Summary CVE-2022-0847 was disclosed on March 7th and since has been named “Dirty Pipe”. This linuxkernel vulnerability is caused by improperly handling flags on Linux
Web3 and Security: It’s Time To Grow Up
Hello Web3/blockchain world, great job. You got people to take you seriously, trusting your projects and investing their money. You’ve sold people on your innovations,
Quick Analysis of the Wormhole attack
Summary An anonymous attacker used a verification problem in the Wormhole program and 80000 wETH were pulled out of the Wormhole contract. The problem was
PwnKit: Local Privilege Escalation (LPE) in Polkit’s pkexec (CVE-2021-4034)
Summary On January 25, researchers at Qualys disclosed a high severity local privilege escalation (LPE) vulnerability affecting Linux’s policy kits (Polkit) pkexec utility. Pkexec is
Zero Trust Access to Kubernetes
Over the past few years, Kudelski Security’s engineering team has prioritized migrating our infrastructure to multi-cloud environments. Our internal cloud migration mirrors what our end clients
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 & CVE-2021-45046)
Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) – RCE possible in non-default configurations The Apache Software Foundation
Kudelski Security Research 