Cyber Security Awareness and Vulnerabilities Blog

In this post, I'm going to share a deeply technical explanation regarding the challenging work involved in exploiting a Windows-based vulnerability I discovered (CVE-2012-0181) and how it was exploited within Windows 2003, Windows Vista and Windows 2008. Although this is a first-time publication of…

Read More

It was an exciting month getting ready for the release of CORE Impact Pro v12.3 - including a lot of phone calls with customers to review how their feature requests were being implemented into Impact -  and lots of fun planning with internal…

Read More

As a security researcher and member of the CORE Security Consulting Services team, and close partner with CORE Labs here in Buenos Aires, I need to perform security analysis of complex enterprise IT environments with software installations from any number of vendors. These…

Read More

I’ve been advocating for the use of email born phishing tests against the user population within companies for over six years now, and I have to admit the fight is a complex one. Most of the network and security analysts I talk to…

Read More

Looking at the Microsoft Security Bulletin for May 2012 just issued this afternoon I suspect we will see a lot of noise regarding Bulletins 1, 2 and 3. However, it would be dangerous for IT professionals to not take Bulletins 6 and 7…

Read More

Corporate espionage is a huge problem for businesses and individuals alike as there is both intellectual property (IP) and  employee/customer data at risk. Your HR department has a lot of information about you, including bank account numbers for direct deposits. Your company’s digital IP ranges from proprietary…

Read More

Online attackers never stand still and neither does the Exploit Writing Team stationed at CORE Labs. This past March, we added 25 exploit modules to our Security Testing framework that cover a wide range of technologies and target the biggest online threats our…

Read More

Last week as Patch Tuesday (which was today) approached, I wondered about the efforts of admins everywhere to understand, test and then apply those patches that are applicable for their environment. I wonder if it would be possible to measure the combined effort of…

Read More

The fairy tale is over folks. The belief (and at times, the stated position) that Apple’s Macs were immune to attacks and therefore did not need anti-virus or other defenses has finally been shattered. Those of us in the security industry have been…

Read More

Interview with Terrell Herzig who is the Information Security Officer at the University of Alabama at Birmingham (UAB) Health System. Terrell is also UAB’s HIPAA Security Officer, an Adjunct Professor of Health Informatics Program at UAB, and the editor of Information Security in…

Read More