Suzanne Burdick

Threat Overview Earlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire year. This exploit has caught the attention of a hacking group linked to Russian military intelligence that is using it to target European organizations. CVE-2023-23397 allows threat actors to steal NTLM credentials of...

Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the...

TeamFiltration was publicly released during the DefCON30 talk, “Taking a Dump In The Cloud”. Before the public release, TeamFiltration was an internal tool for TrustedSec’s offensive security operations, which was shared internally back in January 2021. In short terms, TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring Office 365 Azure AD accounts....

Register The latest version of the Payment Card Industry Data Security Standard (PCI DSS) has arrived. PCI DSS 4.0 contains updates to existing requirements to clarify potential misinterpretations and reflect advances in Information Security technology. New requirements are also introduced...

One name, many meanings. Validating the effectiveness of your security controls through penetration testing is a crucial element in constructing a robust security posture. However, performing the wrong level of analysis can be frustrating or even give an organization a...

Recorded on Tuesday, March 15th, 2022 at 1pm Eastern On February 27, 2022, a cache of chat logs from the notorious ransomware group Conti was anonymously leaked to the public. The leak revealed previously unpublished information about the group’s internal...