In Part I, we put on the shoes of a novice hacker and easily exploited a Confluence Server on the public internet, resulting in full network access. We also realize the problem is not specific to a software vendor but rather the common practice of placing servers on the public internet. Make sure to read Confluenza: What is CVE-2021-26084 and why should you care by Gil Azrielant (CTO, Axis Security) for more technical details around this exploit.

It feels like there’s a new story every week about a vulnerability that affects thousands of enterprises. This is great job security for everyone working in InfoSec, as well as anyone on the “other” side! Before we get to the fun stuff, I want to reiterate how vulnerabilities like this can happen to any vendor. We are here to learn from these situations and share insights on how these types of situations can be mitigated.

Increasingly often, the security world buzzes about a new vulnerability that keeps everyone on their toes.

I built it – and hackers came It’s been an eventful 12 months. With people working from home, there’s been an over 40% surge in machines accessible from the internet running RDP, with RDP attacks up over 400%. 1 This site even has instructions for how to create more than one RDP instance on the same Windows 10 machine. 2 There are also these instructions for Windows 2016, that create a larger attack surface that by allowing multiple RDP connections into the same endpoint.

2020 saw a number of things that rose more than 1500%: Let’s focus on the latter. According to a new threat intelligence report from Nuspire, and their threat intelligence partner Recorded Future, in Q1 2021, “there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.”