There’s a Reason the Most Important Data on Earth is protected by Fidelis
5
of the 6 US Military Branches Defended
7
of the 10 Largest US Government Agencies Protected
6.7M
Year-to-Date High Severity Malware Threats Identified
16K
Year-to-Date Critical Vulnerability Exploitations Attempts Detected
Protecting the leading enterprises and government agencies worldwide for over 20 years.
-
7 of the 10 largest US government agencies.
-
5 of the 6 branches of the US military
-
#1 largest cellphone manufacturer in the world
-
#1 largest pharmacy chain in the world
-
#1 largest mobile service provider in the US
-
#1 largest defense contractor in the world
-
#1 largest pharmaceutical company in the world
-
#1 largest convenience store chain in the world
Why is Fidelis winning against its competitors?
Our customers detect post-breach attacks over 9x faster.
The Fidelis Challenge.
No one sees what we see and we'll prove it
Run Fidelis Elevate in your enterprise environment for 30 days. We guarantee we will find threats your current provider has never even seen. If we are wrong, we will pay you $50,000 or donate $50,000 to a children’s charity of your choice.
Products
Discover Our Product
The Fidelis Elevate
Built on a Foundation of AI (Before it was Cool)
Our customers rely on our AI-driven Fidelis Elevate to:
Predict future attacks before they happen
Stop phishing attempts in real-time
Conduct rapid forensic analysis to confidently respond to present threats
The Fidelis Halo™
Built on a Foundation of AI (Before it was Cool)
Our customers rely on our AI-driven Fidelis Halo™ to:
Predict future attacks before they happen
Stop phishing attempts in real-time
Conduct rapid forensic analysis to confidently respond to present threats
No one sees what we see and we'll prove it
Our customers detect post-breach attacks over 9x faster.
Take the Fidelis Challenge:
Run Fidelis in your environment for 30 days. We guarantee we will find threats your current provider has never even seen. If we are wrong, we will write you a check for $25,000 or donate to a charity of your choice.
Integrations
Case Study
Lyell Immunopharma Improves Cloud Security with Fidelis Security
Lyell Immunopharma is a South San Francisco-based, publicly traded cell therapy company (LYEL). Their T cell reprogramming technology focuses on the mastery of T cells to cure patients with solid tumors. They apply proprietary genetic and epigenetic reprogramming technology platforms to address barriers present in solid tumors in order to develop new medicines with improved, durable, and potentially curative clinical outcomes.
Testimonials
What Our Client Say About Us
Resources
Check Out Our Recent Content
- Threat Intelligence
December 2022 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research Team (TRT) is ready. Each month, the monthly Threat Intelligence Summary examines
When threats emerge, the Fidelis Cybersecurity Threat Research Team (TRT) is ready. Each month, the monthly Threat Intelligence Summary examines the latest threats and trends so you can stay resilient against cyber adversaries.
The December 2022 Threat Intelligence Summary examined a new vulnerability that targets endpoint security providers (rest assured, we’ve confirmed that Fidelis Cybersecurity platforms remain secure). We also discuss mitigations for the ongoing LastPass data breach, updated detections for popular penetration testing tools, and metrics and information on the most impactful vulnerabilities and malware strains in the wild today.
Read the December 2022 Threat Intelligence Summary
Top Emerging Vulnerabilities
The Fidelis Cybersecurity Threat Research Team (TRT)’s top-ten vulnerability list for December includes critical and high severity CVEs that, when exploited, lead to privilege escalation, distributed denial of service attacks (DDoS), arbitrary code execution, and more. Many of these vulnerabilities are still in the discovery stage, with global organizations evaluating the potential for exploitation. The top ten emerging vulnerabilities in the December 2022 TRT report represent credible threats to any organization using unpatched systems or software. Whether a vulnerability is newly discovered, has proofs of concept available, or is being actively exploited, regular patch management is imperative for securing your organization.
Malware Attacks by Industry
This month, we pivoted and focused our survey of malware attacks by industry. In the latest report, you’ll see an overview of the top 10 hardest-hit industry sectors during the month of December. We break down all observed malware samples and examine the most prevalent types of files attacked and the most observed malware types. Examining these trends more deeply, we delve into the most prevalent malware families observed both through our telemetry and also through open-source reporting.
About the Fidelis Cybersecurity Threat Research Team
The Threat Research team at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.
Visit the Fidelis Cybersecurity Threat Research page to read the complete December 2022 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.
- Threat Intelligence
January 2023 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the latest threats and trends so you can stay resilient against cyber adversaries.
The January 2023 Threat Intelligence Summary details the end-of-life of widely used operating systems, exploitation of critical vulnerabilities that we flagged in the December report, new and continuing data breaches at financial and technology service companies, and more. We also updated the metrics and information on the most impactful vulnerabilities and malware strains in the wild today and included information on some of the top phishing sites observed over the month.
Read the January 2023 Threat Intelligence Summary
Top Emerging Vulnerabilities
The Fidelis Cybersecurity TRT’s top-ten vulnerability list for January includes critical and high severity CVEs that, when exploited, lead to privilege escalation, distributed denial of service attacks (DDoS), arbitrary code execution, and more. Some of these vulnerabilities are still in the discovery stage, while others persist from the previous month. Those that repeat from past reports show increased adversarial activity, despite industry warnings. These vulnerabilities all represent credible threats to any organization using unpatched systems or software. Whether a vulnerability is newly discovered, has proofs of concept available, or is being actively exploited, regular patch management is imperative for securing your organization.
Malware Attacks by Industry
This month, we continued our survey of malware attacks by industry. In the latest report, you’ll see an overview of the top 10 hardest-hit industry sectors during the month of January. We break down all observed malware samples and examine the most prevalent types of files attacked and the most observed malware types. Examining these trends more deeply, we delve into the most prevalent malware families observed both through our telemetry and through open-source reporting.
Top Phishing Domains
Phishing attacks represent a significant percentage of successful breach attempts. Phishing can be hard to detect after clicking the malicious link. Breach identification and containment caused by phishing took an average of 295 days, according to IBM’s 2022 Data Breach Report. While it’s impossible to block every potential phishing domain, our report this month contains the top five phishing sites observed in the wild right now. Awareness of these sites can help your security teams prevent intrusions and detect potential breaches faster.
See the top phishing domains list >
About the Fidelis Cybersecurity Threat Research Team
The Threat Research team at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.
Visit the Fidelis Cybersecurity Threat Research page to read the complete January 2023 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.
- Threat Intelligence
February 2023 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the latest threats and trends so you can stay resilient against cyber adversaries.
The February 2023 report details the return of a nation-state group’s espionage efforts, new cryptographic standards, a city paralyzed by ransomware, and the never-ending march of more data breaches and compromises. We also provide updates to the metrics and information on the most impactful vulnerabilities and malware strains in the wild today and included information on some of the top phishing sites observed over the month.
Read the February 2023 Threat Intelligence Summary
Top Emerging Vulnerabilities
The Fidelis Cybersecurity TRT’s top-ten vulnerability list for January includes critical and high severity CVEs that, when exploited, lead to privilege escalation, distributed denial of service attacks (DDoS), arbitrary code execution, and more.
This month’s list includes base scores for each of our top ten vulnerabilities. The base score is a complex calculation that weighs several factors, including exploitability (attack complexity, scope, privileges required, etc.), impact metrics, CVE maturity, and more. The value, from 0 to 10, represents the potential severity of the threat. The higher the number, the more critical the CVE.
These base scores serve as one reliable indicator of threat criticality. However, there are many factors that go into our top ten inclusion. The list presented in our report represents what we have observed as the month’s most credible threats to any organization using unpatched systems or software. Whether a vulnerability is newly discovered, has proofs of concept available, or is being actively exploited, regular patch management is imperative for securing your organization.
Malware Attacks by Industry
This month, we continued our survey of malware attacks by industry. In the latest report, you’ll see an overview of the top 10 hardest-hit industry sectors during the month of February. We also go into detail about which industries are seeing an increase in malware activity, and how we use this data to better safeguard our customers. We break down all observed malware samples and examine the most prevalent types of files attacked and the most observed malware types. Examining these trends more deeply, we delve into the most prevalent malware families observed both through our telemetry and through open-source reporting.
Top Phishing Domains
The Verizon, 2022 Data Breach Investigations Report indicates that 82% of data breaches stemmed from a user error, including clicking on phishing links. As adversaries grow more skilled, phishing is getting more and more difficult to detect. Breach identification and containment caused by phishing takes an average of 295 days, according to IBM’s 2022 Data Breach Report.
This month’s report contains five extremely active phishing sites observed in the wild right now. While the best defense against phishing is user vigilance, security teams can rely on emerging data like this to help bolster defenses.
See the top phishing domains list >
About the Fidelis Cybersecurity Threat Research Team
The Threat Research team at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.
Visit the Fidelis Cybersecurity Threat Research page to read the complete February 2023 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.
- Threat Detection Response
Microsoft Outlook Remote Hash Vulnerability (CVE-2023-23397)
On March 14th, 2023, Microsoft released a “Patch Tuesday” security update to address 76 separate vulnerabilities. Included among them was CVE-2023-23397,
On March 14th, 2023, Microsoft released a “Patch Tuesday” security update to address 76 separate vulnerabilities. Included among them was CVE-2023-23397, a critical vulnerability (rating 9.8) targeting Microsoft’s Outlook E-Mail client. Exploitation of the vulnerability would allow for remote credential replay attacks leading to escalation of privilege with no user interaction. Also on March 14th, researchers published a proof-of-concept exploit to take advantage of the vulnerability. Despite being publicly disclosed in March 2023, there is evidence that this vulnerability has been exploited in the wild by state-sponsored threat actors since at least April of 2022.
In the patch notes, Microsoft described the Outlook vulnerability as “a privilege escalation vulnerability that allows for a NTLM (New Technology LAN Manager) Replay attack against another service to authenticate as the user.” Fidelis Cybersecurity’s Threat Research Team (TRT) performed a deep-dive analysis of the vulnerability and developed a Fidelis Network® detection capability that provides real-time alerting for this attack. This blog post details the findings of our tests, along with the background information about Window’s NTLM required for context.
NTLM Background
NTLM is Microsoft’s suite of security protocols that provide authentication, integrity, and confidentiality to end users. Microsoft no longer recommends deployment of NTLM in modern systems, yet it is often still implemented to maintain legacy compatibility. In its most simplistic form, NTLM is a challenge-response protocol that uses three steps to authenticate a client:
- Negotiation message: establish network path and negotiate capabilities of client and server.
- Challenge message: server responds with a challenge message including a random 8-byte number to prompt the client to authenticate.
- Authentication message: the client responds with the random number plus a hashed version of the password, which is compared to the value stored on the domain controller.
It is the hash value that is of particular importance to our discussion. Due to the way NTLM implements its hashing features (i.e., a lack of salting), the hash value can be used to authenticate just as if the attacker had access to the un-hashed password. If an attacker can obtain the hash value of the password, they can replay the hash and authenticate to the domain controller without ever knowing the original password and without any user interaction. In normal operations the challenge-response messages are encrypted in a way that prevents attackers from gaining access to the hash, but the exploit described in CVE-2023-23397 provides a way to force an Outlook client running on Windows to send the NTLM password hash value to the attacker.
Vulnerability Details
The vulnerability takes advantage of the way that Microsoft Outlook parses calendar appointment invitations. Outlook clients use the Messaging Application Programming Interface (MAPI) client protocol to communicate with the Exchange servers that host email messages. By using the extended MAPI properties, an attacker can define a Universal Naming Convention (UNC) file path to a remote server and force the client to send an NTLM authentication message to that server over SMB (port 445). This authentication message contains the NTLM hash value that is used to authenticate to the Domain Controller. Once the attacker has access, they can replay the authentication message and impersonate the credentialed user.
The MAPI property at fault is the “PidLidReminderFileParameter.” This property allows an email sender to specify a UNC file path that the receiving client uses when playing an audio reminder for an overdue calendar appointment.
Prior to Microsoft’s patch, there was no enforcement mechanism to ensure that this property pointed to a local file. Therefore, an attacker can specify a remote and malicious UNC file path in this property. When Outlook parses this file path for a remote server, it attempts to authenticate to the server by sending its NTLM authentication message. The malicious server can then record this message and use it in future replay attacks to impersonate the targeted user.
This exploit is unique in its ability to easily take control of a user’s account take control of a user’s account without that user’s interaction. Typically, a user must fall for a phishing attempt or otherwise play a part in the compromise. In this case, no action is required on the user’s part because the exploit occurs as soon as the calendar appointment is received. Likewise, the attacker does not need to gain elevated privileges prior to the attack. Also, SMB is not a protocol that is typically blocked for outbound connections by edge firewalls. Because of these characteristics, Fidelis Cybersecurity believes this vulnerability will quickly rise to our Top 10 list of critical vulnerabilities.
Detection Parameters
In order to detect the exploit within the Microsoft Exchange Server environment, Microsoft released a script that searches for messaging items that contain a UNC path. The script also provides an option to remove those items. This approach is somewhat retroactive, however, and will not stop attacks in progress. To provide real time detection, Fidelis TRT developed a capability that detects the attack in transit on the wire.
Detecting Active Exploits of the Microsoft Outlook Remote Hash Vulnerability
To transmit a MAPI message over SMTP, Microsoft first wraps the message in the Transport Neutral Encapsulation Format (TNEF) and includes it as an attachment (winmail.dat) to the email message. To detect the exploit on the wire, Fidelis’ Deep Session Inspection® technology reassembles the communication channel up to the application layer to identify the MAPI parameters associated to the vulnerability (i.e., the PidLidReminderFileParameter with a UNC file path set). The challenge with development of custom detections is to identify parameters that have a high probability of detecting the attack with a low probability of generating false positives. To do this, Fidelis first determined how that segment is encoded in TNEF. Within MAPI, the presence of PidLidReminderFileParameter is defined by the hex stream 0x0000851F. When transmitted on the wire via TNEF, that same string of bytes appears appended to the PSETID_COMMON field (00062008-0000-0000-C000-000000000046) with four NULL bytes between them. The PidLidReminderFileParamValue is set to true (01 00), followed by 2 more NULL bytes, 2 bytes defining the length of the UNC path, and two more NULL bytes. After that, all that is left is to detect the beginning of a UNC path beginning with ‘//’ (5C in hex). We include a signature for InterPersonal Message (IPM) mail classes as well to ensure we are dealing with an Outlook mail item. The resulting Fidelis Network rule is shown in Figure 3 while the alert produced by this rule after analyzing network traffic is shown in Figure 4.
Conclusion
Threat actors continually innovate, creating new and novel techniques to gain access to confidential information. CVE-2023-23397 likely originated from a state-sponsored actor, but recent disclosures have made it an easy matter for anyone to leverage this powerful and simple zero-click credential theft attack against vulnerable Microsoft Outlook clients. To keep your organization safe, ensure your systems are up to date, and that you have installed an automated detection system, such as Fidelis Elevate, to proactively defend against cyber-threats and active attacks.
Subscribe to the Threat Geek blog for the latest updates, threat research, and industry insights from the professionals at Fidelis Cybersecurity. To see first-hand how the Fidelis Cybersecurity platforms help security teams worldwide protect, detect, respond, and neutralize even the most advanced cyber adversaries across network, endpoints, and cloud, schedule a demo.
- Data Protection
Why a Cyber-healthy Network is Essential for Patient Safety
The healthcare industry increasingly (and heavily) relies on technology to deliver care and manage patients, employees, and supplier data –
The healthcare industry increasingly (and heavily) relies on technology to deliver care and manage patients, employees, and supplier data – from diagnostic devices to online health records and connected care networks. With all the benefits technology brings to healthcare, it also increases IT complexity and potential points of vulnerability. Healthcare is a prime target for cyber-attacks.
According to the HIPAA Journal, data breaches have increased by 51.5% in the past month alone. These alarming statistics should prompt more healthcare organizations to prioritize cybersecurity.
Healthcare data breaches trending upward. (Source: Department of Health and Human Services)
Cyber Safety is Patient Safety
There are a few prominent examples of breaches that demonstrate the impact cybersecurity incidents can have in terms of highly sensitive patient healthcare data, in violation of the Health Insurance Portability and Accountability Act (HIPAA) policies for safeguarding patient confidentiality. These incidents caused significant financial losses (in the millions of dollars), can impact on reputation, disrupt business operations, and often create lasting repercussions for the affected individuals and healthcare organizations.
So why aren’t healthcare organizations prioritizing cybersecurity?
There are several reasons why cybersecurity is often overlooked in healthcare:
(Source: Fidelis Cybersecurity)
- Scarce resources: Often, healthcare organizations don’t have the funding and staff to allocate for cybersecurity, so they prioritize patient care and operation expenditures.
- Lack of understanding: It is common for healthcare companies to underestimate the importance of cybersecurity, or the risks involved with cyberattacks. They may simply assume that their IT systems are secure or outsource their security operation to a third party requiring less resources.
- Data intricacy: Healthcare organizations deal with large amounts of sensitive patient data, spread across several locations and parties. Plus, systems are often a mix of legacy and modern, on-premises and cloud. The inherent complexity makes it challenging to identify and address potential vulnerabilities.
- Multiple disparate stakeholders: The Healthcare industry involves many different stakeholders, from medical providers in hospitals and clinics to insurance providers, pharmacies, and government agencies. PII is often shared among this disparate network, but it is nearly impossible to ensure all stakeholders have taken consistent and appropriate measures to protect the data.
- Compliance and regulations: While there are regulations in place to protect patient data (e.g., HIPAA in the United States), they are not designed to address the full scope of potential cybersecurity risks.
Partner with Cybersecurity Experts
Healthcare institutions must continue their digital transformations to electronic records and expand network access to patients through telemedicine, health records, patient portals, and other services. As they do, it’s important to build proactive cyber defense and cyber resilience into their IT environments.
Fidelis Cybersecurity protects the world’s most sensitive data, assets, and critical business operations. Our Fidelis Elevate and CloudPassage Halo platforms provide comprehensive security for healthcare organizations worldwide. We protect our customer’s data, assets, and business operations by providing full visibility device-to-cloud via rich, dynamic mapping of the IT environment, multi-faceted context, and risk assessment. These features minimize attackable surface areas, automate exposure prevention, threat prevention, detection, and incident response, and provide the context, accuracy, speed, and portability security professionals need to find and neutralize adversaries earlier in the attack lifecycle.
In Summary
The healthcare industry has long been and will continue to be a prime target for cyber attackers. By partnering with cybersecurity experts like Fidelis Cybersecurity, you can proactively detect, deceive, and neutralize threats inside your network, protecting your organization from potential damage. With our expertise and tools, your security teams can stay ahead of cyber threats and safeguard your valuable patient data.
Don’t wait until it’s too late – let us show you what threats are lurking on your network so we can help safeguard your data and IT assets.
- Threat Intelligence
March 2023 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the latest threats and trends so you can stay resilient against cyber adversaries.
In March 2023, we saw the evidence of a new state-sponsored group emerging, a new national-level cyber strategy, a first-of-its-kind malware, a new cyber resiliency strategy, and several extremely critical emerging new vulnerabilities. We also provide updates to the metrics and information on the most impactful vulnerabilities and malware strains in the wild today and included information on some of the top phishing sites observed over the month.
Read the March 2023 Threat Intelligence Summary
Top Emerging Vulnerabilities
The Fidelis Cybersecurity TRT’s top-ten vulnerability list for March includes critical and high severity CVEs that, when exploited, lead to privilege escalation, distributed denial of service attacks (DDoS), arbitrary code execution, and more.
We also include the base scores for each of our top ten vulnerabilities. The base score is a complex calculation that weighs several factors, including exploitability (attack complexity, scope, privileges required, etc.), impact metrics, CVE maturity, and more. The value, from 0 to 10, represents the potential severity of the threat. The higher the number, the more critical the CVE.
These base scores serve as one reliable indicator of threat criticality. However, there are many factors that go into our top ten inclusion. The list presented in our report represents what we have observed as the month’s most credible threats to any organization using unpatched systems or software. Whether a vulnerability is newly discovered, has proofs of concept available, or is being actively exploited, regular patch management is imperative for securing your organization.
Malware Attacks by Industry
Fidelis Cybersecurity tracks the most prevalent malware threats to keep our detection feeds up to date and our clients secure. In March 2023, Fidelis detected and defended against more than seventy-six thousand high-severity malware threats across more than eighteen thousand unique instances of malware. For the March report we are adding metrics to examine submissions to the Fidelis Sandbox malware analysis service. Read the report to see how we curate and evaluate sandbox samples. You’ll also get a deep dive into the types of files most commonly infected, and you’ll see how malware affected various industries over the past month.
Top Phishing Domains
The Verizon, 2022 Data Breach Investigations Report indicates that 82% of data breaches stemmed from a user error, including clicking on phishing links. As adversaries grow more skilled, phishing is getting more and more difficult to detect. Breach identification and containment caused by phishing takes an average of 295 days, according to IBM’s 2022 Data Breach Report.
Each month, our report contains the top five active phishing sites observed in the wild. While the best defense against phishing is user vigilance, security teams can rely on emerging data like this to help bolster defenses.
See the top phishing domains list >
About the Fidelis Cybersecurity Threat Research Team
The Threat Research team at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.
Visit the Fidelis Cybersecurity Threat Research page to read the complete March 2023 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.
Threat Geek
Recent Posts
December 2022 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research Team (TRT) is ready. Each month, the monthly Threat Intelligence Summary examines
May 2023 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the
New MOVEit Vulnerability: What to Do NOW to Protect Your Organization
Overview On May 31, 2023 Progress Software disclosed a SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer that could lead to escalated
December 2022 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research Team (TRT) is ready. Each month, the monthly Threat Intelligence Summary examines
May 2023 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the
New MOVEit Vulnerability: What to Do NOW to Protect Your Organization
Overview On May 31, 2023 Progress Software disclosed a SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer that could lead to escalated
New MOVEit Vulnerability: What to Do NOW to Protect Your Organization
Overview On May 31, 2023 Progress Software disclosed a SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer that could lead to escalated
Unveiling Apache ActiveMQ Vulnerability: Understanding CVE-2023-46604 and Securing Your Environment
Introduction Apache ActiveMQ prior to versions 5.15.16, 5.16.7, 5.17.6 and 5.18.3 are vulnerable to Remote Code Execution (RCE) in the
Securing Networks: Real-Time Base64 Keyword Detection with Fidelis Elevate
Summary Exfiltrated sensitive data can be difficult to discover by analyzing network traffic in real-time if it is first base64
Blog
Our Recent Blog
December 2022 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research Team (TRT) is ready. Each month, the monthly Threat Intelligence Summary examines
New MOVEit Vulnerability: What to Do NOW to Protect Your Organization
Overview On May 31, 2023 Progress Software disclosed a SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer that could lead to escalated
May 2023 Threat Intelligence Summary
When threats emerge, the Fidelis Cybersecurity Threat Research team (TRT) is ready. Each month, the Threat Intelligence Summary examines the
Policy assignments work surprisingly well. I can just set policies for our assets and servers, and those policies apply to any new instances that we spin up.