Vonahi Security's Blog
  • Vonahi Security Home
  • Blog
  • Weekly Threat Reports
Erik Wynter

Erik Wynter

Erik Wynter is a junior pentester, Metasploit contributor and script kitty.

36 posts •
SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched
privilege escalation

SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched

This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.

  • Erik Wynter
    Erik Wynter
11 min read
What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload
research

What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload

Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.

  • Erik Wynter
    Erik Wynter
11 min read
When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)
research

When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)

Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.

  • Erik Wynter
    Erik Wynter
14 min read
Automated Penetration Testing: 5 Benefits for CISOs
ciso

Automated Penetration Testing: 5 Benefits for CISOs

Automation is a potential game-changer for offensive security in 2020. Let's explore some of the benefits for CISOs.

  • Erik Wynter
    Erik Wynter
5 min read
2019/2020: A Few Cybersecurity Reflections and Predictions
research

2019/2020: A Few Cybersecurity Reflections and Predictions

Reflections on a few major cybersecurity developments of 2019, and on how these will shape the industry in 2020.

  • Erik Wynter
    Erik Wynter
3 min read
Threat Summary - Week 51, 2019
threat-report

Threat Summary - Week 51, 2019

Traditional antivirus is useless against 50% of malware attacks, risk of accidental internal breaches surges, financial services account for 62% of exposed records

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 50, 2019
threat-report

Threat Summary - Week 50, 2019

Firms struggle with abundance of poorly implemented security tools, employees put companies at risk via poor password management and insecure IoT devices

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 49, 2019
threat-report

Threat Summary - Week 49, 2019

Most firms overestimate their cybersecurity posture, 22% of SMBs may not survive a cyberattack, malware puts biometric data at risk

  • Erik Wynter
    Erik Wynter
4 min read
Winter Is Here, and so Are Holiday Cyber Scams
social engineering

Winter Is Here, and so Are Holiday Cyber Scams

A closer look at 5 most common variants of holiday cyber attacks.

  • Erik Wynter
    Erik Wynter
5 min read
Threat Summary - Week 48, 2019
threat-report

Threat Summary - Week 48, 2019

Most US firms will miss CCPA compliance deadline, half of Americans are cybercrime victims, third-party user access management falls short

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 47, 2019
threat-report

Threat Summary - Week 47, 2019

5K data breaches exposed 8B records so far this year, 95% of firms fall short of threat response standards, DDoS attacks surge by 241%

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 46, 2019
threat-report

Threat Summary - Week 46, 2019

68% of firms vulnerable to insider attacks, phishing at highest level in three years, PCI DSS compliance plummets to 36.7%

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 45, 2019
threat-report

Threat Summary - Week 45, 2019

Most organizations not prepared for cyber threats, 21M Fortune 500 credentials on the dark web, first large-scale campaign targeting BlueKeep spotted

  • Erik Wynter
    Erik Wynter
4 min read
Social Engineering 2.0 - Evasive Spear Phishing and Vendor Email Compromise
social engineering

Social Engineering 2.0 - Evasive Spear Phishing and Vendor Email Compromise

From phishing and BEC to evasive spear phishing and VEC + tips on what you can do to defend against these sophisticated attacks.

  • Erik Wynter
    Erik Wynter
6 min read
Threat Summary - Week 44, 2019
threat-report

Threat Summary - Week 44, 2019

10% of SMBs shut down following a breach, cyberattacks are becoming more frequent and severe, Emotet remains top malware threat

  • Erik Wynter
    Erik Wynter
4 min read
13 Freaky Infosec Facts
research

13 Freaky Infosec Facts

13 freaky infosec facts that show how freaky and deadly technology can get.

  • Alton Johnson
    Alton Johnson
  • Erik Wynter
    Erik Wynter
5 min read
Threat Summary - Week 43, 2019
threat-report

Threat Summary - Week 43, 2019

Ransomware top threat to SMBs, 69% of firms take reactive approach to cybersecurity, 44% of software flaws are never fixed

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 42, 2019
threat-report

Threat Summary - Week 42, 2019

Most firms lose millions to DNS attacks, targeted ransomware escalates further, very few Americans understand 2FA, HTTPS and privacy policies

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 41, 2019
threat-report

Threat Summary - Week 41, 2019

Cyberattacks and data breaches hit 2 in 3 SMBs, compliance does not guarantee security, 78% of CSOs click on risky links

  • Erik Wynter
    Erik Wynter
3 min read
Threat Summary - Week 40, 2019
threat-report

Threat Summary - Week 40, 2019

Data breaches cost $1.41M apiece, 57% of firms were breached since 2017, phishing is the no. 1 threat to companies

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 39, 2019
threat-report

Threat Summary - Week 39, 2019

Cyberattacks are top 5 threat for 79% of firms, healthcare breaches impacted 169M patients since 2009, half of employees click on suspicious links

  • Erik Wynter
    Erik Wynter
3 min read
Threat Summary - Week 38, 2019
threat-report

Threat Summary - Week 38, 2019

IoT bot attacks skyrocket, healthcare organizations expose millions of records, US consumers want firms to bolster their cyber defenses

  • Erik Wynter
    Erik Wynter
4 min read
Threat Summary - Week 37, 2019
threat-report

Threat Summary - Week 37, 2019

Nearly all email attacks require human interaction, Alexa 1000 websites vulnerable to attacks, companies lose billions to BEC scams

  • Erik Wynter
    Erik Wynter
3 min read
Threat Summary - Week 36, 2019
threat-report

Threat Summary - Week 36, 2019

Companies lose trillions to breaches, BEC scams drive insurance claims, ransomware continues to rise and terrorizes dental clinics

  • Erik Wynter
    Erik Wynter
3 min read
Threat Summary - Week 35, 2019
threat-report

Threat Summary - Week 35, 2019

Ransomware rises as WannaCry continues its reign, Microsoft remains phishers' favorite, most social media login traffic is malicious, space hacking allegations

  • Erik Wynter
    Erik Wynter
3 min read
Vonahi Security's Blog © 2023
Latest Posts Facebook Twitter LinkedIn GitHub