While exploring the security aspects of ManageEngine ADAudit Plus, I discovered a security vulnerability (CVE-2023-32783) that may have far-reaching implications for other product users. These findings indicate that ADAudit Plus contains a vulnerability allowing Windows user accounts to remain completely undetected by ADAudit Plus.

In the digital age, we've seen a steady evolution of threats, but none perhaps as chilling as the rise of deep fake voices and videos. The ability to mimic someone's voice and use it for malicious intent—from convincing others to take potentially dangerous actions, to fraudulent payments, or even opening security gaps—is a threat too severe to overlook. So, how do we safeguard ourselves in a landscape where our ears can't always be trusted? Enter the challenge response phrase or word.

I am delighted to announce the titles of my upcoming presentations for Black Hat 2023, both scheduled for August 10th. Here's a glimpse into what you can expect.

As a fellow at ICIT and co-author of the book “Securing the Nation’s Critical Infrastructures: A Guide for the 2021-2025 Administration,” I was honored to be asked to speak at the RSA Conference 2023 in San Francisco on the topic of “Digital Supply Chain Security: What Happens When an Organization's Trusted Solutions Can No Longer Be Trusted?” Many thanks to SafeBreach, who sponsored the event and for hosting the reception and book signing afterward.