Hafnium, a state-sponsored APT group, is believed to have potentially
compromised tens of thousands of organizations globally by leveraging
multiple 0-day vulnerabilities (such as CVE-2021-26855, CVE-2021-26857,
CVE-2021-26858, and CVE-2021-27065) af...
Zerologon (CVE-2020-1472) is a vulnerability with a perfect CVSS score
of 10/10 being used in the wild by attackers, allowing them to gain
admin access to a Windows Domain Controller. As more public exploits for
this vulnerability are being published...
The Maze ransomware has recently been making the news due to some
high-profile infections. In addition to requesting, in some instances,
ransoms of 6+ million USD to regain access to the files, the group
behind the malware has also leaked some of the...
With the sudden surge in popularity for Zoom meetings, an increase
interest has been seen by white/grey/black hats to identify potential
vulnerabilities and weaknesses.One of the recent popular security
weaknesses identified is around the way a UNC p...
It is possible to add RSA NetWitness as a Search Engine in Chrome, which
allows to run queries directly from the address bar. The following are
the steps to follow in your browser to set this up. Start by navigating
to your NetWitness instance on the...
Hi David. This is because I still had the old SMB parser enabled in my
environment (it should be disabled), and that parser registers it under
the username meta key. As seen in the below screenshot for the same
dataset, the same meta is extracted und...
Hello Dipin, You could create an application rule on the packet decoder
that matches all the traffic for which you don't want to store the
packets for (such as "did exists" to match all traffic) and then enable
"Stop Rule Processing" and chose "Trunc...
