WebOrion© Blog

AWS CloudGoat and mitigation strategies: Part 3

AWS Cloudgoat and mitigation strategies Part 3 This is part 3 of the series on AWS Cloudgoat Scenarios and the mitigation strategies. In this part, we cover Scenarios 4 and 5: Scenario 4: Privilege escalation via EC2 instance (iam_privesc_by_attachment) Scenario 5: Privilege escalation via SSRF web application exploit (ec2_ssrf) testerjm.pem --region us-east-1 --profile kerrigan Next just set the permission on the SSH key on...

Read More
AWS CloudGoat and mitigation strategies: Part 2

AWS Cloudgoat and mitigation strategies Part 2 This is part 2 of the series on AWS Cloudgoat Scenarios and the mitigation strategies. In this part, we cover Scenarios 2 and 3: Scenario 2: Privilege escalation via AWS Lambda (lambda_privesc) Scenario 3: Misconfigured EC2 Reverse Proxy to S3 Breach (cloud_breach_s3)...

Read More
AWS CloudGoat and mitigation strategies: Part 1

Introduction As cloud computing is becoming mainstream, the security concerns associated with it has been increasing as well.Most of the public cloud users understand that this is a shared responsibility between the cloud provider and the users as well. According to Gartner, 95% of all cloud security failures are due to misconfigurations. We thought that this would be a good way to highlight...

Read More
Unpatched Code Snippets Plugins Puts over 200,000 WordPress Sites at Risk

More than 200,000 websites using WordPress with unpatched open-source code snippets allows attackers to take over WordPress sites due to missing referrer checks on the import menu. (Figures are based on the number of active installations in the WordPress Library). Wordfence researchers explained that “The plugin developer protected nearly all endpoints of this plugin with WordPress “nonces” for greater security. However, the...

Read More
WebOrion secures The Learning Lab’s web digital assets

The Learning Lab is a premier learning enrichment centre in Singapore that embraces technology to allow interactions between teachers, students, and parents to extend beyond classrooms. WebOrion is an All-in-One Web Security & Performance Suite that fortifies, accelerate and monitor your websites. Built by our team of experienced security professionals, we believe in having a holistic approach to securing your...

Read More
WebOrion partners with Trustwave SOC to provide Website Defacement Monitoring for Major Global Logistics Company

WebOrion is used by a global logistics company with headquarters in Singapore to protect and detect website defacement. Delivered in partnership with Trustwave’s Security Operations Centre (SOC) in Singapore, WebOrion equips analysts with the capability to provide continuous website monitoring service with real-time alert upon detection of illegal modification in the website’s asset. The monitoring suite is deployed in Software-as-a-Service (SaaS)...

Read More