A technical analysis of the two newly released high severity vulnerabilities in OpenSSL, dubbed CVE-2022-3786 and CVE-3602.
Author: Pinaki Mondal
Wave 9 of Project Resonance was conducted to determine the security posture of the exposed Kubernetes clusters around the internet. Over 500,000 unsecured Kubernetes instances were discovered during the course of the research.
Web applications are the cornerstone of anything on the publicly accessible internet. Due to the complexities of the software development life cycle, developers tend to embed secrets within the source code of the applications. As the code-base enlarges, developers often fail to redact the sensitive data before deploying it to production.
CVE-2022-0847 dubbed the “Dirty Pipe”, is a privilege escalation vulnerability in the Linux Kernel. We demonstrate the vulnerability and analyze it in depth.
Internet-wide research on the security posture of databases exposed on the internet. This blog contains all the specifics and analysis of results.
This blog post is about misconfigured CNAME records that can cause subdomain takeovers on a massive scale.