BLOG

RCE on PRTG Network Monitor – TEHTRIS PENTEST

RCE on PRTG Network Monitor TEHTRIS PENTEST Earlier this year, a TEHTRIS team has been mandated in order to conduct a remote pentest. The maturity level of the information system audited didn’t allow to identify any vulnerability directly exposed on the internet. TEHTRIS then decided to dig deeper into the

Read more »

Can we dream of a fully automated XDR Platform? Yes, we can!

Can we dream of a fully automated XDR Platform? Yes, we can! XDR platforms are our response to the increasing sophistication of the tools and tactics cyber attackers use, that render anti-virus programs and other traditional cybersecurity solutions helpless. XDR makes a case for a more holistic cybersecurity approach that

Read more »

Windows Type 1 Font Parsing RCE Vulnerability – Microsoft ADV200006

Windows Type 1 Font Parsing RCE Vulnerability – Microsoft ADV200006 On the 23rd of March 2020, Microsoft has released an important security advisory concerning two critical flaws allowing a remote code execution (RCE). Theses flaws exists in the way that Windows Adobe Type Manager improperly handles some specially crafted fonts.

Read more »

EDR – COVID-19

EDR – COVID-19: TEHTRIS MAKES A COMMITMENT COVID-19: TEHTRIS EDR SUPPORTS FRENCH HOSPITALS Our country and our world are shaken by the current health and economic crisis. In response to the COVID-19 coronavirus pandemic, Cedric O, Secretary of State in charge of Digital Affairs within the French government, has launched

Read more »

Why XDR platforms are becoming the smartest cybersecurity solution?

Why XDR platforms are becoming the smartest cybersecurity solution? Cybercrime is an ever-expanding risk confronting companies of all sizes in all industries. To shield themselves from the many cyberattacks they are prone to, teams must stay a stride ahead of cybercriminals by safeguarding their assets from a torrent of progressively

Read more »

What does a holistic cybersecurity strategy look like?

What does a holistic cybersecurity strategy look like? The difference between a traditional and a holistic cybersecurity approach IT and top technical products are no more responsible alone for the security of our digital assets. Cybersecurity now needs a strategy. One that involves technology, the people, and the processes. As

Read more »

Why IoT could be our greatest cybersecurity risk

Why IoT could be our greatest cybersecurity risk The Internet of Things offers us new ways to build potential value and offer it without human intervention. The seeming boon of the IoT is also its greatest risk. With over 26 billion devices projected to form part of the IoT in

Read more »

2020: The year of unknown cyber threats. Are you cyber-ready?

2020: The year of unknown cyber threats. Are you cyber-ready? Most traditional security systems and products are built to address known threats. When they see and detect something malicious, they block it. Now, to get past these products that block known threats, attackers are forced to innovate and come up

Read more »

Cyberthreat a worldwide risk? [and tips on navigating the threat]

Cyberthreat a worldwide risk? [and tips on navigating the threat] The 15th edition of the World Economic Forum’s Global Risk Report is out. Alongside recognizing the economic, environmental, geopolitical, and societal risks, the report also emphasizes on technological risks in the form of cyberattacks that face us in 2020, more

Read more »

5 Ways to make cybersecurity more efficient with automation

5 ways to make cybersecurity more efficient with automation Toward the end of 2019, the cybersecurity workforce amounted to 2.8 million professionals, while the number of trained professionals needed to close the gap was 4.07 million. This data hints at the urgent need to increase the current cybersecurity workforce by

Read more »

CVE-2020-0601 / VULNERABILITY IN THE CRYPTOAPI OF WINDOWS (CRYPT32.DLL)

CVE-2020-0601 / VULNERABILITY IN THE CRYPTOAPI OF WINDOWS (CRYPT32.DLL) Execution of a Trojan horse signed with an exploit of the CVE-2020-0601 A spoofing vulnerability has been discovered in the way the Windows cryptographic library (crypt32.dll) validates certificates composed of elliptic curves (ECC). Successful exploitation of this loophole could lead to

Read more »