What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Vulnerabilities

Network Detection & Response: The Next Frontier in Fighting the Human Problem

Justin Jett, director of audit and compliance for Plixer, discusses the transformation of network-traffic analytics and what it means for cybersecurity now. Last year, Gartner published a market guide on network detection and response (NDR). Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has . . . Read more

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”

by Paul Ducklin The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions. Indeed, Pwn2Own is a bug bounty program with . . . Read more

Azure Functions Weakness Allows Privilege Escalation

Microsoft’s cloud-container technology allows attackers to directly write to files, researchers said. A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. . . . Read more

S3 Ep27: Census scammers, beg bounties and data breach fines [Podcast]

by Paul Ducklin How scammers copied a government website almost to perfection. What to do about those fake “bug” hunters who ask for payment for finding “vulnerabilities” that aren’t. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough. With Kimberly Truong, . . . Read more

SAP Bugs Under Active Cyberattack, Causing Widespread Compromise

Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further. Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. Adversaries are carrying out a . . . Read more