Microsoft has released a critical security update patching five critical Vulnerabilities in the Font Library of the Microsoft Graphics component. The vulnerabilities affect all currently supported versions of Windows. Microsoft was able to develop and release patches before the vulnerabilities were publicly disclosed, and has released a notice addressing the following CVE's: CVE-2018-1010 CVE-2018-1012 CVE-2018-1013 CVE-2018-1015 CVE-2018-1016 The vulnerabilities exist [...]
A critical remote code execution vulnerability has been discovered in Cisco's Smart Install Client code. Remote attackers can leverage this vulnerability to execute arbitrary code without any authentication. This can also be used to create Denial of Service conditions. The vulnerability was initially presented at GeekPWN 2017 Hong-Kong May 13th, 2017, and was patched by [...]
Spectre CVE-2017-5753 -- CVE-2017-5715 Meltdown CVE-2017-5754 What are Meltdown and Spectre? Meltdown and Spectre are a set of critical vulnerabilities found in the design of processors dating back to 1995. Both vulnerabilities were discovered independently and announced together to allow vendors to develop and distribute patches. Meltdown, the more serious of the two, allows an attacker [...]
This blog post was written for rapid release. Please check back for further details and updates as it becomes available. A serious weakness in WPA2 was discovered and published this morning here, which allows an attacker within wireless range to exploit this weakness using a Key Reinstallation Attack (KRACKS). This discovery can be leveraged by potential attackers to capture encrypted [...]
ElevatedPrompt's CEO, Jason Ng, is featured in this week's Risk it podcast with Brayden York. Discussion on cybersecurity and risk. http://www.baseportfolio.com/riskitpodcast/15-cyber-breaches-and-proactive-protection-with-jason-ng Cybersecurity awareness and visibility is a vital part of keeping your organizations secure. Find out how ElevatedPrompt can help your organization today.