Pager 12 - Senthorus Blog

CVE-2020-1472 - Zerologon

Zerologon (CVE-2020-1472) is a critical flaw allowing attackers to gain domain admin access via Netlogon by exploiting weak AES encryption.

By Leo Duntze

Malware Analysis Report

Cloud Snooper Threat Report

Read the full "Cloud Snooper Threat Report" PDF to learn more about this threat.

By Natacha Bakir

Confluence Zero-Day CVE-2023-22515

CVE-2023-22515 is a critical Confluence flaw allowing remote attackers to create admin accounts; patching is urgent to prevent exploitation.

By Leo Duntze

CVE-2023-4911 A buffer overflow in the GNU C library

The "Looney Tunables" CVE (CVE-2023-4911) in GLIBC 2.34 allows local privilege escalation via a buffer overflow in the "GLIBC_TUNABLES" variable.

By Luc Meier

General Knowledge

Encrypted Client Hello - The Price of Privacy

Encrypted Client Hello (ECH) in TLS 1.3 enhances privacy by concealing the client's destination, but raises challenges in security, compliance, and regulation.

By Jimmy Vuadens