In August, I shared a blog on my most recent research project called Windows Downdate, which I first presented at Black Hat USA 2024 and DEF CON 32 (2024). In it, I explained how I was able to develop a tool to take over the Windows Update process to craft custom downgrades on critical OS components to expose previously fixed vulnerabilities. By using this downgrade ability, I discovered CVE-2024-21302, a privilege escalation vulnerability affecting the entire Windows virtualization stack.

Cyberattacks are getting more sophisticated and frequent. Malicious attackers take advantage of vulnerabilities in security systems, resulting in data breaches, ransomware, and downtime. Tools like EDR and NDR are usually used separately, which may not give the complete effectiveness one is looking for. Whereas Extended Detection and Response (XDR) is a solution that unifies all security data, giving you better insight and quicker threat detection.

The DNS involves resolving client’s queries with multiple hosts across different regions. Multiple servers help many organizations by increasing response rate and network efficiency for clients. But, some organizations have special demands that require a specific server to resolve queries for a particular domain name. DDI Central can solve this problem with its domain view feature.

Feeling overwhelmed by alerts? You’re not alone. At SOC Analyst Appreciation Day (SAAD) 2024, we heard from countless analysts facing the same challenges of burnout, perfectionism, and the need for mentorship. With a fantastic line-up of speakers, including John Hammond, Ron Eddings, Peter Coroneos from Cybermindz, and other security leaders, this year’s event provided valuable insights and sparked engaging discussions.

In 2024, healthcare organizations face heightened security challenges, mainly as they increasingly rely on Application Programming Interfaces (APIs) to support critical functions. APIs have become indispensable in driving digital transformation and improving operational efficiencies across healthcare systems. However, the rising complexity and volume of APIs, alongside insufficient security practices, have created a vulnerable environment ripe for exploitation.

Your antivirus protects your workstation from malware, but how do you protect your business from Advanced Persistent Threats?

Traditional cybersecurity practices often work to obstruct users rather than help them. In this article, we explore this phenomenon and ways to refocus on user-centered security.

There are several tactics that threat actors can use to access cloud environments, services, and data. A common example is lateral movement, which involves techniques that enable a threat actor to pivot from one host to the next within an environment. This type of activity often uses other tactics, such as initial access and privilege escalation, as part of a larger attack flow.