Cyber Security Awareness and Vulnerabilities Blog

Patch Tuesday is over and colleagues are busy sorting through various remedies from Microsoft to figure out what they are fixing. (For more on this process in action, go here.) As you may know, Patch Tuesday occurs during the second week of each month, with a summary of…

Read More

As always Berlin was amazing. Seemed like yesterday. It was my second year attending both the Chaos Communications Congress (28C3) and Berlinsides (0x2) that immediately follows - but it was my first year speaking at either.    Unfortunately John Strauchs and our exploit writer Dora (the…

Read More

News out of Cupertino this week regarding a network breach and the resulting stolen source code representing four major security products is enough to make any CISO go prematurely gray. We understand the fire drills involved when you have a security technology compromised. In…

Read More

As the manager (and former lead engineer) of the “security intelligence” portions of our Insight product, I’m often tasked with thinking about security in different ways. A big part of that is finding weaknesses in everyday technologies that could be used to exploit…

Read More

There is some buzz surrounding today’s (November 30) “new” release of an exploit for CVE-2011-3544 by Metasploit that takes advantage of a vulnerability in the Java Runtime Environment (JRE) to execute code on a vulnerable system. Core released its own exploit for CVE-2011-3544 to…

Read More

I am thinking about all the new ways mobile technology saved me from potential road rage in the mall parking lot this past weekend (especially Friday). To be precise, I much prefer the idea of strolling around various stores before Thanksgiving, find things…

Read More

For better or for worse, I don't think there is anyone in the security field today that doesn't understand the value of security researchers, and their work to discover vulnerabilities within technologies in use by businesses and consumers. In fact, for a lot…

Read More

By default, when attacking a mobile device in Core Impact Pro, we would use the Client-Side Rapid Penetration Test (RPT).  This method gives us the ability to generate, host, and send an email with a link to a malicious webpage or a malicious…

Read More

We have to take a more aggressive approach to security across the board - because those who attack our networks aren’t signing a code of ethics and they aren’t following a playbook. They will do anything and everything they can to achieve their…

Read More

There's been another worm making its way around networks over the past couple months; it's called Morto. There are a few different variants of this worm, but the way it works and how it infects a machine is the same for each variant,…

Read More