Archive | 2018

Zip Slip Vulnerability – Updated

We’re posting some information on the newly announced Zip Slip vulnerability. Expect more information later today, but for now we wanted to post some information so you aren’t blindsided when management inevitably asks. The link to the vulnerability announcement is here. The Zip Slip vulnerability is a directory traversal vulnerability that is found in multiple […]

GA SB315 – Rendition Infosec’s thoughts

Rendition Infosec has been in lock step with other cybersecurity companies being vocal in our opposition to GA SB315, an extremely flawed piece of legislation that will likely hurt cyber security organizations that operate in GA. The bill itself is extremely poorly worded and leaves much to the discretion of prosecutors and judges. For instance, […]

Hacking back – is it the right move?

Today, the New Yorker published an article on hacking back. Many clients ask us about hacking back and we regularly tell them it’s a bad idea. When we press them for what the goal of the hacking back is, they can’t articulate what value it is likely to provide (other than making them feel good). […]

New Windows 7 and Server 2008R2 out of band patch

Microsoft usually only issues patches on the second Tuesday of every month (so-called “Patch Tuesday”). However, when there is a vulnerability that is being exploited in the wild (or is likely to be) Microsoft may issue an out of band patch. That’s exactly what happened yesterday. The vulnerability being patched was introduced when Microsoft patched […]

Rendition Infosec and Cybereason to hold joint webinar 5/9/2018

THE EVOLVING CYBERSECURITY LANDSCAPE A WEBINAR WITH RENDITION INFOSEC AND CYBEREASON   Webinar Description: Join Cybereason and Rendition Infosec, LLC Wednesday, May 9th, at 1:00pm EDT for a live webinar where we discuss how cybersecurity is developing as a practice.   Register Here: https://www.cybereason.com/cybereason-rendition-webinar   First, we’ll discuss the cybersecurity landscape, understanding recent trends and […]

Atlanta government was compromised in April 2017 – well before last week’s ransomware attack

Last Thursday, the City Of Atlanta suffered outages from a ransomware attack. During the press conference (recorded here), city officials indicated that they were invested in cyber security. They noted that they were working with state and federal law enforcement to resolve the incident and had even been in contact with the Secret Service. Officials […]