Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.

It’s dangerous to defend the registry alone! Take this!

CISA has revealed the first draft for an update of the Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022

In the ever-evolving landscape of cybersecurity, staying one step ahead of potential threats is crucial. As a security architect, your role…

xz-utils backdoor situation (CVE-2024-3094). GitHub Gist: instantly share code, notes, and snippets.

Please note: This is being updated in real-time. The intent is to make sense of lots of simultaneous discoveries

In the realm of cybersecurity, Advanced Persistent Threat (APT) groups continue to evolve and adapt, often employing innovative techniques…

Many individuals outside the realm of cybersecurity often underestimate the intricacies involved in a security professional’s role. Since its inception in 2012, the CISO MindMap has served as a valuable educational resource, offering insights into CISO responsibilities…

Hello Everyone, over the years I’ve written many articles/summaries that for some reason I kept to myself and didn’t think to share them…

erev0s blog for cyber security and more

The amazingly scary xz sshd backdoor, Author: Bojan Zdrnja

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered…

Google recently disclosed two critical vulnerabilities (CVE-2024-29745 and CVE-2024-29748) affecting Pixel smartphones that are being actively exploited by forensic companies. These zero-day flaws could potentially allow unauthorised access to user data.

 
Dear Microsoft Active Directory friends,
 
In this article we are going on a "search for clues" :-). In the life of an IT administrator, you have...