Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
If you have ever watched a movie or television show that depicted hacking, you have probably heard the phrase, “I’m in”. A character in the story hacks into a network remotely in mere seconds without performing any type of reconnaissance to identify vulnerabilities. This is most likely done to save time and to keep the audience engaged in the story. In reality, reconnaissance and initial access can be some of the most time consuming attack phases for cybercriminals. This is why many ransomware groups outsource this task onto affiliates and initial access brokers (IAB). Although Hollywood hacking is not always accurate, there is one thing that is true and we can take away, which is that cybercriminals enjoy the path of least resistance.
Depending on the sophistication of the threat actor, exploiting a vulnerability in a public-facing system may be easier than creating a spear phishing campaign that may or may not work. Remote code execution (RCE) is a cyber attack where a threat actor can execute code or commands on a device remotely from anywhere in the world. Due to this, RCE vulnerabilities are usually considered critical for organizations. Once a proof of concept or exploit is developed for these vulnerabilities, it does not take long for cybercriminals to start scanning the Internet for vulnerable systems. Organizations should prioritize and patch these vulnerabilities before an attacker has time to say, “I’m in”.
Digital Shadows (now ReliaQuest)’ Vulnerability Intelligence capability can help organizations make threat-informed decisions in a timely manner. No more scouring the web for information about vulnerabilities, such as if an exploit is available or if the vulnerability has been embedded into penetration testing tools. Digital Shadows (now ReliaQuest) provides all of this context in one, centralized location; the SearchLight portal. If you haven’t already, check out our last Vulnerability Roundup blog which provides a detailed overview of several critical need-to-know vulnerabilities from August 2022.
For this month’s vulnerability intelligence blog, we are going to go over five RCE vulnerabilities that organizations should prioritize from Microsoft’s September Patch Tuesday.
There is a critical vulnerability, tracked as CVE-2022-34718, affecting a TCP/IP component in Microsoft Windows operating system. An attacker can perform remote code execution by sending a custom IPv6 packet to a Windows system that is using IP Security (IPSec) for secure tunneling. The vulnerability has a CVSS base score of 9.8 and a proof of concept exploit for the vulnerability is available on GitHub.
Microsoft released a patch for the RCE vulnerability, tracked as CVE-2022-34721, affecting the Internet Key Exchange (IKE) Protocol Extension in Microsoft Windows operating system. This vulnerability could allow an unauthenticated attacker to perform remote code execution. The IKE is a protocol used to set up secure and authenticated communication channels for IPSec. The vulnerability has a CVSS base score of 9.8. Several working exploits have been published on GitHub and Twitter.
The next RCE vulnerabilities, tracked as CVE-2022-34700 and CVE-2022-35805, were found in Microsoft Dynamics 365. Microsoft Dynamics is a customer relationship management system available to Microsoft Office 365 business customers. Both of the vulnerabilities have a CVSS score of 8.8. In order to exploit these, an authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as the database owner within their Dynamics CRM database. However, exploitation relies on the attacker using an authenticated account.
After recording each scene in a movie, the director yells, “Cut!”. It would be nice if security teams could do the same at the end of each shift or when they need more time to investigate a vulnerability. Unfortunately, real life moves forward with or without you and criminals will be criminals. However, network defenders are not alone.
Digital Shadows (now ReliaQuest)’ Vulnerability Intelligence capability can help organizations make timely, threat-informed decisions during the vulnerability investigation process. You can test drive SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) and see the rich context available for each CVE, including risk factors, threat actor and malware associations, exploits, news, and much more.
Not ready to chat? Download a copy of our Vulnerability Intelligence Solutions Guide to learn more about how threat intelligence can help!