Dave Farquhar

CVE-2021-21985 - Vulnerability Found in VMware vCenter Servers and Cloud Foundation

Overview On May 25, 2021, VMware released advisory VMSA-2021-0010 for two vulnerabilities impacting vCenter Server, which...

Sudo Vulnerability

Security researchers at Qualys disclosed a bug in sudo, a standard Linux and Unix utility for handling administrative rights....

What is Patch Management?

In a very broad sense, patch management is exactly what it sounds like: a method of patching up problems in computer operating...

Bad Neighbor Vulnerability

In the October monthly security rollups, Microsoft fixed two major issues in IPv6 ICMP protocol. One that can lead to remote...

Zerologon Vulnerability

Prior to August 2020, Secura BV security researcher Tom Tervoort discovered a flaw in the way Windows encrypts its authentication...

BootHole Vulnerability SPOT Report

In April 2020, security researchers at Eclypsium discovered a buffer overflow vulnerability in the Linux bootloader GRUB2...

SPOT Report - Apache Tomcat - GhostCat

Overview On January 3, 2020 researchers at Chinese security firm Chaitin Tech responsibly disclosed a critical vulnerability...

SPOT Report - Microsoft Crypt32 Certificate Validation flaw

Overview On January 14, 2020, the NSA and Microsoft disclosed a critical vulnerability in Microsoft’s CryptoAPI DLL, also...

Seven Monkeys Vulnerability - SPOT Report - August 2019 Patch Tuesday

Overview August Patch Tuesdays tend to get overlooked due to the many other things that come out of Black Hat and DEFCON....

1-day Vulnerabilities: The Limits of Following the Patch Tuesday Cycle

Many people are familiar with 0-day (Zero-Day) vulnerabilities. It’s one of my favorite interview questions. However,...