Blog Series
Month: November 2022
Hackers exploit security flaw in...
A security researcher, David Schütz has received a $70,000 bug bounty after he accidentally discovered a Google Pixel lock-screen bypass hack that solved a serious security problem on all Pixel...
Securing the Linux Kernel Hiding...
Operational Technology (OT) and Industrial Control Systems (ICS) technologies help ensure safety by monitoring and controlling critical operations. OT includes Supervisory Controls And Data Acquisition (SCADA) and Distributed Controls Systems...
Microsoft patches Windows 0-day...
Microsoft has fixed six actively exploited Windows vulnerabilities and 68 vulnerabilities in its November 2022 Patch Tuesday. Eleven of the 68 vulnerabilities fixed are classified as “critical,” allowing privilege escalation,...
Live Patching vs Virtual...
There are many different ways to improve upon traditional patching, so it’s easy to get confused about how each patching approach works. In the past, we’ve looked at traditional patching...
OpenSSL vulnerability feared as “critical”...
The long-awaited OpenSSL bug fixes to fix a critical severity security hole are available now. New OpenSSL patches have reduced the severity of the bug from critical to high. The...
Researchers uncover 29 malicious PyPI...
Threat actors are distributing malicious Python packages to the popular Python Package Index (PyPI) service, using authentic-sounding file names, and hidden imports to deceive developers and steal their data. The...
RomCom RAT operators disguise malware...
RomCom, a threat actor, is said to be conducting a series of new attack campaigns using the brand power of SolarWinds, KeePass and PDF Technologies. It uses a RomCom RAT...
Cisco release security updates to...
Cisco has released security updates to address two vulnerabilities that are classified as “high”: CVE-2022-20961 and CVE-2022-20956. The vulnerabilities affect the Cisco Identity Services Engine and could allow an attacker...
The Bugs Behind the Vulnerabilities...
We continue to look at the code issues that cause the vulnerabilities impacting the IT world. In this installment of our five-part blog series exploring these bugs, we go through...
Researchers uncover similar tools between...
According to security researchers from SentinelOne, the relatively new ransomware gang called Black Basta shares tooling and possibly personnel with the notorious FIN7 hacking group. The researchers were able to...
Ksplice vs KernelCare Enterprise: Live...
Not all Linux live patching solutions are created equal. In fact, many live patching solutions are quite limited. Oracle’s Ksplice is an example of a limited live patching tool, which...