Summary Okta is one of the premier identity providers in the World and is trusted by thousands of customers. The recently known Lapsus$ threat actor
Category: Vulnerability Notification
PwnKit: Local Privilege Escalation (LPE) in Polkit’s pkexec (CVE-2021-4034)
Summary On January 25, researchers at Qualys disclosed a high severity local privilege escalation (LPE) vulnerability affecting Linux’s policy kits (Polkit) pkexec utility. Pkexec is
Critical Vulnerabilities Cisco Smart Install Actively Exploited to Cause Mass Network Outages (CVE-2018-0171 & CVE-2018-0156)
Summary The Cyber Fusion Center has learned of malicious, seemly automated, exploitation of recent Cisco IOS and Cisco IOS XE critical vulnerabilities (CVE-2018-0171 & CVE-2018-0156)
Meltdown & Spectre Attacks on CPU Flaws
Summary On January 3rd 2018, several hardware flaws affecting modern processors were publicly disclosed by security researchers. These flaws are exploitable by attacks nicknamed “Meltdown”
Key Reinstallation Attacks (KRACK) affecting WPA Protocol – Advisory
Summary On October 16th, several vulnerabilities affecting the Wi-Fi Protected Access II (WPA2) protocol were disclosed by security researchers in coordination with the U.S CERT.
Security Advisory – Critical Apache Struts Vulnerability (CVE-2017-9805)
Summary On September 5, 2017, a critical remote code execution vulnerability (CVE-2017-9805) was disclosed in the Apache Struts framework. Apache Struts is a popular open
Kudelski Security Research 