privilege escalation SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.
research What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.
research When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360) Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.
ciso Automated Penetration Testing: 5 Benefits for CISOs Automation is a potential game-changer for offensive security in 2020. Let's explore some of the benefits for CISOs.
research 2019/2020: A Few Cybersecurity Reflections and Predictions Reflections on a few major cybersecurity developments of 2019, and on how these will shape the industry in 2020.
threat-report Threat Summary - Week 51, 2019 Traditional antivirus is useless against 50% of malware attacks, risk of accidental internal breaches surges, financial services account for 62% of exposed records
threat-report Threat Summary - Week 50, 2019 Firms struggle with abundance of poorly implemented security tools, employees put companies at risk via poor password management and insecure IoT devices
threat-report Threat Summary - Week 49, 2019 Most firms overestimate their cybersecurity posture, 22% of SMBs may not survive a cyberattack, malware puts biometric data at risk
social engineering Winter Is Here, and so Are Holiday Cyber Scams A closer look at 5 most common variants of holiday cyber attacks.
threat-report Threat Summary - Week 48, 2019 Most US firms will miss CCPA compliance deadline, half of Americans are cybercrime victims, third-party user access management falls short
threat-report Threat Summary - Week 47, 2019 5K data breaches exposed 8B records so far this year, 95% of firms fall short of threat response standards, DDoS attacks surge by 241%
threat-report Threat Summary - Week 46, 2019 68% of firms vulnerable to insider attacks, phishing at highest level in three years, PCI DSS compliance plummets to 36.7%
threat-report Threat Summary - Week 45, 2019 Most organizations not prepared for cyber threats, 21M Fortune 500 credentials on the dark web, first large-scale campaign targeting BlueKeep spotted
social engineering Social Engineering 2.0 - Evasive Spear Phishing and Vendor Email Compromise From phishing and BEC to evasive spear phishing and VEC + tips on what you can do to defend against these sophisticated attacks.
threat-report Threat Summary - Week 44, 2019 10% of SMBs shut down following a breach, cyberattacks are becoming more frequent and severe, Emotet remains top malware threat
research 13 Freaky Infosec Facts 13 freaky infosec facts that show how freaky and deadly technology can get.
threat-report Threat Summary - Week 43, 2019 Ransomware top threat to SMBs, 69% of firms take reactive approach to cybersecurity, 44% of software flaws are never fixed
threat-report Threat Summary - Week 42, 2019 Most firms lose millions to DNS attacks, targeted ransomware escalates further, very few Americans understand 2FA, HTTPS and privacy policies
threat-report Threat Summary - Week 41, 2019 Cyberattacks and data breaches hit 2 in 3 SMBs, compliance does not guarantee security, 78% of CSOs click on risky links
threat-report Threat Summary - Week 40, 2019 Data breaches cost $1.41M apiece, 57% of firms were breached since 2017, phishing is the no. 1 threat to companies
threat-report Threat Summary - Week 39, 2019 Cyberattacks are top 5 threat for 79% of firms, healthcare breaches impacted 169M patients since 2009, half of employees click on suspicious links
threat-report Threat Summary - Week 38, 2019 IoT bot attacks skyrocket, healthcare organizations expose millions of records, US consumers want firms to bolster their cyber defenses
threat-report Threat Summary - Week 37, 2019 Nearly all email attacks require human interaction, Alexa 1000 websites vulnerable to attacks, companies lose billions to BEC scams
threat-report Threat Summary - Week 36, 2019 Companies lose trillions to breaches, BEC scams drive insurance claims, ransomware continues to rise and terrorizes dental clinics
threat-report Threat Summary - Week 35, 2019 Ransomware rises as WannaCry continues its reign, Microsoft remains phishers' favorite, most social media login traffic is malicious, space hacking allegations
