In August, I shared a blog on my most recent research project called Windows Downdate, which I first presented at Black Hat USA 2024 and DEF CON 32 (2024). In it, I explained how I was able to develop a tool to take over the Windows Update process to craft custom downgrades on critical OS components to expose previously fixed vulnerabilities. By using this downgrade ability, I discovered CVE-2024-21302, a privilege escalation vulnerability affecting the entire Windows virtualization stack.

The DNS involves resolving client’s queries with multiple hosts across different regions. Multiple servers help many organizations by increasing response rate and network efficiency for clients. But, some organizations have special demands that require a specific server to resolve queries for a particular domain name. DDI Central can solve this problem with its domain view feature.

Mobile Breakthrough Awards has named Forward Networks the winner of its “2024 Enterprise Cloud Computing Software of the Year” award. This is Forward Networks’ fifth consecutive award win for Enterprise Cloud Computing from Mobile Breakthrough’s Award program.

Social engineers rely on two key psychological triggers: urgency and empathy. When people feel rushed or that they are helping someone in need, their normal critical thinking is often overridden. Attackers don’t just hack systems; they hack people, and they’re exceptionally good at it.

Understanding what a threat vector is and its importance is fundamental in the realm of cybersecurity. Guaranteeing the security of your organization's systems, services, networks and applications is crucial, and protecting your threat vectors through effective prevention strategies is an effective method to achieve this.

Security information and event management (SIEM) systems are crucial to collecting and analyzing incoming cyber threats, but many companies need help to tune and monitor them properly. These firms enlist a security service provider to do it for them. That often leads to the question of whether a managed detection and response (MDR) service is also necessary. In short, yes, adding MDR is a strong move as it adds deep threat investigation, threat hunting, and response actions at the endpoint.

At Indiana University, OpenInfra Days North America 2024 was an event that brought together the brilliant minds of the open infrastructure community. For my teammate Kevin Jackson and I, this was not just another tech event; it was a long-overdue reunion with friends in the OpenStack community and an exciting opportunity to forge new relationships. The atmosphere was charged with collaboration and learning, with best practices, user journeys, and insightful panel discussions taking center stage.