This article explains the pre-auth remote code execution exploit against Kaseya VSA that was used in the recent REvil ransomware attack. | Continue reading
This is a preliminary analysis of the SolarWinds Orion supply-chain nation-state attack. This is an ongoing analysis and more information will be published when available. | Continue reading
This is a preliminary analysis of the SolarWinds Orion supply-chain nation-state attack. This is an ongoing analysis and more information will be published when available. | Continue reading
Cross-site Scripting (XSS) has been around for almost two decades yet it is still one of the most common vulnerabilities on the web. Many second-line mechanisms have therefore evolved to mitigate the impact of the seemingly endless flow of new vulnerabilities. Quite often I meet … | Continue reading
In a recent penetration test on one of Sweden's largest financial institutions I discovered a flaw, CVE-2020-6836, that allowed remote code execution. | Continue reading