In last week’s blog, I mentioned the Apache Struts vulnerability, which is still making headlines as estimates show that as many as 65 percent of Fortune 500 companies use it in some form. In addition, Equifax claims it has played a role in their breach affecting more than 143 million Americans. On July 11, 2017,…

Earlier this week, a ‘severe’ vulnerability was discovered in Apache Struts, an open source framework for developing applications in Java. The vulnerability, CVE-2017-9805, affects all versions of Struts since 2008 and all applications using the framework’s REST plugin are vulnerable. Trend Micro has released DVToolkit CSW file CVE-2017-9805.csw for the Apache Struts 2 Vulnerability to…

The only topic I can bring up this week is the devastation in Texas caused by Hurricane Harvey. Many cities have been completely destroyed and to add insult to injury, Harvey moved back to the Gulf of Mexico and made landfall again in Louisiana. Catastrophic flooding has left tens of thousands without their homes and…

In last week’s blog entry, I mentioned the fact that the Zero Day Initiative (ZDI) published two zero-day advisories (ZDI-17-691 and ZDI-17-692) for vulnerabilities found in Foxit Reader after Foxit failed to meet the 120-day deadline outlined in ZDI’s disclosure policy. Since the public disclosure, Foxit has reached out to ZDI and has committed to…

One of my favorite movies is the 1999 comedy “Galaxy Quest,” which features the cast of a science-fiction television series similar to Star Trek. In the movie, the crew is visited by real aliens who ask them for help against an intergalactic adversary because they believe that Galaxy Quest is a documentary of historical documents…

Earlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost…

During the DefCon Conference last week, a Windows SMB vulnerability was revealed by researchers from RiskSense. The 20-year-old bug can be found in Windows 2000 up to Windows 10. Microsoft has indicated that it will not be issuing a patch for the vulnerability as it doesn’t meet their bar for servicing in a security update….

This week, I attended the Black Hat conference in Las Vegas, Nevada. 2017 marked the 20th anniversary of the Black Hat conference. A lot has certainly changed since I started attending back in 2002. I’m sure that many will have their opinions on the central themes that they saw at the conference (artificial intelligence was…

If you conduct a search on the Web for the number of languages spoken around the world, you’ll see numbers ranging anywhere from 6,000-7,000. I figure I’m doing okay since I can speak English and Spanish, sign the English alphabet, recite the Greek alphabet, and read music. There are roughly over 1.2 billion web sites…

Before the world of laptops, tablets and smart phones, some of us had to use paper-based solutions to keep track of our calendars and to-do lists. I used a Franklin Planner, where I kept track of my calendar as well as my never-ending to-do list. The Franklin Planner used the “ABC” system to help you…