Hi there,
Here at Fletch, we’re excited to help you reach new heights in your cybersecurity efforts. Your partnership is incredibly important to us and we can’t wait to revolutionize cybersecurity with you. You’re receiving this email because you’re an operator in the cybersecurity world and may find this beneficial.
Without further ado…
We’re delighted to announce the launch of our biweekly newsletter.
Our focus is to pass on cybersecurity education to you through bite-sized videos and articles we’ve found helpful. We will share expert insights on trends in cybersecurity that will keep you informed and elevate the way you run your business.
Here are a couple of resources to kick things off:
How Small and Medium-Sized Businesses Can Achieve Peace of Mind When it Comes to Cybersecurity - Small and medium-sized businesses (SMBs) comprise 43% of all victims of cyberattacks - and are seen by hackers as low-hanging fruit. Still, almost 50% of SMBs believe they are immune. In this video, we explain why SMBs are ransomware targets, why security is overwhelming for them, and what they can do to gain peace of mind.
Addressing the Cybersecurity Talent Gap - 500K open cybersecurity roles offer entry-level salaries between $60-90K, and we can barely fill half of them. Why? Lack of awareness, desire, and skill. Also, the lack of accessibility to current tools on the market. Even the few people who know how to use them don’t want to. Automation and turn-key intelligence will foster accessibility and desire to join the industry.
What is Fletch?
For those of you who may not be familiar with Fletch, a quick introduction:
Fletch rejects the elitism around cybersecurity that has kept smart people out and antiquated systems in.
Fletch cuts through the bullshit that mires the industry - humans doing mundane tasks computers can do - and empowers humans to drive insight. Quickly, and cost-effectively. No technical expertise required.
A couple of examples of emerging threats that Fletch helped customers evaluate last week:
| Oracle Warns of Critical Remotely Exploitable WebLogic Server Flaws | Atlassian Asks Customers to Patch Critical Jira Vulnerability |
|---|---|
|
On July 20, Oracle issued its July Critical Patch Update with 342 fixes across products, some of which are vulnerable to potential cyberattacks. One in particular, CVE-2019-2729, is remotely exploitable without authentication (ranked 9.8/10 on the CVSS severity scale). This is a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services, a platform used for developing, deploying, and running enterprise Java-based applications. WebLogic Server versions affected are 11.1.2.4 and 11.2.5.0 and exist within the Oracle Hyperion Infrastructure Technology. Other flaws within WebLogic server: CVE-2021-2394 (CVSS score: 9.8), CVE-2021-2397 (CVSS score: 9.8), CVE-2021-2382 (CVSS score: 9.8), CVE-2021-2378 (CVSS score: 7.5), CVE-2021-2376 (CVSS score: 7.5), CVE-2021-2403 (CVSS score: 5.3) Oracle users are advised to update and protect their systems against potential exploitation ASAP. |
Atlassian alerted its enterprise customers on July 21 of vulnerability CVE-2020-36239 that can give external hackers arbitrary code execution abilities because of a missing authentication flaw in Jira’s implementation of Ehcache, an open-source cache used by Java apps for improving performance. Affected products include Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center. This issue does not impact non-Data Center instances of Jira Server (e.g., Core & Software), Jira Service Management, Jira Cloud, and Jira Service Management Cloud. Atlassian recommends that customers upgrade their instances to ensure they're not affected. Specifically, Jira Data Center product users should upgrade to the following versions of branches to resolve the vulnerability:
|
Fletch will enable you to instantly see if these sorts of issues impact your environment. If you'd like to learn more about what we're building, simply schedule a time to start your own 30-day free trial to detect abnormal behavior across your environment. If there are particular topics you're eager to read about, please give us a shout as well.
We hope that skimming through this newsletter becomes a part of your routine. Excited to have you aboard!
