Vulnerabilities and exploits – Page 23

Blackhat USA 2016

Posted on August 5, 2016 by Kurt Baumgartner

This year’s Blackhat USA briefings were held at the spacious Mandalay Bay, bringing speakers from all over the world to deliver mostly technical cyber-security talks. A number of our researchers were there attending talks and participating in the parallel IOActive and… Read Full Article Continue reading Blackhat USA 2016→

Operation Daybreak

Posted on June 17, 2016 by Costin Raiu

Kaspersky Lab discovers CVE-2016-4171 used in limited targeted attacks to compromise high profile victims. Continue reading Operation Daybreak→

CVE-2015-2545: overview of current threats

Posted on May 25, 2016 by GReAT

Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability. Continue reading CVE-2015-2545: overview of current threats→

Results of PoC Publishing

Posted on May 11, 2016 by Victor Chebyshev

Malware writers have learnt to upload malware apps onto Android devices of unsuspecting users by using JavaScript. Publically available remote-code-execution vulnerability use cases written by antivirus software experts were used as a handy manual by malware writers. Continue reading Results of PoC Publishing→

IT threat evolution in Q1 2016

Posted on May 5, 2016 by Alexander Gostev

2016 has only just got underway, but the first three months have already seen the same amount of cybersecurity events that just a few years ago would have seemed normal for a whole year. The main underlying trends remained the same, while there was significant growth in trends related to traditional cybercrime, especially mobile threats and global ransomware epidemics. Continue reading IT threat evolution in Q1 2016→

Contributing to the Annual DBIR

Posted on April 27, 2016 by GReAT

Our contributions on targeted attack activity and other areas to a report like this one over the past several years is important to help to improve cyber-security awareness and education both in the security industry and the general public. Continue reading Contributing to the Annual DBIR→

Freezer Paper around Free Meat

Posted on April 27, 2016 by GReAT

Instead of developing customized hacking tools or buying them from third-party suppliers on the criminal underground, cyberespionage threat actors are using tools available on the web for research purposes. Several cyberespionage campaigns utilizing such tools have been spotted recently by experts. Continue reading Freezer Paper around Free Meat→

Thank you, CanSecWest16!

Posted on March 21, 2016 by Juan Andrés Guerrero-Saade

This year, we had the absolute pleasure of being a part of CanSecWest’s fantastic lineup of talks, well-rewarded pwnage, and entertainment among a jovial crowd of infosec practitioners of every stripe. Continue reading Thank you, CanSecWest16!→

Microsoft Security Updates March 2016

Posted on March 9, 2016 by Kurt Baumgartner

Microsoft releases thirteen bulletins this month, patching a total of 44 vulnerabilities. More than half of the critical vulnerabilities fixed this month support the web browsers, Internet Explorer and Microsoft Edge. Vulnerabilities rated critical also exist in Opentype font parsing kernel components, Windows Media Player, and the Windows PDF library. Continue reading Microsoft Security Updates March 2016→