Cyberis Blog
Reassuringly clear thinking.
- Penetration testing
- Tools and techniques
Common AI Implementation Mistakes to Avoid Part 2
The use of AI in internal and external applications is rapidly being deployed across all sectors, often handling vast arrays of data from across an organisation. Whilst this offers exciting new capabilities, it also widens the potential attack surface of a company’s infrastructure. AI infrastructure can accidentally expose sensitive data to unauthenticated users if datasets are not properly configured.
- Penetration testing
- Tools and techniques
Common AI Implementation Mistakes to Avoid Part 1
The use of AI in internal and external applications is rapidly being deployed across all sectors. Whilst this offers exciting new capabilities, it also widens the potential attack surface of a company’s infrastructure. AI chatbots can accidentally expose sensitive data if permissions aren’t properly configured.
- News
- Penetration testing
- Red teaming
- Research
- Tools and techniques
One Identity Secure Password Extension Privilege Escalation (CVE-2025-27582)
Cyberis has discovered a local privilege escalation (LPE) vulnerability - CVE-2025-27582 - in One Identity Secure Password Extension x64 v5.14.3.1, a component of One Identity Password Manager. By abusing the Password Self-Service feature available on the Windows lock screen, an attacker can bypass security restrictions, launch a SYSTEM-privileged print dialog, and ultimately gain a SYSTEM shell. This vulnerability requires only local access and is trivially exploitable in environments where this software is deployed. An attacker can escalate to SYSTEM directly from the logon screen—without requiring valid credentials.
- Detect and respond
- Red teaming
- Research
Microsoft Bookings – Facilitating Impersonation
Microsoft Bookings introduces a significant security risk by allowing end users to create fully functional Entra accounts without administrative oversight. These accounts, tied to shared Booking pages, can be exploited for impersonation, phishing, and email hijacking. Attackers could leverage this functionality to bypass security measures, gain unauthorised access to sensitive resources, and facilitate lateral movement within an organisation. Our blog explores these weaknesses in detail and provides recommendations for detection and mitigation.
- Tools and techniques
Exploiting KeePass CVE-2023-32784
KeePass is a popular open-source password manager which allows users to securely store and manage their passwords in an encrypted database. On May 10 2023 a high risk vulnerability was discovered. This vulnerability allows an attacker with access to the system where KeePass is running to exploit the flaw by analysing a memory dump to extract the master password to the database. The memory dump containing the password can include KeePass process dump, RAM dump of the entire system, hibernation files, or swap files. In this article we will extract the password from KeePass process dump.
- Penetration testing
- Tools and techniques
CUPS Security Flaws
On 23rd September 2024, a zero-day vulnerability was highlighted by security researcher Simone Margaritelli in the Linux CUPS printing system, which gained widespread attention due to the unofficial CVSS severity rating of 9.9 allocated to it. Following the ever-growing attention and comparisons to catastrophic global security incidents such as Heartbleed and Log4J, further details emerged on the vulnerability, and the overall risk was found to be lower than first expected. However, the impact of a successful exploit is still agreed to be significant.
- Cyber Essentials
Cyber Essentials Charity Month 2024
During Charity Awareness Month this year, IASME and participating partners are offering a reduction of £75 to all qualified participants. If assessed through Cyberis, qualified participants will also receive a discount towards Cyber Essentials Plus assessments. This will allow an organisation to gain further insight into their security posture and assess if they are correctly following IASME's pillars of security.
- News
CrowdStrike / Windows Outage
There are reports that an update to CrowdStrike Falcon Sensor, relating to a faulty channel file, on Windows machines caused these systems to crash with a BSOD and then enter a boot loop, preventing the systems from operating normally.
Improve your security
Our experienced team will identify and address your most critical information security concerns.