Summary On January 25, researchers at Qualys disclosed a high severity local privilege escalation (LPE) vulnerability affecting Linux’s policy kits (Polkit) pkexec utility. Pkexec is
Author: Francisco Donoso
Francisco Donoso leads the Managed Security Services Architecture team here at Kudelski Security.
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 & CVE-2021-45046)
Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) – RCE possible in non-default configurations The Apache Software Foundation
CredManifest: Azure AD Information Disclosure Leading to Privilege Escalation & Free Tool Released
Summary On November 17th, 2021 Microsoft disclosed the existence of a high severity information disclosure vulnerability impacting Azure Active Directory (Azure AD) that could allow
Microsoft Active Directory Netlogon Elevation of Privilege CVE-2020-1472
Summary On August 11th, 2020 Microsoft publicly disclosed the existence of a critical severity Elevation of Priviledge (EOP) vulnerability that impacts all recent versions of Windows Server
Security Advisory: Microsoft Windows DNS Server Remote Code Execution Vulnerability
Summary On July 14th, 2020 Microsoft publicly disclosed the existence of a critical severity vulnerability in all recent versions of the Microsoft Windows Server operating
Security Advisory: F5 BIG-IP Critical Severity RCE Vulnerability CVE-2020-5902
Updated on July 7th, 2020: The Cyber Fusion Center has learned that the original mitigation guidance provided by F5 was incomplete and has been bypassed.
Kudelski Security Research 