In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...

Part 2 of the Improving Your Security-Efficiency Balance Series: One of the primary challenges organizations wrestle with in identity governance is how to achieve the right balance in their company between security and efficiency. In Part 1 of the Improving Your Security-Efficiency Balance Series, we examined the unique balancing act organizations face when it comes to user access. In this blog...

Find out how Security Information and Event Management (SIEM) solutions can streamline security and prevent alert fatigue.

When it comes to privileged users, do we maintain security at the cost of productivity, or do we increase productivity at the cost of security?

Read on to learn about the different types of cloud environments, and the biggest security obstacle each presents.

The agreement that cloud security is a shared responsibility between cloud providers and cloud users has now firmly taken hold. How those responsibilities shake out, however, is an ongoing conversation.

Organizations of all sizes can benefit from capturing, logging, and responding to security events in real time, but one important operating system is often overlooked: IBM i.

The latest Verizon Data Breach Report provides a deeper understanding of the internal threats today's organizations face.