A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.…
On this week's episode of Security Nation, we chat with Wendy Nather about her work combating the security poverty line.…
In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.…
Cross-site scripting (XSS) isn’t new, but its impact and visibility are both growing. Here’s what you need to know to protect them from XSS attacks.…
Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.…
Hacker Summer Camp Last week, the Metasploit team flew out to sunny, hot, and dry Las Vegas for Hacker Summer Camp (Black Hat, BSidesLV, and DEF CON). It was a full week of epic hacks, good conversation, and even a little business! If you managed…
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.…
In this post, we’ll show you firsthand how security orchestration and automation (SOAR) helps teams accelerate their response to cloud-based threats.…
As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides .…
First off, the big news for today's Patch Tuesday: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep vulnerability (CVE-2019-0708) that was patched last May. CVE-2019-1181 and CVE-2019-1182 both affect all supported versions of Windows, and can be exploited without…
What do you need to do to secure your cloud-based systems while enjoying the competitive benefits of the cloud? Read this blog to find out.…
The new Local Files protection in tCell joins other RASP protections to defend against serious compromises.…
