Log4Shell – Lessons Learned in 30 Days

On Decemberr 9th, 2021 the web was turned on its head with the disclosure of a high severity vulnerability coined #log4shell. At the time we wrote an article on how this new vulnerability shines the light on the effectiveness of Web Application Firewalls (WAF) as a defensive control but we didn’t dive deep into the…

Read More

WordPress 5.8.3 Security Release

Some nice finds in today’s release. Be sure to update. Props to all the contributors for responsibly disclosing Security Updates Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted…

Read More

Cloud-based Web Application Firewalls (WAF) & The Log4J Vulnerability

Every CIO / CISO worth their weight has spent the better part of four days trying to under the Log4J Vulnerability and more importantly, their organizations unique exposure.   This article won’t dive into the vulnerability, that is being covered at nauseum and some organizations are doing exceptionally well with their write-ups. Here are some…

Read More

WordPress Forced Updates vs Auto-Updates and Abusing User Defined Intent

On June 1st, Automattic’s JetPack plugin released an update to patch an exploitable vulnerability. The vulnerability was found in their Carousel feature. The release invites plugin users to update their version. It warns that while it’s not known to be actively exploited it could be now that it’s been released. One thing it fails to…

Read More