In February 2016, Apple announced that it would fight the FBI’s court order to break the encryption of the iPhone of one of the San Bernardino attackers. We wrote a …

Read Story

One of our researchers—Mike Brooks, also known as rook—found two high-risk vulnerabilities in the CA Single Sign-On (formerly CA SiteMinder®) application, created by CA Technologies. These vulnerabilities’ implications include the …

Read Story

Amazon and other cloud providers have made it child’s play to spin up ephemeral server instances for quick deployment of various services. If you want a web server to host your …

Read Story

In our previous post, we discussed how to minimize security risk and data loss by securing the AWS environment. In this installment of our series, we will continue exploring this …

Read Story

In May of 2014, Microsoft released Security Bulletin MS14-025. The vulnerability described in this disclosure could allow for the elevation of privilege if Active Directory Group Policy is used to …

Read Story

During an audit of ColdFusion 10 and 11’s administration panel, I discovered a reflected, DOM-based cross-site scripting flaw, and in this blog post, I will show you how to leverage …

Read Story

This blog post was authored by Security Associate Zach Julian; you can connect with him on Twitter here. Border Gateway Protocol (BGP) is a crucial component of the Internet, responsible …

Read Story

Subscribe by Email