Quadrant Information Security

Stay on top of the latest threats and receive expert guidance from our threat analysts -- free to your inbox. Sign up: https://lnkd.in/gtKtTV3U

Threat Alert: Palo Alto Network Authentication Bypass Exploit Palo Alto Networks has released security updates to address a high-severity vulnerability in its PAN-OS software, identified as?CVE-2025-0108, with a CVSS score of 7.8. Read More: https://lnkd.in/efZwB7w6

What is Continuous Threat Exposure Management (CTEM)? In short, it's a way to stay on top of the exposure and exploitability of both digital and physical assets—keeping them resilient from threats that come out of today's ever-expanding attack surface. Of course, there's a lot more that goes into CTEM, which is why we did a webinar taking a deep dive into the topic. Don't worry if you missed it; you can watch the replay here: https://lnkd.in/eccwfzAE #CTEM #IT

Even the most powerful #cybersecurity tools are hampered if interoperability isn't assured. At Quadrant, we partner with top security tools to help you stay secure without needing to rework the way you...well, work. https://lnkd.in/erfbFmTM #SOC #IncidentResponse

Today honors the life and work of Martin Luther King Jr. Join us in taking a moment to reflect on Dr. King's legacy and ideals—and what we can do to further his goals of equality for all.

"And then they clicked on the link..." That's the beginning to most horror stories in the #cybersecurity world. It's how the real-world spearphishing incident at an east coast private equity firm started—but fortunately, that firm brought in Quadrant, and thanks to our quick action, the story has a much happier ending than they anticipated when the attack unfolded. Read more about how Quadrant protected the firm at https://lnkd.in/eWK2iaaC #cybersecuritycasestudy #spearphishing #phishing

Don't embark on 2025 without a top-notch Security Operations Center. The best #SOC experts can keep your company secure and resilient in the face of #cybersecurity threats...and it so happens that the Quadrant experts are among the best of the best. But don't take our word for it: Devo's 2024 SOC Analyst Appreciation Day honored not one, but three of our esteemed staff: https://lnkd.in/g4ggiB5A #SecurityOperationsCenter

All of us at Quadrant Information Security wish you a Happy New Year—one filled with safety and security (we'll help on the digital side of things!)

Happy Holidays, from the Quadrant family to yours!

Threat alert: Critical Apache Struts Remote Code Execution Vulnerability (CVE-2024-53677) *Informational Only* A critical vulnerability has been identified in the popular Apache Struts framework, allowing threat actors to potentially execute arbitrary code remotely. There is evidence that this vulnerability is already being exploited in the wild. The root cause of this flaw is found in the file upload logic, which can be exploited to perform path traversal and malicious file upload. Vulnerable Apache Struts Versions: 2.0.0 to 2.5.33 6.0.0 to 6.3.0. 2 By manipulating the file upload parameters, an attacker can potentially achieve: —Path Traversal: Uploading of files to arbitrary locations within the server, bypassing security mechanisms. —Remote Code Execution (RCE): Execution of malicious code by uploading and triggering executable files, such as .jsp scripts or binary payloads. Recommendations: Apache users should upgrade to Apache Struts 6.4.0 or later. Note that this migration requires code refactoring due to non-backward compatibility. On behalf of our clients, our team of Threat Analysts and Detection Engineers immediately updated our detection rules for this exploit. We will continue monitoring for these threat signatures and respond accordingly. Subscribe to have Threat Alerts sent to your email as they're issued so you can act rapidly. Alerts are informational only. https://lnkd.in/gtKtTV3U