Posts by Erick Galinkin

2 min Research

Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

Rapid7 research has found that nearly 19,000 ESXi servers likely remain vulnerable to CVE-2021-21974, which is being exploited in the ESXiArgs campaign.

1 min Android

Leaked Android Platform Certificates Create Risks for Users

A new report contains 10 different platform certificates and malware sample SHA256 sums where the malware sample had been signed by a platform certificate.

3 min Emergent Threat Response

CVE-2022-42889: Keep Calm and Stop Saying "Text4Shell"

UPDATE 10/18/22: A previous version of this blog indicated that five JDK versions (JDK 15+) were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC []came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so this issue can be exploited on any JDK where a relevant engine can be leveraged. CVE-2022-42889, which some have begun calling “Text4Shell,”

6 min Ransomware

Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense

Last month, the Institute for Security and Technology’s Ransomware Task Force launched the Blueprint for Ransomware Defense.

1 min Emergent Threat Response

CVE-2022-27511: Citrix ADM Remote Device Takeover

On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.

5 min Russia-Ukraine Conflict

8 Tips for Securing Networks When Time Is Scarce

In light of increased cyber risk surrounding the Russia-Ukraine conflict, we’ve put together 8 tips that defenders can take right now to prepare.

5 min Hacky Holidays 2021

Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List

Like many organizations with big data problems, Santa has turned to machine learning to help him sort through his naughty and nice lists.

5 min Ransomware

The Ransomware Killchain

How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.

8 min Ransomware

Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever

Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.

6 min Detection and Response

Why the Robot Hackers Aren’t Here (Yet)

Over the years, we’ve seen security in general and vulnerability discovery in particular move from a risky, shady business to massive corporate-sponsored activities with open marketplaces for bug bounties.

2 min Emergent Threat Response

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.

8 min Emergent Threat Response

CVE-2021-34527 PrintNightmare: What You Need to Know

Vulnerability note: This blog originally referenced CVE-2021-1675, but members of the community noted the week of June 29 that the publicly available exploits that purported to exploit CVE-2021-1675 may in fact have been targeting a new vulnerability in the same function as CVE-2021-1675. This was later confirmed, and Microsoft issued a new CVE for what the research community originally thought was CVE-2021-1675. Defenders should now follow guidance and remediation information on the new vulnera