Author Bio

Jerry Gamblin

Director of Security Research at Kenna Security

We’ve heard people describe Jerry as “high-caliber” and “a visionary. As the principal security engineer for Kenna Security, he directs highly technical security projects. He really dives into it here, so get your game face on.

WHAT HE REALLY DOES: Keeps the people, infrastructure, and code at Kenna secure while bringing a “blue team” perspective to our research crew.

WHY READ HIS BLOG: Jerry offers a combination of forward-thinking research and practical, implementable tools and tips to help organizations of all sizes become more secure.

ODD FACT: Keeps a collection of mechanical wristwatches from the early 1900s, so he always knows what time it is.

Read My Posts

April Vuln of the Month: The 100 Club

Two years and two months ago, we launched our Vuln of the Month series. This regular blog has offered us a chance to spotlight CVEs that warrant your attention if you happen to harbor those vulns somewhere in your infrastructure but haven’t paid much attention to them. Things change, and as all future blogs related…

March Vuln of the Month: CVE-2023-23529

If you’re a Mac shop, it’s time to put down that March Madness bracket and shift your attention toward an Apple WebKit vulnerability that’s scoring high in all the wrong ways. March’s Vuln of the Month is CVE-2023-23529, a type confusion vulnerability that, properly exploited, could result in an attacker remotely executing code on a…

February Vuln of the Month: CVE-2022-37061

It’s the post-Valentine’s Day haze! And to express our appreciation for you, we thought we’d dispense with the standard flowers-and-chocolates CVE treatment and go with something really special—a vuln so unique it glows in the dark. It’s a remote command injection vulnerability in FLIR AX8 thermal imaging cameras, which provide continuous temperature monitoring and alarming…

January Vuln of the Month: CVE-2022-44698

It’s a new year, but a familiar problem: A Windows vulnerability that has the potential to cause headaches for Microsoft shops that aren’t up to date on their patches. That’s right, it’s time for Vuln of the Month, January 2023 edition! This month we present CVE-2022-44698, a security feature bypass vulnerability in Windows SmartScreen that…

DECEMBER Vuln of the Month: CVE-2022-41128

A serious Windows vulnerability is the star of December’s Vuln of the Month. This remote code execution (RCE) scripting vuln can do a lot of damage, and it’s already being exploited. CVE-2022-41128 is a critical scripting vulnerability present in a wide range of Windows versions, from Windows 7 to current Windows 11 releases. To…

November Vuln of the Month: CVE-2022-32893

November’s Vuln of the Month spotlights our first-ever Apple platform vulnerability—one that may pose serious risks to organizations that haven’t directed users to update their iOS and MacOS versions. It’s under active attack, so this one is worth a look. CVE-2022-32893 is an out-of-bounds write vulnerability within WebKit, which is the web browser engine used…