Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming

Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming

A zero-day Adobe Type Manager Library exploit is now wielded in limited, targeted attacks against Windows users, technically allowing for remote code execution. The good news is that Microsoft knows about the ...

Once upon a time there was a WebSocket

This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the ...
Ransomware Protection Checklist

Future of Cybersecurity Threats – Looking Ahead So We Can Prepare Now

The post Future of Cybersecurity Threats – Looking Ahead So We Can Prepare Now appeared first on CCSI ...
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

This Patch Tuesday, Microsoft disclosed a remote code execution vulnerability in SMB 3.1.1 (v3) protocol. Even though initial release of the Patch Tuesday did not mention this vulnerability, details of the issue ...
Identifying Let’s Encrypt Revoked Certificates

Identifying Let’s Encrypt Revoked Certificates

Let’s Encrypt is a free, automated, open certificate authority (CA) run for the public’s benefit as a service from the Internet Security Research Group (ISRG). It provides free digital certificates to enable ...
Two Las Vegas Casinos May Have Been Crippled by Ransomware Attacks

Two Las Vegas Casinos May Have Been Crippled by Ransomware Attacks

An apparent ransomware attack hit the Four Queens Hotel and Casino and Binion’s Casino in Los Angeles, crippling their ability to trade in anything other than cash and affecting some of the ...
NVIDIA Fixes High-Severity Vulnerability in Drivers

NVIDIA Fixes High-Severity Vulnerability in Drivers

NVIDIA released a security update for its drivers, fixing several issues that could lead to denial of service, escalation of privileges, or information disclosure. The update covers multiple vulnerabilities affecting both the ...

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4

The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a ...
OpenBSD flaw

Qualys Reveals Critical OpenBSD Mail Server Security Flaw

Qualys Research Labs disclosed this week a security flaw in the OpenSMTPD mail server used within the OpenBSD operating system that allows a cyberattacker to execute arbitrary shell commands with elevated privileges ...
Security Boulevard
Zoom Bug Potentially Allowed Attackers to Find and Join Active Meetings

Zoom Bug Potentially Allowed Attackers to Find and Join Active Meetings

Remote conferencing services provider Zoom patched a vulnerability that could have allowed an attacker to find and join active meetings. Check Point explained that the issue stemmed from the way in which ...