{"id":19543,"date":"2023-01-31T16:35:54","date_gmt":"2023-01-31T15:35:54","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=19543"},"modified":"2023-02-06T14:10:27","modified_gmt":"2023-02-06T13:10:27","slug":"cdt-watch-january-2023","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/","title":{"rendered":"CDT Watch \u2013 January 2023"},"content":{"rendered":"\n<h2 style=\"text-align: center;\">FOCUS TECH<\/h2>\n<h3 style=\"text-align: center;\">BLINDSIDE<\/h3>\n<p style=\"text-align: justify;\"><span class=\"TextRun SCXW224371125 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW224371125 BCX0\">Facing <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">the EDR <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">behavioral <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">supervisio<\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">n<\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">, attacker<\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">s<\/span><span class=\"NormalTextRun SCXW224371125 BCX0\"> develop techniques <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">for successful attacks <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">by staying under the radars<\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">. One of these techniques is <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">called <\/span><\/span><span style=\"color: #56008c;\"><strong><span class=\"TextRun SCXW224371125 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW224371125 BCX0\">Blindside<\/span><\/span><\/strong><\/span><span class=\"TextRun SCXW224371125 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW224371125 BCX0\">. This technique works on <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">many <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">EDRs<\/span> <span class=\"NormalTextRun SCXW224371125 BCX0\">relying<\/span><span class=\"NormalTextRun SCXW224371125 BCX0\"> on <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">a <\/span><span class=\"NormalTextRun SCXW224371125 BCX0\">hook<\/span><span class=\"NormalTextRun SCXW224371125 BCX0\"> and was revealed by <\/span><\/span><a class=\"Hyperlink SCXW224371125 BCX0\" href=\"https:\/\/cymulate.com\/blog\/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"FieldRange SCXW224371125 BCX0\"><span class=\"TextRun Underlined SCXW224371125 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW224371125 BCX0\" data-ccp-charstyle=\"Hyperlink\">Cymulate<\/span><\/span><\/span><\/a><span class=\"TextRun SCXW224371125 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW224371125 BCX0\">.<\/span><\/span><span class=\"EOP SCXW224371125 BCX0\" data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:-57,&quot;335559738&quot;:360,&quot;335559739&quot;:40,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-19546 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture1.png\" alt=\"\" width=\"1216\" height=\"827\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture1.png 1216w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture1-281x191.png 281w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture1-57x39.png 57w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture1-768x522.png 768w\" sizes=\"auto, (max-width: 1216px) 100vw, 1216px\" \/><\/p>\n<p style=\"text-align: justify;\">According to <a href=\"https:\/\/cymulate.com\/blog\/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints\">Cymulate<\/a>, the author of Blindside, the technique is not immune to detection. Some mitigations can be implemented such as:<\/p>\n<ul>\n<li style=\"text-align: justify;\"><span style=\"color: #56008c;\"><strong>Monitor<\/strong><\/span><span style=\"color: initial;\"> the use of the <\/span><span style=\"color: #1a7173;\"><em>SetThreadContext<\/em><\/span><span style=\"color: initial;\"> function: the function context can inform on breakpoint setting (write inside debug address registers)<\/span><\/li>\n<li><span style=\"color: #56008c;\"><strong>Monitor<\/strong><\/span> the presence of suspicious debug functions<\/li>\n<li><span style=\"color: #56008c;\"><strong>Edit EDR settings<\/strong> <\/span>for checking debug registers<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">It remains <span style=\"color: #56008c;\"><strong style=\"font-size: revert; text-align: justify;\">difficult to bypass EDR solutions<\/strong><\/span><span style=\"font-size: revert; text-align: justify; color: initial;\"> as their detection methods vary between vendors. Nevertheless, it is important to remember that it is possible and <\/span><strong style=\"font-size: revert; text-align: justify; color: initial;\"><span style=\"color: #56008c;\">that the security should not rely solely on the solution<\/span>.<\/strong><\/p>\n<p>\u00a0<\/p>\n<h2 style=\"text-align: center;\">CERT-W: FROM THE FRONT LINE<\/h2>\n<h3 style=\"text-align: center;\">THE FIRST RESPONDER WORD<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-19548\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture2.png\" alt=\"\" width=\"951\" height=\"568\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture2.png 951w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture2-320x191.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture2-65x39.png 65w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture2-768x459.png 768w\" sizes=\"auto, (max-width: 951px) 100vw, 951px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<h2 style=\"text-align: center;\">READING OF THE MONTH<\/h2>\n<h3 style=\"text-align: center;\">SOPHOS: MATURING CRIMINAL MARKETPLACES\u00a0PRESENT NEW CHALLENGES TO DEFENDERS<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-19550\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture3.png\" alt=\"\" width=\"378\" height=\"236\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture3.png 378w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture3-306x191.png 306w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Picture3-62x39.png 62w\" sizes=\"auto, (max-width: 378px) 100vw, 378px\" \/><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.sophos.com\/en-us\/content\/security-threat-report\"><em>Maturing criminal marketplaces present new challenges to defenders, Sophos 2023 Threat Report<\/em><\/a><\/p>\n<p>\u00a0<\/p>\n<h2 style=\"text-align: center;\">VULNERABILITY OF THE MONTH<\/h2>\n<h3 style=\"text-align: center;\">PROXYNOTSHELL: WHEN APPLYING MITIGATIONS KEEPS YOU VULNERABLE<\/h3>\n<p style=\"text-align: center;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41040\">CVE-2022-41040<\/a> &amp; <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2022-41082\">CVE-2022-41082<\/a><\/p>\n<p style=\"text-align: center;\">Published by NVD: 02\/10\/2022<\/p>\n<p style=\"text-align: center;\"><strong>Products: <\/strong>Microsoft Exchange server<\/p>\n<p style=\"text-align: center;\"><strong>Versions: <\/strong>on-site\/on premise 2013, 2016 and 2019<\/p>\n<p style=\"text-align: center;\"><strong>Score: 8.8 HIGH<\/strong><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.logpoint.com\/fr\/blog\/proxynotshell-detection-de-lexploitation-des-vulnerabilites-zero-day-dans-le-serveur-exchange\/\"><strong>Context<\/strong><\/a> <strong>\u00a0<\/strong><strong>\u00a0<\/strong><a href=\"https:\/\/github.com\/balki97\/OWASSRF-CVE-2022-41082-POC\"><strong>PoC<\/strong><\/a><\/p>\n<p style=\"text-align: justify;\">Microsoft Exchange is a mailbox <span style=\"color: #56008c;\"><strong>server<\/strong><\/span> exclusively running on the Windows operating syst\u00e8me.<\/p>\n<p style=\"text-align: justify;\">In September 2022, a vulnerability to <span style=\"color: #56008c;\"><strong>compromise the underlying Exchange server<\/strong><\/span> was discovered. It was named <span style=\"color: #1a7173;\"><strong>ProxyNotShell<\/strong><\/span> after its similarities with the <span style=\"color: #1a7173;\"><strong>ProxyShell<\/strong><\/span> vulnerability. To exploit <span style=\"color: #1a7173;\"><strong>ProxyNotShell<\/strong><\/span>, attackers need to have an authentified access to the Microsoft Echange server. The exploitation of the vulnerability allows attacker to deploy a webshell on the targeted server, giving them an initial access.<\/p>\n<p style=\"text-align: justify;\">Around November, <span style=\"color: #56008c;\"><strong>a number of mitigations (Hotfix) were released<\/strong><\/span> awaiting for a patch. As a result, some <span style=\"color: #56008c;\"><strong>60 000 servers<\/strong><\/span> worldwide still are vulnerables <span style=\"color: #56008c;\"><strong>since the few mitigations rules can be bypassed by attackers<\/strong><\/span>.<\/p>\n<p style=\"text-align: justify;\">According to <a href=\"https:\/\/www.crowdstrike.com\/blog\/owassrf-exploit-analysis-and-recommendations\/\">CrowdStrike<\/a>, <span style=\"color: #56008c;\"><strong>Play ransomware group<\/strong><\/span>, which has been active since last June, took advantage of this in using a new exploit to bypass the URL rewrite mitigations for the <span style=\"color: #1a7173;\">Autodiscover<\/span> endpoint. Early December the managed cloud hosting services company <span style=\"color: #1a7173;\"><strong>Rackspace technology<\/strong><\/span> complies to having been attacked after a <span style=\"color: #56008c;\"><strong>successful exploit of the vulnerability in Microsoft Exchange Server<\/strong><\/span>.<\/p>\n<p style=\"text-align: justify;\">The Microsoft Exchange server should have at least the <span style=\"color: #56008c;\"><strong>KB5019758 patch<\/strong><\/span>. If not, the main action to perform is to <span style=\"color: #56008c;\"><strong>immediately install the updates <\/strong><\/span>on the vulnerable servers. If some factors make the installation impossible, it is adviced to disable OWA until it can be applied. In addition, it is strongly recommended to disable remote <span style=\"color: #1a7173;\">PowerShell<\/span> for non-admin users and use EDR tools to detect if web services are spawning PowerShell processes.<\/p>\n<p style=\"text-align: justify;\">\u00a0<\/p>\n<p style=\"text-align: center;\">SEE YOU NEXT MONTH!!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>FOCUS TECH BLINDSIDE Facing the EDR behavioral supervision, attackers develop techniques for successful attacks by staying under the radars. One of these techniques is called Blindside. This technique works on many EDRs relying on a hook and was revealed by&#8230;<\/p>\n","protected":false},"author":1364,"featured_media":19470,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3973,2777],"tags":[3480,2772,2944,4222,4166],"coauthors":[3488],"class_list":["post-19543","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cert-newsletter","category-cybersecurity-digital-trust","tag-cert-en","tag-cybersecurity","tag-newsletter","tag-proxynotshell","tag-sophos"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CDT Watch \u2013 January 2023 - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CDT Watch \u2013 January 2023 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"FOCUS TECH BLINDSIDE Facing the EDR behavioral supervision, attackers develop techniques for successful attacks by staying under the radars. One of these techniques is called Blindside. This technique works on many EDRs relying on a hook and was revealed by...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-31T15:35:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-06T13:10:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1412\" \/>\n\t<meta property=\"og:image:height\" content=\"397\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"CERT-W\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CERT-W\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/\"},\"author\":{\"name\":\"CERT-W\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca\"},\"headline\":\"CDT Watch \u2013 January 2023\",\"datePublished\":\"2023-01-31T15:35:54+00:00\",\"dateModified\":\"2023-02-06T13:10:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/\"},\"wordCount\":439,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png\",\"keywords\":[\"CERT\",\"cybersecurity\",\"Newsletter\",\"ProxyNotShell\",\"sophos\"],\"articleSection\":[\"CERT Newsletter\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/\",\"name\":\"CDT Watch \u2013 January 2023 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png\",\"datePublished\":\"2023-01-31T15:35:54+00:00\",\"dateModified\":\"2023-02-06T13:10:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png\",\"width\":1412,\"height\":397},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CDT Watch \u2013 January 2023\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca\",\"name\":\"CERT-W\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/cert-w\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CDT Watch \u2013 January 2023 - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/","og_locale":"en_US","og_type":"article","og_title":"CDT Watch \u2013 January 2023 - RiskInsight","og_description":"FOCUS TECH BLINDSIDE Facing the EDR behavioral supervision, attackers develop techniques for successful attacks by staying under the radars. One of these techniques is called Blindside. This technique works on many EDRs relying on a hook and was revealed by...","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/","og_site_name":"RiskInsight","article_published_time":"2023-01-31T15:35:54+00:00","article_modified_time":"2023-02-06T13:10:27+00:00","og_image":[{"width":1412,"height":397,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png","type":"image\/png"}],"author":"CERT-W","twitter_misc":{"Written by":"CERT-W","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/"},"author":{"name":"CERT-W","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca"},"headline":"CDT Watch \u2013 January 2023","datePublished":"2023-01-31T15:35:54+00:00","dateModified":"2023-02-06T13:10:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/"},"wordCount":439,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png","keywords":["CERT","cybersecurity","Newsletter","ProxyNotShell","sophos"],"articleSection":["CERT Newsletter","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/","name":"CDT Watch \u2013 January 2023 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png","datePublished":"2023-01-31T15:35:54+00:00","dateModified":"2023-02-06T13:10:27+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/01\/Main.png","width":1412,"height":397},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/01\/cdt-watch-january-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"CDT Watch \u2013 January 2023"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca","name":"CERT-W","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/cert-w\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/19543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=19543"}],"version-history":[{"count":12,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/19543\/revisions"}],"predecessor-version":[{"id":20395,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/19543\/revisions\/20395"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/19470"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=19543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=19543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=19543"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=19543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}