Category: Vulnerability Assessment and Management
Contains Attack Surface Management, Cyber Range, External Attack Surface Management, Penetration Testing, Social Engineering,
-
CSS Flaw Eliminates Microsoft O365 First Contact Safety Tips
Information Security magazine highlights research from Certitude on the First Contact Safety Tip within Microsoft 365. By exploiting a Cross-Site Scripting (CSS) flaw, the user is unaware of the sender being unverified. Microsoft acknowledged the issue but offered no immediate plans to fix it. Read more
-
Crowdstrike Learns Application Security Lessons Learned
Crowstrike has published the much-anticipated technical postmortem regarding the global outage on July 19th caused by the faulty Falcon EDR running on Microsoft Windows. The report highlighted six lessons learned. Immediate next step is to engage two independent third-party software security vendors. In a nutshell, the solution relies on parameters which were not properly validated.… Read more
-
Patch Enters Pipleline for Google Pixel Zero Day
BleepingComputer reports that Google has applied source code fixes to address CVE-2024-36971 – a High severity use-after-free (UAF) weakness in the Android kernel. At this point, only limited, targeted exploitation has been observed.While Google Pixel devices receive monthly security updates immediately after release, other manufacturers may require some time before rolling out the patches. Read more
-
SLUBStick New Linux Kernal Cross-Cache Attack
A hypothetical attack to a kernel vulnerability is worth monitoring. As SecureWeek suggests, a new demonstrated Linux Kernal Cross-Cache Attack raises the threat level to dangerous. According to researchers from Graz University of Technology, tests prove the attack to be successful 99% of time – up from 40% of other known heap attacks. No solution… Read more