Collaborate Disseminate
It has been ten years since the release of MS08-067. Unlike many of the other incidents over the years, this vulnerability has developed a celebrity life of its own (even including pillow shams!). It has a warm place in the…
Continue reading 10 Years On – A Look Back at MS08-067
“Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done.” Robin S. Sharma The last time we visited the cybercriminal underground, we introduced…
Continue reading The Underground Job Market
October’s Patch Tuesday is here and with it come patches for 49 CVEs and a “Defense in Depth” Advisory for Microsoft Office. Among the patches 12 are rated “Critical,” 34 are rated “Important,” two rated “Moderate,” and one rated as…
Continue reading Microsoft Patch Tuesday, October 2018
Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to access remote resources, or you are using a network you don’t fully trust, for example, a coffee shop or an airport. In the recent years,…
Continue reading Credential Leak Flaws in Windows PureVPN Client
Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to access remote resources, or you are using a network you don’t fully trust, for example, a coffee shop or an airport. In the recent years,…
Continue reading Credential Leak Flaws in Windows PureVPN Client
Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot SecureAnywhere solution. The issues root cause is an arbitrary user-supplied pointer being read from and potentially written too. As such, the issue arms an a… Continue reading CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption
September’s Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for multiple Denial of Service vulnerabilities in Windows and one for the ever present Remote Code Execution (RCE) vulnerabilities in Adobe Flash. Across the…
Continue reading Patch Tuesday, September 2018
We are seeing more reports from organizations being targeted by what could be called an ‘altered invoice scam’. This type of scam is not new but has gained more prominence lately. The basic outline of the scam looks something like…
Continue reading Stealing Money by Asking for It: Business Email Compromise via Altered Invoices
Background Business Email Compromise (BEC) email fraud, also known as “CEO Fraud” or “Whaling”, has become a major financial cyber threat, affecting businesses of all sizes globally. In such attacks a fraudster impersonates an executive of an organizat… Continue reading Advanced Deception with BEC Fraud Attacks
Background Business Email Compromise (BEC) email fraud, also known as “CEO Fraud” or “Whaling”, has become a major financial cyber threat, affecting businesses of all sizes globally. In such attacks a fraudster impersonates an executive of an organizat… Continue reading Advanced Deception with BEC Fraud Attacks