We’re posting some information on the newly announced Zip Slip vulnerability. Expect more information later today, but for now we wanted to post some information so you aren’t blindsided when management inevitably asks. The link to the vulnerability announcement is here. The Zip Slip vulnerability is a directory traversal vulnerability that is found in multiple […]
Archive | Vulnerabilities
Efail Recommendations
efail Vulnerabilities Vulnerability DisclosureMany Rendition Infosec clients are calling us today asking about the efail vulnerability. TL;DR – this isn’t a big deal for most of our enterprise users. Few of them use PGP and most of those that do use PGP to send files back and forth, not to encrypt the email natively. More than anything else, […]
DrupalGeddon 2.1 and the state of vulnerability management
Security Monitoring Threat Hunting VulnerabilitiesIf you’re running Drupal 7.x, 8.4.x, or 8.5.x, a new patch was released Wednesday. The patch was rated Critical with a score of 20/25. The Drupal team notified users two days before the patch was released so they could be ready to patch. The patch went live in the middle of the US workday, meaning […]
New Windows 7 and Server 2008R2 out of band patch
Meltdown Threat Hunting VulnerabilitiesMicrosoft usually only issues patches on the second Tuesday of every month (so-called “Patch Tuesday”). However, when there is a vulnerability that is being exploited in the wild (or is likely to be) Microsoft may issue an out of band patch. That’s exactly what happened yesterday. The vulnerability being patched was introduced when Microsoft patched […]
Atlanta government was compromised in April 2017 – well before last week’s ransomware attack
DOUBLEPULSAR MS17-010 Ransomware VulnerabilitiesLast Thursday, the City Of Atlanta suffered outages from a ransomware attack. During the press conference (recorded here), city officials indicated that they were invested in cyber security. They noted that they were working with state and federal law enforcement to resolve the incident and had even been in contact with the Secret Service. Officials […]
Vulnerability disclosure – did we get it right with Meltdown and Spectre?
Meltdown Responsible Disclosure Spectre Vulnerabilities Vulnerability DisclosureToday Rendition Infosec is releasing a blog post that we started writing more than a month ago. Why now? The dust has settled, that’s why. Prior to the dust settling on Meltdown and Spectre, we think this very important conversation would have been lost in the noise. In light of these vulnerabilities, we think it […]
Updated Spectre and Meltdown Presentation
Meltdown Spectre VulnerabilitiesToday I gave an updated presentation about Meltdown and Spectre for SANS APAC (at an APAC friendly time). I’ll post the video from the new webcast when I have it. In the meantime, you can download slides here: Updated Meltdown/Spectre Presentation Slides A few useful links from the presentation are included below: Verifying Meltdown/Spectre […]
Meltdown and Spectre – enterprise action plan
Meltdown Spectre VulnerabilitiesUnless you’ve been living under a rock for the last 24 hours, you’ve heard about the Meltdown and Spectre vulnerabilities. I did a webcast with SANS about these vulnerabilities, how they work, and some thoughts on mitigation. I highly recommend that you watch the webcast and/or download the slides to understand more of the technical […]
Meltdown and Spectre Vulnerability Slides and Video
Meltdown Spectre VulnerabilitiesUpdate (2018-01-08): I delivered another SANS webcast with updated information. Slides and useful links can be found here. Update: SANS has made the webcast freely available on YouTube. Thanks to all who joined the SANS Webcast on Meltdown and Spectre. The system unfortunately had issues that wouldn’t allow everyone to join that wanted to. I […]
WanaCrypt0r worm with kill switch patched out
Malware MS17-010 Vulnerabilities WanaCryUpdate: After performing some analysis, we’ve noted that the ransomware package (resource) in the worm is corrupted. This means that even though the worm will infect, it won’t encrypt your files. This is a GOOD THING. But machines are still being exploited with this worm variant. Patching is still the order of the day. […]