On the Log4j Vulnerability
December 14 2021It’s serious:
The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a...
Read more
Hiding Vulnerabilities in Source Code
November 1 2021Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one...
Read moreMissouri Governor Doesn’t Understand Responsible Disclosure
October 18 2021The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a state’s website, and then reported it to the state.
The newspaper agreed to hold...
Read more
Zero-Click iMessage Exploit
September 17 2021Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles...
Read moreTracking People by their MAC Addresses
September 6 2021Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones.
The good news is that product vendors are...
Read morePST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
September 3 2021In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs ...
Read morePST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
September 3 2021In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs ...
Read morePST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
September 3 2021In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs ...
Read moreInteresting Privilege Escalation Vulnerability
August 26 2021If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software —...
Read moreToday, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that...
Read more
Recent Comments