Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Happy New Year from Key Manager Plus! Though years may pass, one thing that never changes is our commitment towards providing hassle-free certificate life cycle management for every enterprise. To stay true to this goal, over the years, our team has constantly improved its offerings to match user requisites and market needs, and 2023 was no different, with updates that redefined the administrative experience and enhanced product security.

Businesses are currently witnessing improvements in cybersecurity capabilities, thanks to advancements in Artificial Intelligence (AI). However, the progress is accompanied by a parallel increase in the threat and sophistication of cyber-attacks, especially when the right event monitoring and threat detection tools are not utilized. Deloitte's latest research on security operations indicates that in 2023, 12.5% of businesses experienced more than one security event.

As organizations increasingly rely on external vendors and enterprise buying patterns continue to decentralize, the challenge of managing risk associated with third parties becomes critical. Unfortunately, even uncovering vendor relationships within an organization can be a struggle, with over 80% of workers admitting to using non-approved SaaS applications. This ‘Shadow IT’ is not only frustrating; it introduces tremendous risk.

AgentTesla is a Windows malware written in.NET, designed to steal sensitive information from the victim's system. It’s considered commodity malware given its accessibility and relatively low cost. Commodity malware poses a significant threat as it enables less sophisticated cybercriminals to conduct various types of cyberattacks without requiring extensive technical knowledge. AgentTesla has been a persistent and widespread threat since its emergence in 2014.

The European Union’s Digital Operational Resilience Act (DORA) is set to go into effect on January 17, 2025, and with it will come new information security and risk management requirements placed on EU financial service providers and their associated critical third-party technology entities.

Browser extensions are a classic shadow IT concern. Assessing the reputation and security of a browser extension is crucial before installing it on a company computer, as extensions often have wide-ranging permissions that could be abused for data theft or other malicious activities. In an open environment style company, extensions generate significant shadow IT risk that needs to be managed and addressed.

Ivanti released a patch for a critical vulnerability discovered in Ivanti Endpoint Manager (EPM) that could allow for remote code execution (RCE). This vulnerability is being tracked as CVE-2023-39336 with a CVSS score of 9.6 (Critical), which is not yet actively exploited. All versions of Ivanti EPM prior to Service Update 5 are impacted. Ivanti credits security researcher hir0t for the responsible disclosure.

On January 4, 2024, Ivanti published a security advisory regarding a SQL injection vulnerability in their Endpoint Manager (EPM) solution, CVE-2023-39336. The vulnerability was rated with a CVSS of 9.6, as an attacker with access to the internal network can exploit this vulnerability to execute arbitrary SQL queries without authentication.