Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows…
The “bestiary” houses six historical threats that combined resulted in at least $95B in damages worldwide.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies…
After Facebook and Twitter, Google becomes the latest technology giant to have accidentally stored its users’ passwords unprotected in plaintext on its servers—meaning any Google employee who has access to the servers could have read them. In a blog post published Tuesday, Google revealed that its G Suite platform mistakenly stored unhashed passwords of some…
An anonymous hacker with an online alias “SandboxEscaper” today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that’s his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year. Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could…
High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies…
Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many…
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
All too often, information-sharing is limited to vertical market silos; to build better defenses, it’s time to take a broader view beyond the ISAC.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
