Summary An anonymous attacker used a verification problem in the Wormhole program and 80000 wETH were pulled out of the Wormhole contract. The problem was
PwnKit: Local Privilege Escalation (LPE) in Polkit’s pkexec (CVE-2021-4034)
Summary On January 25, researchers at Qualys disclosed a high severity local privilege escalation (LPE) vulnerability affecting Linux’s policy kits (Polkit) pkexec utility. Pkexec is
Assessing the Security of GPS Theft Recovery Systems: A Laboratory Analysis of Spireon MM18 (Kahu/LoJack)
Author: Karim S., Security Expert, Kudelski IoT Security Last year, Kudelski IoT Security Labs performed several analyses of vehicle theft recovery systems to understand their
Zero Trust Access to Kubernetes
Over the past few years, Kudelski Security’s engineering team has prioritized migrating our infrastructure to multi-cloud environments. Our internal cloud migration mirrors what our end clients
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 & CVE-2021-45046)
Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) – RCE possible in non-default configurations The Apache Software Foundation
CredManifest: Azure AD Information Disclosure Leading to Privilege Escalation & Free Tool Released
Summary On November 17th, 2021 Microsoft disclosed the existence of a high severity information disclosure vulnerability impacting Azure Active Directory (Azure AD) that could allow
Kudelski Security Research 