research What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.
research When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360) Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.
research 2019/2020: A Few Cybersecurity Reflections and Predictions Reflections on a few major cybersecurity developments of 2019, and on how these will shape the industry in 2020.
research 13 Freaky Infosec Facts 13 freaky infosec facts that show how freaky and deadly technology can get.
research What You Don't Know Can Most Certainly Hurt You: The Importance of Phishing Assessments Not knowing how susceptible your employees are could be a huge opportunity for attackers.
research How to prevent a catastrophic cyberattack like the City of Baltimore ransomware disaster Learn more details about the cyber attack against the City of Baltimore and how to avoid being the next victim.
research Equifax Data Breach's Impact on Search Trends Is the Equifax data breach the only one people care about? Let's take a look.
research Web Applications Are Becoming Increasingly Insecure As more services move their services to web apps, the exposure to a data breach increases. Let's discuss some issues and solutions.
research Cybercriminals are still targeting RDP services Unnecessary public-facing services is a common issue that many organizations face. Learn more about how these services, such as RDP, could pose a threat.