GRIMM Cyber

Pulse Secure April Attack

Pulse Connect Secure vulnerability CVE-2021-22893 and other old vulnerabilities are being actively exploited. While GRIMM engineers were not able to obtain a device or the firmware for a full analysis, the device in question looks like a Linux-based rack-mounted server that sits inside the firewall and mediates all kinds of access for clients accessing it via a […]

Pulse Secure April Attack Read More »

Time for an upgrade

Introduction Cleaning your domain clock Sometimes we grow to like the old software we’ve become familiar with over the years, but because as users we only see the facade of an interface and functionality, we don’t know what risks may exist in something as simple as a clock. The bar is high for enterprise software:

Time for an upgrade Read More »

GET AHEAD OF THE UNKNOWN

GRIMM is pleased to announce the launch of their new Private Vulnerability Disclosure (PVD) program. This offering allows defenders to get ahead of the attack curve, instead of reacting to unknown threats, by providing previously unknown vulnerabilities. Subscribers will have access to a stream of high-impact vulnerabilities from GRIMM’s internal research team. Release timing will

GET AHEAD OF THE UNKNOWN Read More »

Patrick Miller joins GRIMM as Director of Software Security

Patrick Miller was brought into GRIMM because he has the experience to help organizations understand what they need to do to stay safe, and help them do it. As Satya Nadella, Chief Executive Officer (CEO) at Microsoft said, “every company is now a software company.” It’s not a matter of companies necessarily producing software, but

Patrick Miller joins GRIMM as Director of Software Security Read More »

Launching the GRIMM Red Team

Since GRIMM’s inception, our dedicated teams have helped build confidence in clients’ underlying security posture — largely through demonstrating the business impact of vulnerable systems during client engagements. GRIMM teams have covered functional areas in Application Security, Cyber-Physical (aka CyPhy), Tailored Software, Training, and CISO-level consulting. Many of GRIMM’s client engagements include an element of

Launching the GRIMM Red Team Read More »

DJI Privacy Analysis Validation

Given the recent controversy with DJI drones, a defense and public safety technology vendor sought to investigate the privacy implications of DJI drones within the Android DJI GO 4 application. To conduct their analysis, the vendor partnered with Synacktiv who performed an in-depth dynamic and static analysis of the application. Their analysis discovered four main causes of concern within

DJI Privacy Analysis Validation Read More »

While teleworking work/life balance are in conflict – a personal story

The corona-virus pandemic has fundamentally changed the way many people and organizations operate. While many countries have started progress towards opening up and returning to normal, companies are faced with the decision of whether or not having a remote workforce makes sense for them. Working remotely might be a normal thing for some, but with

While teleworking work/life balance are in conflict – a personal story Read More »