You’re invited! Join us for a live walkthrough of the “Follina” story…

Credit to Author: Paul Ducklin| Date: Mon, 13 Jun 2022 16:28:17 +0000

On Thursday this week (16 June 2022 at 15:00 UK time), we’re holding a free webinar in which we’ll give you a live explanation and demonstration of the “Follina” vulnerability.

Although this bug is fairly easy to deal with (a simple registry change rolled out via Group Policy will largely immunise your network from attack), it nevertheless tells a fascinating story.

Follina, or CVE-2022-30190 if you prefer to keep things official, is an intriguing example of how cybercriminals figured out how to combine a “feature” that no one really wanted with a “feature” that no one really needed…

…to create a sneaky attack trick that no one expected.

In simple terms, FEATURE + FEATURE = BUG!?

What you will learn

If you’re hoping for PowerPoint slides and bullet points, followed by a product pitch, then this talk isn’t for you.

But if you like to watch technically-oriented demos that don’t require you to be a technical expert yourself, we think you’ll enjoy yourself.

We’ll show you:

  • How and why the bug works.
  • How to investigate security holes like this one safely.
  • How it could catch your users out.
  • How to protect yourself and your network.

We’ll also take a look at other “features” in Windows that could lead to similar problems, and what to do about those, too.

We’ll keep the jargon to a minimum, so you don’t need to be a sysadmin or a SecOps coder to attend…

…but if you are, you’ll still learn tons of tips and techniques for tracking down technological trouble.

As one of our readers said, after looking in the Windows registry to see how many Follina-like problems might still be lurking in the shadows:

Yuck, I just went into the registry to see what other ‘undocumented features’ are in HKEY_CLASSES_ROOT. What did I find? Job security.

The demo will take approximately 30 minutes, followed by 10 minutes of official Q&A time, after which we’ll be staying online informally for anyone who has further questions on this or any related topics.

Sign up now! (Email address required for registration.)

Date:  Thursday 2022-06-16

Time:  3pm UK time (10:00 EDT, 14:00 UTC, 15:00 BST, 16:00 CEST)

Length:  30 mins + 10 mins Q&A + informal session after that


http://feeds.feedburner.com/NakedSecurity

Leave a Reply