Dig into a selection of the best articles, code, and projects we found this past month.

Steampipe CLI

Steampipe is an open-source CLI to instantly query cloud APIs using SQL-based queries to explore dynamic data. Mods extend Steampipe’s capabilities with dashboards, reports, and controls. One of our favorite modes is the AWS compliance mode which includes 120+ controls for cloud environments. >read<

Steampipe CIS Dashboard
Steampipe CIS Dashboard

Code Execution Vulnerability In MS Office - Follina

The Follina 0-day vulnerability (CVE-2022-30190) was made public when nao_sec reported a malicious Word document on VirusTotal submitted from an IP Address in Belarus. The document performs command execution on a target even though the document is a .docx and does not contain the usual way of exploitation namely macros. >read<

Atlassian Injection Observed In The Wild

In a security advisory published on the 2nd of June, Atlassian addressed a remote code execution vulnerability (CVE-2022-26134) affecting all supported versions of its Confluence Server and Data Center products. This vulnerability allows an unauthenticated remote attacker to execute code. Greynoise documents the details of how quickly this vulnerability was exploited. >read<

Analysis Of The Wizard Spider Hacking Group

Wizard Spider is a highly profitable cybercrime group that operates a number of sophisticated malware variants in its attacks. This report contains a technical analysis of Wizard Spider’s capabilities and its command structure, which includes a complex set of sub-teams divided into software-specific groups. This information can help organizations prepare for highly coordinated cyberattacks that use distributed command structures to exploit high-value targets. >read<

Threat Intelligence: Conti Logs

The following blog from Microsoft explains a workflow for deeper data analysis and visualization as well as extraction and analysis of indicators of compromise (IOCs). Data sets from the February 2022 leak of data from the ransomware-as-a-service (RaaS) coordinated operation called “Conti” is used as a case study. The slang translation dictionary is hilarious. >read<

Graph Connections
Graph of the connections of a single user

Consider “Attackability” for Vulnerability Management

As vulnerability-management workloads surge in the face of heightened software supply chain security risks, a study reports only 3% of flaws can actually be exploited. The study also explores how to find and fix the critical 3%. It is suggested to execute a simplified threat analysis for open-source vulnerabilities resulting in a “attackability” and “reachability” score. While seeking a prioritization model like this is nothing new, the article provides a great perspective. >read<

7 Steps to Stronger SaaS Security

Software-as-a-service (SaaS) application security is often a blind spot, so give your SaaS ecosystem some extra attention with the suggested 7 basic steps. SaaS is ubiquitous, highly configurable, and continuously updated, leaving many organizations vulnerable if they aren’t closely monitoring for security gaps and changes. >read<