Apache Struts Remote Code Execution
Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to remote code execution
Read more
Another Round of Critical Microsoft Patches
For April Patch Tuesday, the computing giant addressed a zero-day underactive attack and several critical security vulnerabilities, including three that
Read more
PANOS OpenSSL Updates
The Palo Alto Networks Product Security Assurance team is evaluating the OpenSSL infinite loop vulnerability (CVE-2022-0778) as it relates to
Read more
Sonicwall Critical Firewall Patch
Date: March 29th, 2021 Risk: Critical CVE: CVE-2022-22274 Security hardware manufacturer SonicWall has fixed a critical vulnerability in the SonicOS security operating
Read more
Google Releases Emergency Patch for Zero-Day
Date: March 28th, 2021 Risk: Critical CVE: CVE-2022-1096 Affected Versions: Versions prior to 99.0.4844.84 Google has urged its 3 billion+ users to update to
Read more
Sophos Firewall Authentication bypass
Date: March 28th, 2021 Risk: Critical CVE: CVE-2022-1040 Affected Versions: Sophos Firewall v18.5 MR3 (18.5.3) and older Summary Sophos on Friday announced
Read more
Weekly Round-Up Chrome Zero-Day
Daily Round of IOC Daily dump of IOC with more to follow where a regular IOC feed will be crafted.
Read more
Trickbot Malware Review
Technical Details TrickBot is an advanced Trojan dating back to 2016 that malicious actors spread primarily by spearphishing campaigns using
Read more
Conti Group MITRE ATT&CK Techniques Part Three
MITRE ATT&CK Techniques Conti ransomware uses the ATT&CK techniques listed in table 1. Table 1: Conti ATT&CK techniques for enterprise
Read more
Conti Group – Tools and Tactics Part Two
Date: March 21st 2022 Part two of this Conti Ransomware adventure is where I highlight some tools and tactics in
Read more