PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor[…]

Screaming person with smartphone
Don’t Take the Smishbait

Unwanted text messages are annoying, but some also hide malicious links. Here are some ways[…]

JavaScript Execution to Display User's Cookie in an Alert Box
ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

Raxis’ lead penetration tester Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this[…]

Two people at laptops sending data at each other
Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy

Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ COO Bonnie Smyre,[…]

.be .wa .re .sc .am .me .rs
A High-Tech Take on an Old-Time Scam

Don’t fall prey to scammers trying to convince you that your domain name is about[…]

SonicWall
SonicWall Patches Three Zero-Day Vulnerabilities

Cybersecurity company SonicWall has released patches for three zero-day vulnerabilities that are currently being exploited.

Emblem of the Foreign Intelligence Service of the Russian Federation
NSA, FBI, CISA Statement on Russian SVR Activity

The US government is warning businesses to beware of vulnerabilities being exploited by the Russian[…]

Remediating Account Enumeration Vulnerabilities
Remediating Account Enumeration Vulnerabilities

Account enumeration reveals to an attacker whether or not he or she has valid user[…]

Security Cameras
Three Questions to Ask Before Connecting a Device to the Internet

Should you connect your latest device to the Internet? Lead Penetration Tester Scottie Cole recommends[…]

Hands holding mobile phone
Why Companies Shouldn’t Overlook Mobile Application Testing

Penetration tests are as important for mobile applications as they are for their web app[…]

How to Pull Off a Mousejacking Attack
How to Pull Off a Mousejacking Attack

Raxis demonstrates how to conduct a mousejacking attack as part of a penetration test.

Penguin with red cross
Sudo Privilege Escalation Vulnerability Discovered

Qualys has discovered and reported a serious vulnerability (CVE-2021-3156) affecting the sudo utility. Patches are[…]