VerSprite Shares Cybersecurity News & Security Research VerSprite Shares Cybersecurity News & Security Research

VerSprite Security Resources

Threat Models as Blueprints for Security Offense & Defense

25 July 2019

Modeling for threats forces an adversarial lens for security operations team members. Via evidence backed attack simulations, security operations centers (SOC) can define a blueprint for defense that factors in motives, related attack patterns, and realistic targets.

Read more

arrow right
avatart

posted by Cate McMahan


California Act Establishes 5 Fundamental Data Privacy Rights

18 July 2019

The ground-breaking California Consumer Privacy Act goes into effect on January 1, 2020. The bill was drafted and signed in the space of one week, which shows how important the lawmakers of the tech-forward state deemed the need to get in on the table.

Read more

arrow right
avatart

posted by Charles Gallo


Understanding Google Cloud Platform (GCP) Concepts

18 July 2019

In previous posts, we have covered security around Azure and AWS cloud solutions and now it’s time to look at the third big contestant, Google Cloud Platform.

Read more

arrow right
avatart

posted by Esteban Mendoza


Managing Cloud Security Risk: Where Do You Start?

15 July 2019

Use of public cloud infrastructure is now commonplace with nearly $60 billion spent annually. Of course, there are good reasons for this as Infrastructure and Platform as a Service provide several advantages over traditional in-house hosting. VerSprite shares key principles that will help you manage your cloud security risk.

Read more

arrow right
avatart

posted by Greg Mosher


Waves Maxx Audio DLL Side-Loading LPE via Windows Registry

15 July 2019

When performing vulnerability research, it is essential to make sure that all attack vectors concerning exploitation are exhausted. One avenue of exploitation comes from the Windows registry.

Read more

arrow right
avatart

posted by Robert Hawes


Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

10 July 2019

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

Read more

arrow right
avatart

posted by Jason Bell


6 Ways to Strengthen Security Posture

2 July 2019

This guide offers a perspective gained from research and experience into incidents and their causes. Nothing will stop all cyber incidents, but attention to these areas can reduce the chances of a successful attack.

Read more

arrow right
avatart

posted by Ray Strubinger


Waves MaxxAudio

1 July 2019

WavesSysSvc in Waves MAXXAudio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0.

Read more

arrow right
avatart

posted by Robert Hawes


OH The POSsibilities: Point of Sale System Security

25 June 2019

Any time you swipe a card to make a purchase or utilize a self-checkout kiosk, a Point-Of-Sale system is responsible for handling the intricacies of your transaction in the background.

Read more

arrow right
avatart

posted by Fabius Watson


Airmail 3 Android Mobile Security Attack Surface Continuous Integration & Continuous Delivery (CI/CD) Control Frameworks Cybersecurity Data Encryption Data Security Breach Digital Footprint Enterprise Data Security Exploitation of Vulnerabilities Exploit Development Frida Engage General Data Protection Regulation Global Threats Google Security InfoSec JavaScript JEA Just-Enough-Administration MacOS Malware Protection & Detection Man-in-The-Middle (MiTM) Attacks Multi-Factor Authentication Password Management PCI DSS Compliance Phishing Point-of-Sale Security Privacy Risk Python Remote Attack Reputational Risk Reverse Engineering Risk Analysis Security Awareness Training Security Controls Security Vulnerabilities Social Engineering Statistical Findings & Security Metrics Threat Modeling TLS Encryption Transport Layer Security (TLS) Vendor Risk Web App Security Windows Vulnerabilities XPC Services API

We are an international squad of professionals working as one.

logos