Zip Slip Vulnerability – Updated

We’re posting some information on the newly announced Zip Slip vulnerability. Expect more information later today, but for now we wanted to post some information so you aren’t blindsided when management inevitably asks. The link to the vulnerability announcement is here. The Zip Slip vulnerability is a directory traversal vulnerability that is found in multiple […]

Efail Recommendations

Many Rendition Infosec clients are calling us today asking about the efail vulnerability. TL;DR – this isn’t a big deal for most of our enterprise users. Few of them use PGP and most of those that do use PGP to send files back and forth, not to encrypt the email natively. More than anything else, […]

DrupalGeddon 2.1 and the state of vulnerability management

If you’re running Drupal 7.x, 8.4.x, or 8.5.x, a new patch was released Wednesday. The patch was rated Critical with a score of 20/25. The Drupal team notified users two days before the patch was released so they could be ready to patch. The patch went live in the middle of the US workday, meaning […]

New Windows 7 and Server 2008R2 out of band patch

Microsoft usually only issues patches on the second Tuesday of every month (so-called “Patch Tuesday”). However, when there is a vulnerability that is being exploited in the wild (or is likely to be) Microsoft may issue an out of band patch. That’s exactly what happened yesterday. The vulnerability being patched was introduced when Microsoft patched […]

Atlanta government was compromised in April 2017 – well before last week’s ransomware attack

Last Thursday, the City Of Atlanta suffered outages from a ransomware attack. During the press conference (recorded here), city officials indicated that they were invested in cyber security. They noted that they were working with state and federal law enforcement to resolve the incident and had even been in contact with the Secret Service. Officials […]

Vulnerability disclosure – did we get it right with Meltdown and Spectre?

Today Rendition Infosec is releasing a blog post that we started writing more than a month ago. Why now? The dust has settled, that’s why. Prior to the dust settling on Meltdown and Spectre, we think this very important conversation would have been lost in the noise. In light of these vulnerabilities, we think it […]

Updated Spectre and Meltdown Presentation

Today I gave an updated presentation about Meltdown and Spectre for SANS APAC (at an APAC friendly time).  I’ll post the video from the new webcast when I have it.  In the meantime, you can download slides here: Updated Meltdown/Spectre Presentation Slides   A few useful links from the presentation are included below: Verifying Meltdown/Spectre […]

Meltdown and Spectre – enterprise action plan

Unless you’ve been living under a rock for the last 24 hours, you’ve heard about the Meltdown and Spectre vulnerabilities. I did a webcast with SANS about these vulnerabilities, how they work, and some thoughts on mitigation. I highly recommend that you watch the webcast and/or download the slides to understand more of the technical […]

Meltdown and Spectre Vulnerability Slides and Video

Update (2018-01-08): I delivered another SANS webcast with updated information. Slides and useful links can be found here. Update: SANS has made the webcast freely available on YouTube. Thanks to all who joined the SANS Webcast on Meltdown and Spectre.  The system unfortunately had issues that wouldn’t allow everyone to join that wanted to. I […]

WanaCrypt0r worm with kill switch patched out

Update: After performing some analysis, we’ve noted that the ransomware package (resource) in the worm is corrupted.  This means that even though the worm will infect, it won’t encrypt your files.  This is a GOOD THING.   But machines are still being exploited with this worm variant.  Patching is still the order of the day. […]

Your cart
subtotal:
$0.00

This will be copy area - something to the effect of estimated ship time if applicable

CONFIDENTIAL

Rendition's advanced courses contain the latest in information security knowledge. Please contact us for more information.

This page has proprietary information in it, please contact us for more information.