The Exploit

Notes from the Front Lines of Penetration Testing

Category: Security Recommendations

Get actionable cybersecurity advice from Raxis experts. Explore best practices, tips, and recommendations to strengthen your organization’s security.
  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

    By

    Raxis Research Team
    Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.
    Read More
  • Screaming person with smartphone
    Don’t Take the Smishbait

    By

    Bonnie Smyre
    Unwanted text messages are annoying, but some also hide malicious links. Here are some ways to avoid being “smished.”
    Read More
  • JavaScript Execution to Display User's Cookie in an Alert Box
    ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

    By

    Raxis Research Team
    Raxis’ Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this time in the Applications Manager product (CVE-2021-31813).
    Read More
  • Two people at laptops sending data at each other
    Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy

    By

    Bonnie Smyre
    Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ Bonnie Smyre explains why this Cold War strategy is not effective.
    Read More
  • .be .wa .re .sc .am .me .rs
    A High-Tech Take on an Old-Time Scam

    By

    Brian Tant
    Don’t fall prey to scammers trying to convince you that your domain name is about to be stolen by an overseas company.
    Read More
  • SonicWall
    SonicWall Patches Three Zero-Day Vulnerabilities

    By

    Raxis Research Team
    Cybersecurity company SonicWall has released patches for three zero-day vulnerabilities that are currently being exploited.
    Read More
  • Emblem of the Foreign Intelligence Service of the Russian Federation
    NSA, FBI, CISA Statement on Russian SVR Activity

    By

    Raxis Research Team
    The US government is warning businesses to beware of vulnerabilities being exploited by the Russian Foreign Intelligence Service (SVR RF). But that’s not the only group taking advantage. Here’s what you should do.
    Read More
  • Security Cameras
    Three Questions to Ask Before Connecting a Device to the Internet

    By

    Scottie Cole
    Should you connect your latest device to the Internet? Lead Penetration Tester Scottie Cole recommends asking yourself some questions before you do.
    Read More
  • Hands holding mobile phone
    Why Companies Shouldn’t Overlook Mobile Application Testing

    By

    Brian Tant
    Penetration tests are as important for mobile applications as they are for their web app counterparts. Here’s why.
    Read More
  • How to Pull Off a Mousejacking Attack
    How to Pull Off a Mousejacking Attack

    By

    Raxis Research Team
    Raxis’ penetration testing team demonstrates how to conduct a mousejacking attack to gain access as part of a penetration test.
    Read More
  • Penguin with red cross
    Sudo Privilege Escalation Vulnerability Discovered

    By

    Raxis Research Team
    Qualys has discovered and reported a serious vulnerability (CVE-2021-3156) affecting the sudo utility. Patches are now available and Raxis recommends applying them immediately.
    Read More