Introduction
Executive Summary
Vulnerabilities are one of the four key paths to your crown jewels. In the past year, vulnerability exploitation has doubled, growing stakeholder concerns of their organization’s overall security posture. This e-book is dedicated to bringing awareness to the vulnerability exploitation conversation. Throughout the different chapters, you will have the opportunity to explore many aspects of the vulnerability landscape including key characteristics, common types, and approaches to addressing the most pressing categories.
Overview
In the past year, vulnerability exploitation, as the entry point of threat actors, has doubled according to Verizon’s Data Breach Investigation Report. To find these vulnerabilities, threat actors are leveraging a wide variety of techniques including scanning IPs and open ports, crawling for specific services, testing specific CVEs, and running remote code execution.
As one of the four key information security threats of 2022, vulnerability exploitation must remain a priority in an organization’s security strategy. If a weakness is leveraged by a threat actor and they are able to gain unauthorized access to their network, an organization risks network compromise, data exfiltration, unplanned system downtime, ransomware, and more. Such cybersecurity risks can have debilitating effects across the organization, including financially, operationally, reputationally, and economically. As a result, it is crucial for organizations to do what they can to avoid vulnerability exploitation. By understanding how vulnerabilities are identified and categorized, as well as understanding standard conventions for information that can be used to measure and mitigate the risks to your organization, you can avoid exploitation all together. Refer to the characteristics and sources chapters to find out more.
With an ever changing threat landscape comes an ever evolving vulnerability market. As vulnerabilities are discovered and shared publicly, threat actors are forced to become more sophisticated in their approach to exploit weaknesses in a timely manner. In the following chapters we will explore what some of those leading vulnerabilities are today.
Vulnerability Characteristics
Common values that are important to understand as it relates to a vulnerability include Common Vulnerability and Exposure (CVE) values, Common Weakness Enumeration (CWE) values, and Common Vulnerability Scoring System (CVSS) values. These characteristics provide organizations with a common set of nomenclature to leverage throughout the industry, providing ease when developing their strategy to protect against vulnerabilities.
CVE
CVEs refer to a database that catalogs publicly disclosed vulnerabilities specific to an explicit occurrence. Thousands of new CVE’s are published every year for the good of the security industry. The goal of CVE’s is to provide organizations with a repository of known vulnerabilities to ease information sharing. The database gives organizations a starting point when it comes to vulnerability management as well as creating and implementing a proactive security strategy. The catalog serves as a baseline to evaluate current coverage against the known vulnerabilities. Keeping up with the current vulnerability market is the first step towards proper cyber hygiene.
CWE
Beyond understanding the vulnerability, organizations can benefit from understanding the characteristics of the building blocks that lead to the vulnerability. While CVE refers to the instance of a vulnerability, CWE focuses on the cause of the vulnerability type. For the security community, CWE’s provide common nomenclature for discussing weaknesses and categorizing them by software, hardware or use case. The list of weakness types provide a baseline for identification, mitigation and prevention of a weakness.
CVSS
Once an organization understands relevant vulnerabilities and the underlying weaknesses, understanding the severity of the vulnerability is extremely valuable. CVSS provides a consistent score for vulnerabilities, regardless of the industry. By leveraging the CVSS, organizations can understand the severity of the vulnerability in their environment as well as let them prioritize the remediation of each vulnerability.
Vulnerability Sources
Vulnerabilities can occur throughout an organization’s IT environment. While it is impossible to find and address every weakness, understanding the leading causes of vulnerabilities can aid organizations in the development of their security strategy.
Complex Systems
In today’s complex IT environment, incorporating cloud resources, IoT devices, and other systems-of-systems, presents an exceptionally challenging security task. To properly secure complex systems is tedious and while doing so, organizations run a higher risk of control misconfiguration and improper user access. Flaws such as these lead to a higher likelihood of vulnerabilities in the complex system.
People
The human element of security is oftentimes the weakest link. Social engineering is an exceptionally costly threat to organizations nowadays with a spike in phishing and other social engineering techniques. People are extremely vulnerable to causing vulnerabilities. This year, 82% of breaches involved the human element according to Verizon’s Data Breach Investigations Report.
Familiarity
As security has become a more streamlined function in every organization, security teams run the risk of threat actors being able to rely on their familiarity with tools, code, hardware, operating systems, etc. to find a vulnerability. Consequently, it’s important to tailor an organization’s security practices and software settings to its specific circumstances.
Connectivity
The large number of connected devices on your organization’s network presents a huge attack surface. This connectivity makes it possible for threat actors to discover and exploit vulnerabilities on your network. The number of connected devices provides many possible routes for attackers to move laterally inside the environment.
Chapters
Chapter 6: Zero-Day Vulnerabilities
Unknown vulnerabilities discovered by adversaries are extremely harmful to organizations that have invested in the software with the zero day. When exploited, these vulnerabilities can cripple the victim organization until they are able to identify the vulnerability themself. Since zero-days are not defendable until after the attack has happened, threat actors that discover a zero day are able to cause extreme havoc in the industry.
Examples
Log4J
Eight months ago the zero day, Log4J, sent security teams scrambling around the globe. Targeting the logging library found in many Java applications, the remote code execution vulnerability, CVE-2021-44228, targeted organizations by executing arbitrary code on a vulnerable host. Also known as Log4Shell, the vulnerability has been known for capitalizing on the logging library’s ubiquity and presence across a variety of services, websites, and applications throughout many industries. Log4J was seen in a variety of industries including resources, communications, media, technology, financial services, health and public service. According to a report released on July 11, the Cyber Safety Review Board (CSRB) labeled Log4J as an “endemic vulnerability”, meaning that vulnerable instances of Log4J are expected to linger for years or decades to come.
Stuxnet
In June 2010, the computer worm Stuxnet was discovered in a planned takeover of an industrial control system in Iran. Often seen as the first digital weapon, Stuxnet was the first zero-day to cause physical destruction to equipment controlled by computers. Quickly, the world realized that viruses and worms were not contained to just harming computers or stealing information. While the Zero-Day was originally targeted to the Iranian uranium enrichment plant, it has since mutated and spread well beyond Iran, targeting other industrial and energy producing systems.
Protect Against Zero-Day Attacks
Complete prevention of a zero-day is impossible. The entire nature of a zero-day is the reality that the weakness is unknown by the rest of the world. As a result, it is nearly impossible to completely protect against something that a security team does not know exists. With this in mind, there are still security best practices that can limit the impact or success of a zero-day attack. For one, patch management is key to minimizing software vulnerabilities. While patch management cannot prevent a zero-day, minimizing exposure to a software makes it that much harder for a threat actor to identify and execute on a weakness. Implementing a detection capability, such as an antivirus software that is intelligence driven (NGAV), identifies potential malicious activity beyond known malware strains. Arguably even more important than preventing a zero day is the ability to successfully respond to a zero-day and minimize the impact. Ensuring an incident response plan is in place that can guide an organization through the response of an incident will minimize the attack’s impact as well as control the narrative around the event with the public.
Conceal’s Solution to Zero-Days
At Conceal, we help organizations mitigate risk created by vulnerabilities and improve cyber hygiene. Through ConcealCloud, organizations are able to protect vulnerable systems and applications from attack on the internet, including zero days. The zero-trust hosting and access provided by ConcealCloud adds an extra layer of security between the organization’s network and the internet. By removing direct internet access to infrastructure, ConcealCloud eliminates the ability to remotely exploit critical flaws like those exposed from vulnerable software.
Chapters
Chapter 5: Supply Chain
Vulnerabilities in an organization’s supply chain affect the service of the organization to the end user. This disturbance commonly stems from a vulnerability in the application code of the supplier as a result of poor code practices. Threat actors can target vulnerabilities in the supply chain to cause havoc to organization’s that have the supplier installed in their network.
Examples
SolarWinds
SolarWinds, a system management tooling software for network and infrastructure monitoring, was breached in September of 2019, affecting more than 30,000 public and private organizations. By implementing malicious code into the software system, the bad actors were able to create a backdoor into customer environments. In the multi-year attack, the threat actors were able to unknowingly inject malicious code into the software that was rolled out to customers in an update on March 26, 2020. The advanced persistent threat actors are thought to have originally targeted SolarWinds government customers, making other collateral damage and not the main target of the attack.
Target Breach
During the holiday season of 2013, Target fell victim to one of the largest recorded security breaches to date affecting over 70 million customers in 47 of the 50 states. The attack originated with a third-party vendor of Targets, Fazio Mechanical, a refrigeration contractor. It is through this third party that the attackers were able to gain access to Target’s servers. Fazio had been given access to Target’s systems for electronic billing, contract submission and project management. This access gave threat actors, who originally had compromised the Fazio Mechanical network, the credentials needed to access Target systems themselves.
Protect Against Supply Chain Vulnerabilities
First and foremost, to protect against a supply chain attack, organizations must understand and assess their supplier’s network. Whenever network access is requested from a third party service provider, organizations need to understand the ins and outs of the request and the provider prior to granting access.
To ensure due diligence is conducted to protect yourself from supply chain vulnerabilities, the following criteria must be considered:
- What data is needed
- Who will have access to that data
- How will the data be used
- What are the current security practices at the 3rd party provider
By asking these questions and more, you will be able to understand the risks associated with the third party supplier and determine if it is an appropriate risk to take on. Arguably most importantly, it is imperative to include your third party suppliers in your incident response plan and understand what their response and remediation plans are if they are to fall victim to a breach. This way, there is a clear understanding and expectation setting of roles and responsibilities prior to an incident so that you can hold them accountable in the heat of a crisis.
Conceal’s Solution to Supply Chain Vulnerabilities
At Conceal, we help organizations mitigate risk introduced through the supply chain with a keen focus on protecting data and applications by creating an air gap between you and your vendors. Vulnerabilities in third party providers processes and software can become a conduit for cyber criminals to hop from your partner’s environment to your network. This lateral movement can be more challenging to detect, presenting a significant risk to supply chain activities. Through the use of zero-trust hosting and access provided by ConcealCloud, applications are air gapped from the internet as well as your and your partner networks.This zero-trust model also eliminates the possibility for a bad actor to accesses your network by exploiting vulnerabilities present in your partner’s eco-system, neutering their ability to move laterally onto the your network. By removing direct network access to infrastructure, ConcealCloud eliminates the ability to remotely exploit critical flaws like those exposed from vulnerable third party software.
Chapters
Chapter 4: Malicious Insider
When legitimate credentials of employees, contractors, business associates or others are maliciously or intentionally abused, extreme harm can be caused to the target organization. Detection and response capabilities are less likely to pick up on the malicious activity of a legitimate user in the moment. This reality makes the exfiltration of confidential data such as personal identifiable information of employees or customers or financial information related to the organization extremely hard to catch in the act.
Examples
Chelsea Manning
In 2010, an Army intelligence specialist, Private First-Class Chelsea Manning, copied over 750,000 pages of military reports and videos that even she was not authorized to see, let alone take. This sensitive content included military documents, diplomatic cables, and other classified information. The classified databases that this information was a part of shed light on violations of the U.S. Military’s Rules of Engagement and unreported civilian deaths by the military while in Baghdad. Chelsea leaked the information in an attempt to call out these wrongdoings.
Edward Snowden
As a government contractor employed through Booze Allen, Edward Snowden has gone down in history as one of the most famous malicious insiders to infiltrate the United States government. As a government contractor, Snowden gained access to NSA’s surveillance programs, programs that were not necessary for him to complete his work. Access and disclosure of these global surveillance programs put both the United States’ national security and the individual privacy of persons that were a part of the surveillance program at risk.
Protect Against Insider Threats
Minimizing the risk of insider threats starts with a solid security foundation. Oftentimes, insider threats are employees without malicious intent, unlike the examples above. For these cases, minimizing likelihood of insider threat is simpler, beginning with a robust security awareness and training program for all employees. For malicious insiders, minimizing likelihood is still possible but more difficult. For these cases, it is imperative for the organization to ensure employees only have privileged access when necessary. Minimizing access to systems, files, accounts, etc. that are not necessary for employees to complete their jobs will minimize the probability of sensitive data being leaked. Performing an enterprise-wide risk assessment will help with this as it will identify where your critical assets are and ensure that only the right employees have access to them. Additionally, it is imperative that organizations clearly document and consistently enforce policies and controls. This approach will address third party access, user monitoring and other important components of your IT environment to minimize the success a malicious insider may have in capturing confidential information out of your systems for them to leak.
Conceal’s Solution to Malicious Insiders
Through the investment of Conceal, a malicious insider’s ability to cause harm or havoc originating from the web is remediated. Through the combination of ConcealBrowse, ConcealSearch, and ConcealCloud, it is near impossible for a user to download malicious content or perform corruption via the internet. Specifically, ConcealCloud can be leveraged to keep people from accessing applications hosted in ConcealCloud. Without access to the sensitive data, malicious insiders are unable to cause harm to the organization.
Chapters
Chapter 3: Credentials
Credentials are the key to your kingdom and crown jewels. Weak credentials can lead to account takeovers, data breaches, and a variety of other forms of cyberattacks. Once a threat actor has a legitimate set of user credentials, they are able to move undetected within the organization’s network, making it near impossible for security controls to pick up on the malicious activity.
Examples
Colonial Pipeline
In May of 2021, Colonial Pipeline, a key oil supplier for gasoline along the East coast, fell victim to a ransomware attack. It is believed that the initial point of entry of the attack was through an exposed password for a VPN account. The credentials are suspected to have been harvested through a dark web leak. During the ransomware attack, which left pipelines off for days, the attackers were able to steal 100 gigabytes of data within two hours.
SolarWinds
While details of the SolarWinds breach can be best found in our Supply Chain Vulnerabilities chapter, it is important to note that it is rumored that this attack was successful due to a weak password supplied by an intern. By using “solarwinds123” as a password, the intern’s credentials were easily compromised and leveraged by the threat actor. Since these legitimate credentials remained active, the threat actor was able to remain undetected for almost an entire year to plant the malicious code that was pushed out in a software update.
Protect Against Credential Vulnerabilities
There are many measures an organization can take to help protect against credential related vulnerabilities. For one, an organization should enforce a password policy. Specifically, MITRE recommends the enforcement of a minimum and maximum length, restrictions against password reuse, restrictions against using common passwords and restrictions against using contextual string in the password (e.g., user id, app name). By providing a robust password policy, organizations are able to protect against brute-force attacks and other password cracking mechanisms. Additionally, a solid password policy minimizes the ability for stolen credential validity to outlive the password’s lifecycle. Simply put, this will minimize a threat actor’s ability to leverage a password harvested in a black web leak to access an organization’s network.
Conceal’s Solution to Credential Vulnerabilities
Conceal provides results to strengthen your enterprise’s defenses against threat actors and cyber threats and addresses these issues by creating solutions for security, privacy and performance with significant cost reductions. Conceal’s products guard against cyber threats like ransomware and malware; prevent websites from filtering or denying content; and provide a reduced cyber-attack vector.
Conceal’s unique network design detects, defends and isolates threats without compromising your enterprise. Conceal’s solutions lower your cyber attack profile by isolating, obfuscating and dynamically shifting your communications pathways and reducing the possibility of attribution or attack when conducting internet and online activities. By doing so, Conceal is able to limit credential gathering through web-based means.
Chapters
Chapter 2: Unpatched Software
Unpatched and out of date software opens an organization’s network up to a variety of vulnerabilities. Threat actors are able to target software with known vulnerabilities to test an organization’s patch management strategy and exploit vulnerabilities that have not been addressed. With unpatched software, threat actors can exploit vulnerabilities that the patches are looking to remediate.
Examples
Home Depot
In 2014, Home Depot fell victim to its largest data breach in company history and it was not a major surprise to many of its security experts. In fact, many former employees had been warning the home improvement chain for years that with their current security practices, they remained an easy target for hackers. In the years leading up to the data breach that compromised 56 million of its customer’s credit card numbers, Home Depot had been leveraging outdated software for protection. Their inability to patch software that they heavily relied on was the ultimate culprit to the organization’s detrimental breach.
Marriott
Dating as far back as 2014, Marriott fell victim to its largest data breach in history, compromising the data of up to 500 million guests. The breach, which was not detected in 2018, included the exfiltration of customer data including credit cards, addresses and passport numbers of many guests. It is believed by many that the root cause of the breach was due to unpatched software.
WannaCry
In May of 2017, a global epidemic took place in the world of cybersecurity. WannaCry, a ransomware worm that attacked Window PCs, took organizations by storm when the malware spread from PC to PC across the network. Prior to the exploitation of the vulnerability, Microsoft had released a patch to address the threat but as seen by the epidemic response to the weaponization, organizations were not quick enough to patch before the exploitation occurred. This ransomware is said to have affected over 200,000 computers in over 150 countries.
Protect Against Unpatched Software
Simply put, the best solution to protect against unpatched software is to patch your software. CISA has explicitly stated on many occasions that, “Foreign cyber actors continue to exploit publicly known — and often dated — software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.” In this day and age, lack of patching comes from either an overwhelmed security team or the lack of a sufficient patching plan. Patching plans need to prioritize risks. It is understood that a security team cannot patch all applications at the exact moment for which a patch is released. As a result, it is imperative for organizations to include a risk prioritization as part of their patching plan. Another imperative part of your patching plan must be to keep an updated inventory of your network and all the applications running on it so that the security team can have an accurate inventory to conduct patching on.
Conceal’s Solution to Unpatched Software
While Conceal cannot patch your unpatched software for you, our solution can maximize security efforts to minimize the damage of threat actors exploiting known vulnerabilities of web applications. By obscuring a user’s critical identity and enhancing safety, confidentiality, and performance on the web, Conceal is able to address privacy and security needs so your organization can focus on other aspects of your security program, such as patch management.
Chapters
Chapter 1: Misconfigurations
System, software, and hardware misconfigurations remain extremely prevalent as digitalization continues to be part of the security team’s transformation strategy. Security teams are overwhelmed with the changes happening around them and oftentimes put configuration validation on the back burner. Misconfigurations give adversaries specific targets to probe, looking at common software and hardware for common configuration errors.
Examples
Accenture
In September of 2017, Accenture fell victim to the compromise of client data after threat actors discovered and compromised a misconfigured AWS service. After leaving four of the company’s AWS S3 buckets open to the public, threat actors were able to expose hundreds of gigabytes of client and company data. The databases contained confidential API data, customer information, and certificates. The buckets, “configured for public access” resulted in 40,000 plaintext passwords being compromised, too.
U.S. Municipalities
In another case of Amazon S3 bucket misconfigurations, US municipalities across the United States were left exposed in 2021. In this misconfiguration breach, it was found that more than 1,000GB of data and over 1.6 million files were compromised. In this data breach, more than 80 misconfigured S3 buckets were compromised during the attack which included data relevant to residential records such as tax information to business information and government job applications. These misconfigured buckets were accessible without a password and the data was not encrypted.
Protect Against Misconfigurations
First and foremost, an easy way to protect against misconfigurations is creating a policy that does not allow for default accounts and passwords to be used. While this sounds simple, this is one of the largest configuration mistakes seen. Additionally, removing or disabling unnecessary features such as ports, unneeded services, leftover pages, and unused accounts, minimizes the attack surface of the application. Oftentimes, tools can be leveraged that can check for misconfigurations in application or cloud services and remediate improper configurations without adding more work on your security team’s plate.
Conceal’s Solution to Misconfigurations
Conceal helps prevent exploitation of misconfigurations by removing internet facing attack surface from applications and infrastructure. When you place your infrastructure and applications behind ConcealCloud you make them invisible to opportunistic and targeted attacks.
ConcealCloud also provides zero-trust access to individuals and infrastructure to protected resources. The Conceal model automatically protects against accidental misconfigurations as well as zero-day and unpatched application vulnerabilities by eliminating attacker visibility into your infrastructure. This means that the common risks such as human error and previously unpublished vulnerabilities that have no patches (think Log4J) are automatically mitigated.
Chapters
Cybersecurity Awareness Month
Welcome to National Cybersecurity Awareness Month (NCAM)! As a NCAM champion, we, here at Conceal, are devoted to being a part of this year’s mission and creating our own cybersecurity education campaign alongside the National Cybersecurity Alliance and the U.S. Department of Homeland Security. Make sure to come back frequently to be a part of the journey and understand how to “See Yourself In Cyber”.
Learn how to avoid vulnerabilities in order to secure your systems
Vulnerabilities are one of the four key paths to your crown jewels. In the past year, vulnerability exploitation has doubled, growing stakeholder concerns of their organization’s overall security posture. This e-book is dedicated to bringing awareness to the vulnerability exploitation conversation. Throughout the different chapters, you will have the opportunity to explore many aspects of the vulnerability landscape including key characteristics, common types, and approaches to addressing the most pressing categories.
Coming Soon
Episode 2 Premiere
https://conceal.io/wp-content/uploads/2022/03/Featured-Podcast-Cover-Rev.jpg 472 500 Ed Ruff https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Ed Ruff2022-10-07 15:00:582024-02-21 09:17:46Podcast Episode 7 – It’s National Cybersecurity Safety Awareness Month!
https://conceal.io/wp-content/uploads/2022/09/Featured-Itentiy-Management.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-23 11:41:192024-02-29 12:05:03#BeCyberSmart with Identity Management
https://conceal.io/wp-content/uploads/2022/09/Featured-Security-Umbrellas.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-27 09:50:482024-02-29 11:54:13#BeCyberSmart – Change Your Passwords!
https://conceal.io/wp-content/uploads/2022/10/Featured-Unpatched-Software-v3.jpg 914 2000 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-28 14:30:382024-02-29 12:04:51#BeCyberSmart – Unpatched Software
https://conceal.io/wp-content/uploads/2022/09/Featured-Phishing.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-10-24 09:36:232024-02-29 11:41:33#BeCyberSmart – Let’s Talk About Phishing https://conceal.io/wp-content/uploads/2022/09/Featured-Itentiy-Management.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-23 11:41:192024-02-29 12:05:03#BeCyberSmart with Identity Management https://conceal.io/wp-content/uploads/2022/09/Featured-Security-Umbrellas.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-27 09:50:482024-02-29 11:54:13#BeCyberSmart – Change Your Passwords! https://conceal.io/wp-content/uploads/2022/10/Featured-Unpatched-Software-v3.jpg 914 2000 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-28 14:30:382024-02-29 12:04:51#BeCyberSmart – Unpatched Software https://conceal.io/wp-content/uploads/2022/09/Featured-Phishing.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-10-24 09:36:232024-02-29 11:41:33#BeCyberSmart – Let’s Talk About Phishing https://conceal.io/wp-content/uploads/2022/09/Featured-Itentiy-Management.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-23 11:41:192024-02-29 12:05:03#BeCyberSmart with Identity Management https://conceal.io/wp-content/uploads/2022/09/Featured-Security-Umbrellas.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-27 09:50:482024-02-29 11:54:13#BeCyberSmart – Change Your Passwords! https://conceal.io/wp-content/uploads/2022/10/Featured-Unpatched-Software-v3.jpg 914 2000 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-09-28 14:30:382024-02-29 12:04:51#BeCyberSmart – Unpatched Software https://conceal.io/wp-content/uploads/2022/09/Featured-Phishing.jpg 737 1613 Website Administrator https://concealio.wpengine.com/wp-content/uploads/2022/05/Conceal-Header-Logo-300x80.png Website Administrator2022-10-24 09:36:232024-02-29 11:41:33#BeCyberSmart – Let’s Talk About Phishing
