Analysis of CVE-2024-30078, a Windows Wi-Fi driver vulnerability. Detailed root cause analysis and exploitation constraints.

In software development, CI/CD practices are now standard, helping to move code quickly and efficiently from development to production. Azure DevOps, previously known as Team Foundation Server...

Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX

Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…

Good day!

In this post we describe an analysis of the security patches introducted by GitHub Enterprise Server (GHES) release 3.11.3.

Long time no see! After 3 years of no new blog posts and also no conference talks from my side, I decided it’s time to write again. I’ll start easy with a fun story that happened a while …

URGENT: Critical security advisory for Kibana users. Update to version 8.15.1 now to mitigate vulnerabilities CVE-2024-37288 and CVE-2024-37285.

Modern web browsers have the capability to store web application based credentials of users in an encrypted format. This functionality has been seen as a security improvement towards the password h…

As the second Tuesday of September 2024 approaches, SAP administrators and security professionals are preparing for another crucial event: SAP Security Patch Day. This month’s release addresses several vulnerabilities across various SAP products and components…

Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.

Discover critical Feeld app vulnerabilities from our pentest. See how flaws in security controls expose personal data and learn key fixes.

We layout the different levels of maturity your organization may be at in their Security Canary Maturity, as well as discussing the value in maturity models themselves.

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.


Summary

What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms…

Explore Cleafy's analysis of a newly discovered TrickMo variant, revealing enhanced malware capabilities and critical endpoints used for storing stolen credentials and data from victims. Here is the latest threat analyst report.

Misconfigurations are often the weakest link in an otherwise secure environment. One of the most dangerous yet easily overlooked…