Peering Down the Remote Desktop Rabbit Hole
We take a brief look at the risk of exposing Microsoft’s Remote Desktop (RDP) directly to the Internet. TL;DR: Don't do it.
Dear Open Source, Can we ever trust you again?
CVE-2024-3094: Taking a look at the real implications of the XZ backdoor.
NetScaler CVE-2023-3519: Exploit Campaign Analysis
We take a detailed look into a global $100M exploit campaign using CVE-2023-3519 to attack Citrix NetScaler appliances.
Phishing with FIDO
How does FIDO based MFA prevent Phishing attacks? And could this protection be undermined by some very common vulnerabilities?
Why did Google weaken their own 2FA Authenticator?
Retool breach: Why did Google add a feature that increases risk to Authenticator 2FA users?
A Million Weak SSH Keys?
Automated vulnerability detection using Internet-visible shared SSH host keys.
Losing the Keys to the Kingdom
How did Microsoft lose control of a key that secures hundreds of millions of customer accounts?
We need to talk about Product Security
Why do vendors keep selling software with trivially exploitable vulnerabilities? And what can we do about it?
Is Your Network Infested with Zombies?
Are Zombie hosts exposing your network? Find out how to defend yourself against this lurking threat.
What is Attack Surface Management?
Attack Surface Management: What is it? And how do you do it?
Reading The Runes: Is the XORtigate vulnerability even worse than it looks?
What does XORtigate (CVE-2023-27997) tell us about Fortinet Product Security?
Aspera Under Attack
If you own or use an IBM Aspera deployment then you could be at risk. Read our analysis of CVE-2022-47986, CVE-2023-27284 and CVE-2023-27286.
The Importance of Risk Management
Why are so many organisations getting patch management wrong?
Patch or Be Damned
Measuring real-world patch time for Microsoft Exchange Server vulnerabilities.
Understanding Attack Surface
Lean about one of the most critical, and yet most misunderstood concepts in security.
