Written by Lina Jiménez Becerra, Anton Jörgensson and Mark Stueck of the Kudelski Security Threat Detection & Research Team CVE-2023-23397: Ability to exploit an Elevation
CVE-2023-27532 – Veeam Backup & Replication Vulnerability Exposes Stored Credentials, No Auth Necessary
Written by Mark Stueck and Scott Emerson of the Kudelski Security Threat Detection & Research Team CVE-2023-27532: Unauthenticated Access to Cleartext Credentials Possible Through Veeam Backup
Addressing Risks From AI Coding Assistants Paper
With all of the hype lately around AI and Large Language Models (LLMs) following the release of demos such as ChatGPT, what tends to get
Polynonce: A Tale of a Novel ECDSA Attack and Bitcoin Tears
Introduction In this blog post, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets
Releasing a timelocked responsible disclosure
We have previously announced a timelocked responsible disclosure and it is accessible since February 23, 2023 at 00:00 (CEST). The previously encrypted report can now
PBR and Kittens: A Case Involving APT 35 Presented @ CactusCon 11
At the end of January 2023, James Navarro and Jacob Wellnitz from Kudelski Security’s US Incident Response team spoke at CactusCon 11 in Mesa, Arizona.
Kudelski Security Research 