fb pixel
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680

Blue Team Alpha Insights

The Blog

Home » Vulnerability Management
Photo of person typing on computer with navy blue overlay and white text reading "Web Application Scanning"

Web Application Scanning: A Beginner’s Guide to Securing Your Web Applications

In the relentless battle against cybercrime, ensuring the security of web applications isn’t merely a best practice; it’s a necessity. Web application scanning stands as a powerful offensive tactic in this fight, delve into the significance of integrating web application scanning into the software development process, providing essential guidance for professionals at all levels. What is Web Application Scanning? Think of web application scanning as a comprehensive security checkup for your web application. Just like a medical exam tries to discover potential health issues, web application scanning employs specialized software to probe for hidden flaws within the application’s code, settings,

Read More »

Vulnerability Management in Cybersecurity – A Comprehensive Guide

Part 3: A Proactive Approach to Building Cyber Resilience In the complex landscape of cybersecurity, where the battle between defenders and attackers unfolds, one thing remains clear: understanding vulnerability management is paramount to safeguarding your organization against the persistent threat of data breaches and cyberattacks. This is Part 3, the final act of our comprehensive blog series, where we delve deep into the realm of vulnerability management. In Parts 1 and 2, we’ve journeyed through the heart of vulnerabilities, uncovering their significance and the essential steps in managing them. In this last installment, we conclude our exploration, arming you with

Read More »
Unmasking Cyberthreats: CVE-2023-22515 AND CVE-2023-20198

Unmasking Cyberthreats: The Urgent Battle Against Atlassian Confluence and Cisco Vulnerabilities

I. Introduction Cybersecurity has never been more critical in an era where digital infrastructure underpins countless aspects of our daily lives. In this comprehensive blog post, we focus on two pressing cybersecurity vulnerabilities that demand immediate focus and action. These vulnerabilities have caught the attention of experts and authorities, prompting a collaborative response from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). First and foremost, we’ll explore the alarming situation surrounding CVE-2023-22515, a vulnerability within Atlassian Confluence. This vulnerability has been discovered and actively exploited by

Read More »

ProxyNotShell Advisory – Microsoft Exchange Zero-day Vulnerabilities

Executive summary On September 30th, 2022, GTSC, a Vietnamese cybersecurity company, released a warning stating, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” This vulnerability would allow attackers to formulate a specially crafted HTTP request to the on-prem exchange server over port 443, enabling the attacker to execute malicious remote code on the system as the “SYSTEM” user. Microsoft confirmed both zero-day vulnerabilities late the evening of September 29, 2022 and said they were aware of “limited, targeted attacks using the two vulnerabilities to get into

Read More »
Indicators of a Compromise

Why You Should Investigate IOCs, and What Can Happen if You Don’t

What is an indicator of compromise (IOC)?  An indicator of compromise is a piece of digital forensic data that indicates a potential network breach. This information helps security investigators identify malicious or suspicious activity including threats, data breaches, and malware. IOCs can be collected during routine cybersecurity scans or manually if suspicious activity is detected.  Since IOC identification is primarily reactive, the discovery of an IOC typically means that an organization has already been compromised. However, this detection helps organizations to stop in-process attacks sooner and reduce the attack’s impact. In addition, investigating IOCs can be used to repair existing

Read More »