TANTO DOJO BLOG

CVE-2022-41343 - RCE via Phar Deserialisation

Dompdf is a popular library in PHP used for rendering PDF files from HTML. Tanto Security disclosed a vulnerability in Dompdf affecting version 2.0.0 and below. The vulnerability was patched in Dompdf v2.0.1. We recommend all Dompdf users update to the latest version as soon as possible. Exploitation of the vulnerability results in remote code execution subject to the following conditions. The application is deployed on PHP <= 7.x and a well-known RCE deserialization gadget exists in any of the applications library’s.

Is Pen Testing Dead?

Penetration testing is a critical part of the cybersecurity industry. It’s been around for a long time and pen testing fatigue is a real thing. However, there are some who feel that pen testing itself is dead. Are they right? How can we tell if penetration testing (alias include PenTesting, Pen Testing) is still relevant or not.

Why White Box?

TL; DR: The more information provided for pen testing the better the outcomes.

CORIE - Regulating for Advanced Cyber Security Services

TL; DR: This is a pilot program for Financial Institutions to standardise Threat Intel, Red Teaming, Purple Team and Gold Teaming to understand the financial industries resilience to cyber-attack.

Independence and Conflicts in Cyber Security

TL; DR: UK accounting firms are splitting their audit functions, could this be a structure applied to cyber security firms in the future.

Which Offensive Cyber Security Services Should I Use?

TL; DR: Match the type of security services you are using to the level of maturity and the types of threats that your organisation faces to ensure you meet your objectives.

Let our seasoned experts sharpen your cyber security. Call 1300 1 TANTO 82686 or send us a message.

CONTACT Let’s talk

Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.

Level 19, 15 William Street
MELBOURNE VIC
3000 AUSTRALIA

Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.

Read terms & conditions

Protected by reCAPTCHAv3

Protected by reCAPTCHAv3