Tony Robinson, Author at Security Boulevard

Security Advisory Regarding PrintNightmare

PrintNightmare Summary On June 8th, CVE-2021-1675 was patched by Microsoft and classed as a Local Privilege Escalation. However, recent research has shown that the patch was not complete, and can also be exploited remotely. This means that the severity of the vulnerability is considerably higher, and that it can be ... Read More

Security Advisory Regarding F5 Vulnerabilities

| | Security Advisory
Hurricane Labs is aware of the recent collection of vulnerabilities published by F5 in March, 2021. The advisory acknowledges over 21 vulnerabilities in total: four critical, seven high, and ten medium CVEs in total. Of particular concern is CVE-2021-22986: iControl REST interface unauthenticated remote command execution. Summary of the Vulnerability ... Read More

Security Advisory Regarding Exchange Marauder / HAFNIUM

| | Security Advisory
Hurricane Labs is aware of the recent reports from Volexity and Microsoft regarding Operation Exchange Marauder. Microsoft refers to the threat actors utilizing these vulnerabilities as HAFNIUM. At the present time, Microsoft Exchange 2013 through 2019 have been confirmed to be vulnerable, while Microsoft Office 365 is not impacted. The ... Read More

The New Year in Cybersecurity: Supply Chain Attacks, Part 2

Hello there, and welcome back! If you're just now tuning in, I've decided to do a collection of blog posts on what I think are going to be major cybersecurity topics this coming year.  In the first blog post, I introduced you to what a supply chain attack is, why ... Read More

The New Year in Cybersecurity: Supply Chain Attacks, Part 1

| | Infosec Blog
Hey there, and happy New Year. I wanted to take a moment and write about what I think the coming year is going to look like for information security professionals. This is going to be an introductory post to a multi-part series of blogs so I can talk about different ... Read More

Security Advisory Regarding SolarWinds Supply Chain Compromise

| | Security Advisory
Recently, Microsoft and FireEye have announced the discovery of a new advanced threat group utilizing an IT monitoring software vendor as a means to enable access to other targets. This type of an attack is referred to as a “supply chain attack” or a “watering hole attack.” What is a ... Read More

Security Advisory Regarding SolarWinds Supply Chain Compromise

| | Infosec Blog
Recently, Microsoft and FireEye have announced the discovery of a new advanced threat group utilizing an IT monitoring software vendor as a means to enable access to other targets. This type of an attack is referred to as a "supply chain attack" or a "watering hole attack."  What is a ... Read More

Security Advisory Regarding the Recent FireEye Breach Reports

| | Security Advisory
Recently, the information security vendor FireEye has made it in the news as the latest victim to suffer a breach. FireEye is stating that their suite of Red Team Tools were among the assets and data that the threat actors retrieved. What is a red team? What are Red Team Tools? ... Read More

Security Advisory Regarding the Recent FireEye Breach Reports

Recently, the information security vendor FireEye has made it in the news as the latest victim to suffer a breach. FireEye is stating that their suite of Red Team Tools were among the assets and data that the threat actors retrieved.  What is a red team? What are Red Team ... Read More