Lin Hsin Hsin Cyber Security Center


Vulnerability Intelligence Report

1 Introduction
In today’s threat landscape, security teams are frequently forced into reactive positions, thus lowering security program efficacy and sustainability. However, strong foundational security program including vulnerability and assets assessment processes, are essential to building resilience in a persistently elevated threat climate.


2 Lin Hsin Hsin Threat Intel Center
Research at Lin Hsin Hsin Threat Intel Center analyzes thousands of vulnerabilities in order to identify their root causes, broaden understanding of attacker behavior, and provides actionable intelligence that guides users and even security professionals at critical moments. Our Threat Intelligence examines and deep dives into websites and Apps alike to highlight all vulnerabilities and high-impact attacks based on the OSI model, which empowers our significant Vulnerability Intelligence Reports as detail as at code level for organizations of all sizes across industries worldwide.


3Vulnerability Assessment
3.1Definition
Vulnerability Assessment is a process which aims to i dentify & prioritize vulnerabilities that exist within a given set of assets within the organization, regardless of the type of vulnerability.

3.2The Scope
The scope for a vulnerability assessment varies. Testing can take place against a network environment, applications, databases, or wireless networks or all the above.


4Vulnerability Intelligence Report
4.1 The Assessment
Vulnerability tools are deployed to assess the security posture of the Websites & Apps for an organization.

Vulnerability Intelligence Report is the result of a deep dive into some 50 of the most notable vulnerabilities which our investigation offers, covering

🎯 widespread threats
🎯 prominent attack surface area
🎯 meteoric rise of phishing attacks
🎯 0-day exploits

providing Unique Count by these classifications:

Critical Severity Vulnerabilities
High Severity Vulnerabilities
Medium Severity Vulnerabilities
Low Severity Vulnerabilities
4.2 Vulnerability Assessment Report versus Penetration Testing Report


1 They both contain information on vulnerabilities & weaknesses in the organization
2 A Vulnerability Assessment Report identifies vulnerabilities.
3 A Penetration Test involves hands-on exploitation of vulnerabilities to gain access to:

➖ data
➖ networks
➖ systems
➖ proprietary insider information

Since multiple vulnerabilities may be exploited as part of the simulated breach A pentesting is required to gain better understanding to how best to prevent that breach when remediating.

Customarily, pentesting is practised within the organization with Red Teaming because of access control.

5 Recommendations
📍 Recommendations in Vulnerability Intelligence Report are based on the available findings from the assets within the organization.

📍 Other elements used to assess the current security posture would include:

➖ Policy review
➖ A review of internal security controls & procedures
➖ Internal red teaming/penetration testing, if any.


As such, organization needs to:

📍Patch management and system configuration are the main security elements that need to be addressed by the organization


📍 Keep up with operating system-level and cumulative updates. Falling behind on these regular updates can make it difficult to install out-of-band security patches at critical moments.


📍 It is recommended that a patch and configuration management process be implemented to audit system risk level and configuration drift as soon as they are available.


📍While it is possible to remediate all discovered vulnerabilities through applying patches or adjusting system configurations, issues will re-appear as new vulnerabilities are discovered


📍 Have emergency patching procedures and incident response playbooks in place so that in the event of a widespread threat or breach, your team has a well-understood mechanism to drive immediate action.


📍 Have a defined, regular patch cycle that includes prioritization of actively exploited CVEs, as well as network edge technologies like VPNs and firewalls. These network edge devices continue to be popular attack vectors and should adhere to a zero-day patch cycle wherever possible, ie updates and/or downtime should be scheduled as soon as new critical advisories are released.


📍 Limit and monitor internet exposure of critical infrastructure and services, including domain controllers and management or administrative interfaces wherever necessary

This is to ensure ISO 2700 compliance as well as all other specific compliance where applicable.


6Conclusions

In this fast growing advent of Artificial Intelligence, or AI, attackers have excellent access to craft even more advanced tools to accelerate their developments & deployments of better exploits & evasions faster than ever in this growing complexity of the cybercrime ecosystem.

Copyright © 2024. Lin Hsin Hsin. All Rights Reserved. Mobile~tainment®, Frog®