Skip to content

Finding FortiOS, FortiProxy, and FortiSwitchManager assets on your network

News surfaced late last week of a critical authentication bypass vulnerability present in the web administration interface of some Fortinet products. Successful exploitation of this vulnerability (tracked as CVE-2022-40684) via crafted HTTP and HTTPS requests can provide remote attackers with admin-level command execution on vulnerable FortiOS devices including FortiGate firewalls, FortiProxy web proxies, and FortiSwitchManager assets.

What is the impact?

With a CVSS critical score of 9.6, attackers running admin-level commands on compromised assets may have the ability to persist presence, explore connected internal networks, and exfiltrate data. Fortinet is aware of at least one exploit of this vulnerability in the wild, and Bleeping Computer offered a Shodan search showing more than 140k publicly accessible FortiGate devices which may be running vulnerable FortiOS. Additionally, security researchers with Horizon3.ai are planning on publishing an exploit PoC this week. For admins wanting to check if a FortiOS/FortiProxy/FortiSwitchManager asset has been exploited, Fortinet does provide an indicator of compromise (see the “Exploitation Status” section).

Are updates available?

Fortinet has called out the vulnerable FortiOS, FortiProxy, and FortiSwitchManager versions in their advisory and has made updates available for affected products. Admins should ensure that affected models are updated to the latest version as soon as possible. If updates cannot be completed in the near term, Fortinet does provide some mitigation steps (see the “Workaround” section) that can be taken to secure vulnerable assets.

How do I find potentially vulnerable FortiOS, FortiProxy, and FortiSwitchManager assets with runZero?

From the Asset Inventory, use the following pre-built query to locate FortiOS, FortiProxy, and FortiSwitchManager assets that may need remediation:

os:FortiOS or product:FortiProxy or product:FortiSwitchManager

As always, any prebuilt queries are available from our Queries Library. Check out the library for other useful inventory queries.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

CISAnalysis – October 11, 2022

Fortinet Authentication Bypass Vulnerability

First up, CVE-2022-40684 affects multiple Fortinet products: FortiOS, FortiProxy, and FortiSwitchManager. The vulnerability, which was only recently discovered and disclosed last week, allows an attacker to execute code masquerading as an authorized user. With this device takeover, they can perform privileged operations, such as viewing files, changing permissions, and other confidential activities. So in this case we would likely see this as the start of a string of moves deeper into the victim’s network. Since switches connect devices across networks, this opens up the attack surface to an even greater degree. As is typical, vulnerabilities are exploited as the entryway in, so it is imperative to update the affected versions immediately.

Windows COM+ Event System Service Privilege Escalation Vulnerability

CISA did not waste any time adding an escalation of privilege vulnerability in Windows COM+ Event System Service to the KEV on the same day a patch was released.

Microsoft has rated the severity of CVE-2022-41033 as “Important” which is analogous to the High CVSS score it received. So although none of these organizations gave it a Critical rating, Microsoft’s update guide paints a different picture. The attack complexity is low and user interaction is not required, making this an easy vulnerability to exploit. The silver lining is that the attack vector is local, so they’ll need access to a regular user computer. But not all that glitters is gold, of course. The attacker will most likely reroute and target someone on the inside to exploit the vulnerability, e.g. tricking a legitimate user into opening a malicious document. So again, it will be crucial to remind employees (especially during National Cybersecurity Awareness Month) to stay vigilant and report any signs of phishing.  An attacker can gain SYSTEM privileges, so it is important to install the updates as soon as possible.

#cisa #cisanalysis #microsoft #fortinet #vulnerabilities

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Applying Zero Trust to PAM

The implementation of the Zero Trust-based security model has gained space in recent times, promoting the default approach of never trusting, and always checking before granting access to a company’s perimeter.

This practice is extremely important to ensure cybersecurity, especially in the context of remote work, with employees having access to the resources of the company from any environment and device.

Therefore, we prepared this article exploring the concept of Zero Trust and explaining its relationship with PAMtools. To facilitate your reading, we divided our text into topics. They are as follows:

  1. What Is the Concept of Zero Trust?
  2. What Are the Top Three Aspects of Zero Trust?
  3. What Is Its Importance?
  4. What Are the Advantages of this Approach?
  5. How to Implement this Security Model?
  6. Evolution of Zero Trust
  7. About PAM
  8. Zero Trust and PAM: How to Apply the Concept of Zero Trust in Privileged Access Management?
  9. About senhasegura
  10. Conclusion

Enjoy the reading!

What Is the Concept of Zero Trust?

Never trust, always check. This is the motto used in the Zero Trust cybersecurity model. According to this concept, it is recommended to grant minimum privileged access, after verifying who the requester is, what is the context of the request, and the risk offered by the access environment.

In this way, one can protect work environments, such as cloud technologies, SaaS, DevOps, and robotic automation, reducing the attack surface and the costs for organizations.

In practice, the Zero Trust security model recommends all users be verified before gaining access to a particular system in order to protect it from external attacks, malware, and insider threats.

That is, they must be authenticated, authorized, and validated continuously before receiving access to applications and data and during the access.

To apply the concept of zero trust, advanced technologies are used, including IAM (Identity and Access Management), multi-factor authentication, identity protection, and endpoint security.

One also needs to promote data encryption, email protection, and verification of asset and endpoint hygiene to connect to apps. 

What Are the Top Three Aspects of Zero Trust?

The Zero Trust security model is based on three aspects, which must be considered by organizations. They are as follows:

  • Policies

To ensure digital security through the Zero Trust security model, it is critical to create and implement strict security controls, ensuring access to IT environments only for certain people in specific circumstances.

  • Automation

Through automation, it is possible to implement the concept of Zero Trust, avoiding human failures and correcting any deviations immediately.

  • Visibility

To protect IT devices and assets, it is imperative to identify and monitor them. After all, it is impossible to protect what is not managed, and it is impossible to manage what is not known. That is, to properly protect your infrastructure, you need to know what equipment the company has or has access to.

What Is Its Importance?

Companies around the world face problems related to insider threats, generated by third parties or even by errors, accidental or not, committed by employees and former employees.

Thus, giant corporations, such as Google, started to adopt the security model based on Zero Trust, since the old model “trust, but verify”, proved to be insufficient to guarantee digital security. 

In 2015, the U.S. Office of Personnel Management experienced cyberattacks, which motivated the House of Representatives to suggest the adoption of Zero Trust by government institutions. This is because adopting the concept of zero trust ensures effective control of networks, applications, and data. 

Thus, in 2021, President Joe Biden signed the Executive Order for Improving the Nation’s Cybersecurity. This order considers the implementation of Zero Trust-based policies in all agencies of the American government. 

Another important reason to join the security model based on Zero Trust is the possibility of providing digital security to remote work. 

What Are the Advantages of this Approach?

As you have seen, adopting the concept of Zero Trust is essential to provide cybersecurity to organizations nowadays. Among its benefits, we can highlight:

  • Superior risk mitigation by reducing the attack surface and controlling lateral movement in the network;
  • Enhanced digital security and support for mobile and remote employees;
  • Defense of applications and data, regardless of whether they are on-premises or in the cloud;
  • Strong protection against advanced threats, such as Advanced Persistent attacks (APTs).

Finally, Zero Trust-based security allows one to segment the network by identities, groups, and roles, helping to contain cyber threats and reduce potential damage. 

How to Implement this Security Model?

The implementation of the Zero Trust-based security model requires that the accesses requested are proven to be reliable. For, it is essential to:

  • Classify Data

The first step in implementing this security model in your company is to segregate and assign value to the data to be accessed, defining who can access it and how, according to its classification (secret, confidential, internal, or public) and urgency. 

  • Monitor Network Environments

To detect irregularities, it is extremely important to know the traffic and how the information is shared.

  • Map Risks

Another essential measure is to map the external and internal risks to which the systems are exposed. 

  • Officialize the Use of the Approach

It is also essential to adapt policies, procedures, manuals, and other documents to the Zero Trust security model, making the adoption of this approach official. 

  • Identify Accesses

Finally, it is absolutely essential to understand what are the types of users on the network, their roles, and the type of access they have. With this, one can authenticate them, ensuring a high level of security. 

Evolution of Zero Trust

The concept of Zero Trust emerged in 2010, as an expression coined by Forrester, which was synonymous with the micro-segmentation security approach and related to the creation of secure zones in data centers and cloud solutions used to individually protect workloads. 

This approach has become useful as traditional security mechanisms have proven inefficient in the face of technologies such as cloud computing, virtualization, and mobile devices.

Before that, companies had been building walls around their sensitive data, which used to be transmitted through physical devices or from an internet access point, protecting, monitoring, and controlling that information. 

In practice, it is possible to protect physical devices by managing systems and antivirus. However, the in-depth approach proved to be insufficient for IT services performed outside the security perimeter. 

For this reason, providers of digital security-related products and services have been adhering to the Zero Trust-based security model since 2010, including all types of cyber solutions.

More recently, Forrester published its annual report “The Forrester Wave: Zero Trust eXtended (ZTX) Ecosystem Providers, Q4 2018”, defining seven controls considered basic principles of this approach. They are as follows: 

  • Network Security;
  • Device Security;
  • Identity Security;
  • Application Security;
  • Data Security;
  • Security Analysis; and
  • Security Automation. 

 Gartner has proposed the Continuous Adaptive Risk and Trust Assessment (CARTA) approach, which also brings seven principles, with zero trust being its first one. This concept is related to the balance between risk and trust, considering the confidence needed to gain access to high-value assets. 

About PAM

In general, organizations rely on sensitive data and digital assets that should not be accessed by all users at the risk of leaks generated by human failures or even the action of hackers, who capture authorized accounts to move through the network.

To avoid this type of problem, it is recommended to use Privileged Access Management (PAM), a digital security tool that makes it possible to reduce the privilege of users to the minimum necessary to perform their tasks. 

In short, PAM allows one to store and save credentials of authorized users on the network and manage their accounts, recording their activities and granting access only if they provide an explanation. 

Zero Trust and PAM: How to Apply the Concept of Zero Trust in Privileged Access Management?

Associated with the concept of Zero Trust, a PAM solution provides digital security for companies. Its job is to promote centralized access management through the control, storage, segregation, and tracking of credentials with access to the IT environment.

Thus, one can make sure the access is actually being made by a user and they are allowed to access that environment.

The main features of PAM that allow organizations to apply Zero Trust practices are:

  • Credential Management

With Zero Trust and PAM, you can define administrators and user groups by stipulating their accesses and permissions and managing the full cycle of their credentials.

  • Segregation of Access

This solution also allows you to isolate critical environments and detect suspicious activities, avoiding problems arising from unauthorized access.

  • Approval Workflows

PAM access requests are easy to configure and make it possible to comply with multilevel approval flows and validate explanations provided by the requesters. 

  • Behavior Analysis

Another feature of PAM that optimizes the Zero Trust security model is the monitoring of user actions, which allows identifying and responding to changes in their behavior patterns and access profiles. 

  • Unauthorized Access

PAM also allows denying access to users who are outside the company’s policies, for example, using the password of a credential not managed by the solution.

  • Action Analysis

PAM also analyzes activities performed by users and generates alerts that allow inappropriate actions or fraud to be detected. 

  • Session Blocking

Finally, whenever there is suspicious activity, the administrator can block the user session in IT environments or operating systems. 

About senhasegura

senhasegura PAM allows you to securely manage generic and privileged credentials, ensuring protected storage, access segregation, and usage traceability.

With this, PAM enables organizations to adopt Zero Trust and respect the strictest access controls to privileged credentials in an automated and centralized manner, preventing cyberattacks and leaks of sensitive information. 

Check out some benefits of senhasegura PAM for your company:

  • Control of misuse of privileges;
  • Securely-coded password management;
  • Protection against insider threats and theft of critical data;
  • Monitoring and recording of activities performed during privileged sessions;
  • Automatic reset of passwords or based on an established schedule; and
  • Simplified generation of audit reports from a central audit data repository.

Conclusion

In this article, you saw that:

  • The Zero Trust security model recommends to never trust, always check;
  • This means that, before granting privileged access, it is necessary to verify who the requester is, the context of their request, and the risks offered by the access environment;
  • This measure makes it possible to protect IT environments from external attacks, malware, and insider threats;
  • Advanced technologies are used to apply the concept of zero trust;
  • The Zero Trust security model is based on three aspects: policies, automation, and visibility;
  • Large corporations, such as Google, use this concept in their practices;
  • Improved digital security for mobile and remote teams is one of the top benefits generated by the Zero Trust-based security model;
  • To implement this security model, one must classify data, monitor network environments, officialize the use of the approach, and identify accesses.
  • The concept of Zero Trust emerged in 2010 and has evolved until now;
  • PAM is a solution that allows reducing the privilege of users to the minimum necessary to perform their tasks;
  • Associated with the concept of Zero Trust, PAM ensures digital security for companies, promoting centralized access management through the control, storage, segregation, and tracking of credentials with access to the IT environment.

Do you want to learn how Zero Trust and PAM can contribute to your company’s digital security? Contact us. 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

How runZero helps with red team security

It’s cyber security awareness month, which is why we’re doing a series of blogs to help you identify ways to use runZero to boost your security. We’re kicking off the series with ways to integrate runZero into your red team best practices. Red teams test the effectiveness of an organization’s security controls, including those in place to defend networks, endpoint hardware and software, as well as physical locations. Red teaming focuses on the concept that an organization doesn’t know how secure they are until they’re attacked. Therefore, red teams are critical in helping organizations uncover their weaknesses before a real world attacker does, empowering the organization to be proactive instead of reactive. Let’s dig into three important red team security practices, explain their importance, and share how runZero can be best applied to each practice.

Best practice #1: Perform routine assessments

A red team assessment can include more than just penetration testing, it can also include social engineering exercises, physical penetration tests, and threat modeling as well. Tactics, techniques, and procedures (TTPs) that emulate real-world cyber attacks are critical red teaming elements. Routine assessments help keep the company prepared and can expose new vulnerabilities in the software being used or the employees that are accessing the data. Of course, these routines should always include a follow up with the results, but it is important to keep the initial assessment under wraps from the majority of the organization (except perhaps the security team, which should be determined ahead of time when negotiating the scope of assessment) to ensure an authentic representation of the existing security. runZero delivers network visibility that can expose links between assets, helping you determine the severity of risk based on the results. For example, if someone with access to customer data succumbs to a phishing attack, you can identify systems in the network an attacker could have gained access to. runZero also offers vulnerability integrations, which will enrich your asset inventory with your vulnerability scan results. With a centralized view of your assets and their vulnerability results, you can identify high-risk assets and assess the risk to your network. This creates increased value in the security assessment results and may be a great way to encourage more thorough security training throughout the company.

Best practice #2: Record everything

runZero offers more accurate asset information so you can track and identify assets that are connected on the network. This makes those security comparisons easier, as well as the overall identification of what assets are accessible. As your red team conducts security assessments and penetration tests, the team should be recording everything–from the methods used to the assets that were accessed. This allows your team to routinely repeat the process to either validate remediation or mitigation efforts or to look for new weaknesses. Having clear documentation will allow for better analysis, as similar assets can be easily compared for the same security risks. Knowing the assets that can be compromised is critical for identifying so many other issues and risks on your network. Users can be identified making it easier to track:
  • Remote access services
  • Software versions with unique vulnerabilities
  • Individual assets that are linked to sensitive data
Tracking the items listed above can make implementation of stronger security measures easier to execute efficiently.

Best practice #3: Choose the best tools

One of the first things that red teams focus on is reconnaissance. During this initial phase, it is critical to gather as much information as possible from target networks and systems. Discovery usually entails enumerating domains owned by the organization and scanning internal networks to collect information about the devices connected to them. Red teams generally perform both passive and active methods of reconnaissance, leveraging a myriad of tools to support their efforts. With runZero, you can scan public facing and internal assets to gather details about them, like their OS, open services, installed software, and SSH versions. Once the red team has enough information about the target systems, they can leverage this data to find misconfigurations, identify potential vulnerabilities, and better plan their attack methods. As a part of regular penetration tests, the red team is responsible for finding creative ways to exploit vulnerabilities. This means being aware of current system and application vulnerabilities and looking for new vulnerabilities in company software using unique methods to extract data. While this data is ultimately taken back with an intent to strengthen the security against such exploitation, the practice of being able to think like an attacker is valuable to red team practices. Red team exploitation exercises are meant to bring weaknesses in data and network security to light and can result in preventative measures. Exploitation requires choosing the right tools. For the exercise to be as authentic as possible, the tools used often need to balance effectiveness with being undisruptive. Red team methods should safely work with fragile systems with the goal of not raising any alarms or disrupting work flow.

Stay tuned for more

This is the first post for the runZero cyber security awareness month blog series. In this post, we covered best practices of routine assessments and detailed recording. We also went over the importance of vulnerability exploitations and how runZero can be applied to help in your red team endeavors.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Not So Fast: Analyzing the FastCompany Hack

When FastCompany’s website was hacked late Tuesday night, it sent shockwaves through the media world, underscoring the importance of routine cybersecurity inspections for media companies. Now, in the wake of the prominent hack, media companies are scrambling to secure their content management systems.

So, what happened and how?

Well, the hacker (who went by the name “postpixel”) managed to infiltrate FastCompany’s content management system (CMS) and post stories that looked like they were from FC’s editorial team. They also hijacked FastCompany’s Apple News feed (a first), broadcasting obscene push notifications replete with racial slurs and, uh, an “invitation for a particular sexual act,” according to The Verge.

In a statement, FastCompany responded with the following:

“The messages are vile and are not in line with the content and ethos of FastCompany. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved.”

As of this writing, FastCompany.com was still offline.

Source: FastCompany

In a warning of sorts, the hacker also left a message to FastCompany’s readers, detailing their execution of the hack while criticizing FC’s feeble attempts at security remediation:

Source: FastCompany via The Verge

According to “postpixel,” they were able to gain access to FastCompany’s systems by exploiting an insecure password shared by an FC site administrator. They also claimed to have traded FC’s data in a forum for black-hat hackers, including sharing records on FastCompany employees, and even sharing unpublished FastCompany articles.

This may be headline news today, but this is just the latest hack in a string of cyberattacks on media companies. In recent months, both The New York Times and The Wall Street Journal have reported that their systems had been compromised by hackers. You can bet that there will soon be a new headline to replace FastCompany.

The bottom line: These incidents serve as a reminder that media companies need to take steps to secure their data and protect their employees.

Most of all…

Trust No One.

In the wake of high-profile hacks at major media companies like Fast Company, it’s clear that traditional approaches to cybersecurity are no longer enough. One of the most important things companies can do to protect themselves is to implement stronger internal security models.

The shocking conclusion tech and media companies are just now coming to terms with is that people are the weakest links in security. As a result, they’re taking a firm “trust no one” stance.

The security buzzword for this is “Zero Trust,” which simply assumes that a company can be breached no matter what, including by its own unwitting users. The un-named FastCompany “administrator,” for instance, who shared passwords inside the firm.

With zero trust, every user and every device is treated as a potential threat. This means that all traffic must be authenticated and authorized, regardless of where it’s coming from. What’s more, a core component in a proper zero-trust environment is behavioral analysis. In a nutshell, your software should monitor network behavior and flag suspicious activity. This makes it much harder for hackers to gain access to a company’s network, because they would need to have valid credentials each step of the way.

Zero trust also includes comprehensive vulnerability management. This means regularly scanning for vulnerabilities and patching them as soon as possible. Behind the scenes, I’d wager FastCompany is arguing over how to best implement new security measures and protect itself from future attacks.

But creating a new security architecture is no easy task, especially for a major media company. For FastCompany, it will likely involve completely gutting its current system and renovating it from top to bottom. That will require education and buy-in from FastCompany’s senior leadership, middle management, and even its freelancers.

We have some advice, if you’re listening, FastCompany…

So You’ve Been Pwned. What to Do Next.

Every journey begins with a single step. For FastCompany, one of the most important things it (and other media companies) can do is to regularly inspect their cybersecurity protocols and make sure they are up to date. This includes ensuring that passwords are strong and, ahem, not openly shared and/or reused across multiple accounts.

While it may seem like I’m picking on FastCompany, it’s just one example – this type of attack could happen to any media outlet. In order to protect themselves, media companies need to make sure they have a robust vulnerability management program in place.

Vulnerability management is all about identifying, prioritizing, and fixing security flaws within an organization’s systems. If a media company doesn’t have a good handle on its vulnerabilities, it’s leaving itself wide open to attack.

There are a few key things that all media companies should do to shore up their defenses:

  • Conduct regular security audits: By regularly assessing their systems for vulnerabilities, media companies can stay ahead of the curve and fix any problems before they’re exploited.
  • Keep software up to date: Relying on outdated software makes it easy for hackers to gain access to a company’s systems. Make sure all software is up to date. This way, media companies can close off this avenue of attack.
  • Educate employees: Hackers often exploit human error through social engineering to gain access to systems. By educating employees on security best practices, media companies can make it much harder for hackers to succeed, even if they’ve already breached their walls.
  • Implement strong security controls: FastCompany’s hack highlights the importance of having strong security controls in place. By implementing measures like two-factor authentication (2FA), media companies can make it much more difficult for hackers to gain access to their systems.
  • Plan for the worst: No matter how many safeguards a media company puts in place, there’s always a chance that they could be hacked. That’s why it’s important to have a plan in place for how to handle a breach if one does occur.

In today’s world, it’s not enough to simply have strong security measures in place. Organizations also need to be constantly monitoring their systems for vulnerabilities that could be exploited by hackers.

In the wake of the FastCompany hack, it’s also important for media companies to consider how they share information internally. In many cases, it may be necessary to restrict access to certain sensitive data or conversations to a smaller group of people.

By taking proactive measures to address vulnerabilities, media companies like FastCompany can dramatically reduce their chances of being hacked and safeguard their content from being hijacked by malicious actors.

#vicarius_blog #hacked #fast_company #cybersecurity

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×