Request support
We take every customer complaint seriously and many issues get resolved almost immediately, a few rare issues might take a little longer (typical response time is 12 hours). We appreciate your business and rest assured that our support team will get your issues resolved ASAP.
Vulnerability Manager Documentation
We have extensive setup and configuration documentation in Confluence.
Disclosures
Felicia King, a prolific security researcher, alerted us to the set of alerts on the Watchguard platform for the cybercnsagentv2.exe about a Powershell 1.0 malicious script alert. The report was investigated and is a false positive. None of these services are in any way dangerous or malicious. No malware was present and no data was compromised but we have further strengthened our security checks to make sure this does not occur in future. We work with the providers of malware and AV services to remedy these false-positives, but that process can take some time even once we are made aware. For any additional questions or concerns, please contact CyberCNS Technical Support for more information at support@cybercns.com. The exe also has been tested and validated against virustotal and other checks.
A recent pen test performed on ConnectSecure revealed a vulnerability related to remote code execution using crafted values sent over an api. This was brought to our attention and all systems have been updated with a permanent fix within 60 minutes of the disclosure. No customer data was exposed and also since the processes are chrooted and jailed it does not allow access to other parts of the file system
A false positive of the S3 URL https://cybercnsagent.s3.amazonaws.com/cybercnsagent.exe was reported to URLHaus as a suspicious url by a BotNet Hunter going by the name of @zbetcheckin. They are not, and these reports are false positives. Based on this Sectigo revoked the code signing certificate and did not engage with us. Since a vulnerability scanner does a lot of things that malware also does such as port scans and copying files to remote machines it was flagged by mistake. None of these services are in any way dangerous or malicious. This issue was since remedied with a new EV Certificate that was used to sign the executable. As of this week Sectigo has offered to reissue the certificate as they realized it was a false positive. No malware was present and no data was compromised but we have further strengthened our security checks to make sure this does not occur in future. We work with the providers of malware and AV services to remedy these false-positives, but that process can take some time even once we are made aware. For any additional questions or concerns, please contact CyberCNS Technical Support for more information on support@cybercns.com.
SOC 2 Compliance
CyberCNS is current on its annual Service Organization Control (SOC) 2 Type I audit. The audit was conducted in accordance with the AICPA SOC reporting standards. It was performed by CertPro, LLP, a full service consulting and Certification firm that provides SOC 2 Type I and Type II audits.
The successful completion of this audit is a testament to CyberCNS's integrity, accountability, and its commitment to its customers.
CertPro's Compliance team evaluated CyberCNS's design and the operating effectiveness of its internal controls and processes related to the Security and Availability Trust Services Principles. The firm has found that CyberCNS has met or exceeded the expectations and is fully compliant to the standard.
