Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) – RCE possible in non-default configurations The Apache Software Foundation
Author: Francisco Donoso
Francisco Donoso leads the Managed Security Services Architecture team here at Kudelski Security.
CredManifest: Azure AD Information Disclosure Leading to Privilege Escalation & Free Tool Released
Summary On November 17th, 2021 Microsoft disclosed the existence of a high severity information disclosure vulnerability impacting Azure Active Directory (Azure AD) that could allow
Microsoft Active Directory Netlogon Elevation of Privilege CVE-2020-1472
Summary On August 11th, 2020 Microsoft publicly disclosed the existence of a critical severity Elevation of Priviledge (EOP) vulnerability that impacts all recent versions of Windows Server
Security Advisory: Microsoft Windows DNS Server Remote Code Execution Vulnerability
Summary On July 14th, 2020 Microsoft publicly disclosed the existence of a critical severity vulnerability in all recent versions of the Microsoft Windows Server operating
Security Advisory: F5 BIG-IP Critical Severity RCE Vulnerability CVE-2020-5902
Updated on July 7th, 2020: The Cyber Fusion Center has learned that the original mitigation guidance provided by F5 was incomplete and has been bypassed.
Critical Vulnerabilities Cisco Smart Install Actively Exploited to Cause Mass Network Outages (CVE-2018-0171 & CVE-2018-0156)
Summary The Cyber Fusion Center has learned of malicious, seemly automated, exploitation of recent Cisco IOS and Cisco IOS XE critical vulnerabilities (CVE-2018-0171 & CVE-2018-0156)
Kudelski Security Research 