/EE versions prior to 16.6.6, 16.7.4, and 16.8.1 allow authenticated users to write files to arbitrary locations on the server while creating a workspace.
CVE-2024-20253 - Cisco Unified Communications and Contact Center Solutions products are vulnerable to unauthorized remote code execution due to improper processing of user-provided data, allowing an attacker to execute arbitrary commands with web services user privileges and potentially gain root access to the affected device.
CVE-2023-6200 - Linux Kernel has a race condition that allows code execution when an adjacent network attacker sends an ICMPv6 router advertisement packet.
CVE-2024-1015 - E-elektronic GmbH E-DDC3.3 has a remote command execution vulnerability (versions 03.07.03 and higher) that allows attackers to send unauthorized commands through the web configuration functionality.
cve-2024-1014 - and-
CVE-2024-23827 - Nginx-UI allows arbitrary write into the system through the Import Certificate feature, leading to remote code execution.
CVE-2023-6943 - Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later, and MX OPC Server DA/UA all versions allow remote unauthenticated attacker to execute malicious code through RPC with path to a malicious library.
CVE-2023-5389 - Honeywell Experion VirtualUOC and UOC allow file modification, potentially enabling an attacker to execute a malicious application.
CVE-2023-6549 - Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Sponsors
SANS
*********** Sponsored By SANS ***********SANS Research: Take the 2024 2024 Application Security & API Survey | Written by SANS instructor David Hazar, this survey investigates what organizations are doing to mitigate increasing threats as they look to protect our applications and APIs. Complete this survey to share your insight, and you'll be eligible to win a $400 Amazon gift card for your time.
BreachLock Inc
Automating Vulnerability Management with BreachLock | Tune in on Tue, February 27 as Dave Shackleford takes a solutions deep dive with BreachLock’s attack surface management and penetration testing as a service offering. | Register now:
CrashPlan
Do You Know Where Your Data Is? In this survey, SANS and CrashPlan are seeking insight into the amount and makeup of data that exists on user endpoints versus central data stores. Time is running out! Complete the survey for a chance to win a $250 Amazon gift card!
Sysdig
Upcoming Free Virtual Event on Thu, February 29 | SOAR Into 2024: Harness the Power of the 5/5/5 Benchmark for Cloud Detection and Response - Tune in as Dave Shackleford and industry experts show you how to keep your cloud-speed business innovation secure from cloud-speed exploitation. Save your seat today: