• Vonahi Security Home
  • Blog
  • Weekly Threat Reports
#1 Best Pitch for Smoking Hot Tech
community outreach

#1 Best Pitch for Smoking Hot Tech

Vonahi Security wins Channel Program's Best July Pitch and sets the record for the most demo requests and product reviews.

  • Alton Johnson
    Alton Johnson
3 min read
Respect in Security
best practices

Respect in Security

At Vonahi Security, we believe every one deserves to be supported and encouraged to be unique individuals. We strive to create a welcoming and inclusive environment for all, driven by behavior that shows empathy, respect, and care for others. We stand by the Respect in Security pledge.

  • Alton Johnson
    Alton Johnson
3 min read
SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched
privilege escalation

SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched

This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.

  • Erik Wynter
    Erik Wynter
11 min read
What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload
research

What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload

Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.

  • Erik Wynter
    Erik Wynter
11 min read
When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)
research

When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)

Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.

  • Erik Wynter
    Erik Wynter
14 min read
Avoiding SMB Rate Limits During Authentication Attacks
penetration testing

Avoiding SMB Rate Limits During Authentication Attacks

Here's a quick workaround for when you get rate limited during a password attack against the SMB service.

  • Alton Johnson
    Alton Johnson
5 min read
Automated Penetration Testing: 5 Benefits for CISOs
ciso

Automated Penetration Testing: 5 Benefits for CISOs

Automation is a potential game-changer for offensive security in 2020. Let's explore some of the benefits for CISOs.

  • Erik Wynter
    Erik Wynter
5 min read
2019/2020: A Few Cybersecurity Reflections and Predictions
research

2019/2020: A Few Cybersecurity Reflections and Predictions

Reflections on a few major cybersecurity developments of 2019, and on how these will shape the industry in 2020.

  • Erik Wynter
    Erik Wynter
3 min read
Winter Is Here, and so Are Holiday Cyber Scams
social engineering

Winter Is Here, and so Are Holiday Cyber Scams

A closer look at 5 most common variants of holiday cyber attacks.

  • Erik Wynter
    Erik Wynter
5 min read
Social Engineering 2.0 - Evasive Spear Phishing and Vendor Email Compromise
social engineering

Social Engineering 2.0 - Evasive Spear Phishing and Vendor Email Compromise

From phishing and BEC to evasive spear phishing and VEC + tips on what you can do to defend against these sophisticated attacks.

  • Erik Wynter
    Erik Wynter
6 min read
13 Freaky Infosec Facts
research

13 Freaky Infosec Facts

13 freaky infosec facts that show how freaky and deadly technology can get.

  • Alton Johnson
    Alton Johnson
  • Erik Wynter
    Erik Wynter
5 min read
Penetration testing... on a new level
penetration testing

Penetration testing... on a new level

vPenTest simplifies the process of identifying new threats within your environment on an on-going basis without the traditional challenges and concerns.

  • Alton Johnson
    Alton Johnson
3 min read
What You Don't Know Can Most Certainly Hurt You: The Importance of Phishing Assessments
research

What You Don't Know Can Most Certainly Hurt You: The Importance of Phishing Assessments

Not knowing how susceptible your employees are could be a huge opportunity for attackers.

  • Erik Wynter
    Erik Wynter
5 min read
Top 5 Ways to Secure Your Online Accounts
best practices

Top 5 Ways to Secure Your Online Accounts

Here are our top 5 recommendations for securing your online accounts as your digital footprint continues to grow.

  • Alton Johnson
    Alton Johnson
3 min read
How to prevent a catastrophic cyberattack like the City of Baltimore ransomware disaster
research

How to prevent a catastrophic cyberattack like the City of Baltimore ransomware disaster

Learn more details about the cyber attack against the City of Baltimore and how to avoid being the next victim.

  • Erik Wynter
    Erik Wynter
6 min read
Post-Exploitation with Leprechaun
post-exploitation

Post-Exploitation with Leprechaun

Finding valuable data during post-exploitation can be a challenge. Leprechaun helps solve this problem.

  • Alton Johnson
    Alton Johnson
5 min read
Equifax Data Breach's Impact on Search Trends
research

Equifax Data Breach's Impact on Search Trends

Is the Equifax data breach the only one people care about? Let's take a look.

  • Erik Wynter
    Erik Wynter
10 min read
Getting the Most out of Your Network Penetration Test
ciso

Getting the Most out of Your Network Penetration Test

Most organizations don't maximize the opportunities presented during a security assessment. Let's discuss what some of those are.

  • Alton Johnson
    Alton Johnson
3 min read
Web Applications Are Becoming Increasingly Insecure
research

Web Applications Are Becoming Increasingly Insecure

As more services move their services to web apps, the exposure to a data breach increases. Let's discuss some issues and solutions.

  • Erik Wynter
    Erik Wynter
5 min read
Taking Over IPv6 Networks
penetration testing

Taking Over IPv6 Networks

Let's take a deeper look at how rogue DHCPv6 servers can lead to a successful attack against IPv6 networks.

  • Alton Johnson
    Alton Johnson
7 min read
Why Your Organization Needs a Penetration Test
ciso

Why Your Organization Needs a Penetration Test

Learn why replacing a penetration test with a vulnerability assessment may not always be a good idea.

  • Erik Wynter
    Erik Wynter
5 min read
Penetration Test vs Vulnerability Assessment: What's the difference?
faq

Penetration Test vs Vulnerability Assessment: What's the difference?

Understanding the difference between a penetration test and a vulnerability assessment could significantly impact your perspective of security at your organization. Learn more.

  • Alton Johnson
    Alton Johnson
4 min read
Cybercriminals are still targeting RDP services
research

Cybercriminals are still targeting RDP services

Unnecessary public-facing services is a common issue that many organizations face. Learn more about how these services, such as RDP, could pose a threat.

  • Alton Johnson
    Alton Johnson
3 min read
Exploiting the Human Factor
social engineering

Exploiting the Human Factor

Employees are the biggest threat to an organization's critical information systems and confidential data. We focus on four core areas in this blog.

  • Alton Johnson
    Alton Johnson
3 min read
What is WPA3 and What Do I Need to Know?
faq

What is WPA3 and What Do I Need to Know?

The Wi-Fi Alliance has announced the release of WPA3. Check out some of its features and what your organization needs to know to get prepared.

  • Alton Johnson
    Alton Johnson
4 min read
Vonahi Security's Blog © 2023
Latest Posts Facebook Twitter LinkedIn GitHub