Sextortion Scam Now With Malicious Downloader
Sextortion scams were a hit campaign last year and are continuing in 2019 with a new trick – the ...
Read MoreSextortion Scam Now With Malicious Downloader
Sextortion scams were a hit campaign last year and are continuing in 2019 with a new trick – the ...
Read MoreLatest Flash 0-Day (CVE-2018-15982) Leaves its Office Doc Friend Behind
CVE-2018-15982 is the Flash 0day that was patched by Adobe at the beginning of December. At the ...
Read MoreLiving off the LAN
When an attacker uses tools native to the operating system it is referred to as Living off the ...
Read MoreOverview of Meltdown and Spectre
You have probably heard the news of new vulnerabilities that affect most major chipsets, including ...
Read MoreSpam Masters of Extortion, Illusion and Evasion
In 2018 we saw a rise in sextortion scams in which cyber-criminals notified their victims via email ...
Read MorePatch Tuesday, January 2019
Historically January has been a relatively light month for Patch Tuesday, but those days may be ...
Read MoreSpam Masters of Extortion, Illusion and Evasion
In 2018 we saw a rise in sextortion scams in which cyber-criminals notified their victims via email ...
Read MoreKernel Buffer Overflow in Trusteer Rapport for MacOS
Trustwave recently reported a Kernel based vulnerability in a driver bundled along with IBM ...
Read MoreRise of the Webminers
About a year ago webminers began to appear on more and more websites. It was popularized by ...
Read MoreHacking Online Coupons
We all shop online. How many times, just before placing an online order, have you noticed the ...
Read MoreMicrosoft Patch Tuesday, December 2018
The last Patch Tuesday of 2018 is here and we are easing into the New Year with only 40 CVEs to ...
Read MoreMagecart - An overview and defense mechanisms
Summary This blog post offers insight into Magecart and offers advice on how to protect your ...
Read MoreScavenger: Post-Exploitation Tool for Collecting Vital Data
‘Scavenger’ - definition [noun]: a person who searches for and collects discarded items.
Read MoreTaking Advantage of AJAX for Account Enumeration
Context AJAX stands for Asynchronous JavaScript And XML. It’s a set of web development techniques ...
Read MoreSheepl : Automating People for Red and Blue Tradecraft
Whilst there is a wealth of information out there about how to build environments that can be used ...
Read MoreExploring and Modifying Android and Java Applications for Security Research
Sometimes pentesters and security researchers need to modify existing Java application but have no ...
Read MoreDecoding Hancitor Malware with Suricata and Lua
Many types of malware send and receive data via HTTP. They may either be sending updates back to ...
Read MoreModSecurity v3.0.3: What To Expect
At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number ...
Read MoreMicrosoft Patch Tuesday, November 2018
The second to last Patch Tuesday of 2018 is here with patches for 55 CVEs. This includes 11 rated ...
Read MoreDemystifying Obfuscation Used in the Thanksgiving Spam Campaign
During Thanksgiving week, we noticed this quite unusual XML-format MS Office Document file:
Read MoreHacker's Wish Come True After Infecting Visitors of Make-A-Wish Website With Cryptojacking
After coming back from a vacation, the first thing to do is catch up with what happened while you ...
Read MoreDOH! DNS Over HTTPS Poses Possible Risks to Enterprises
Introduction David Middlehurst of Trustwave SpiderLabs presented at the first ever conference ...
Read More10 Years On – A Look Back at MS08-067
It has been ten years since the release of MS08-067. Unlike many of the other incidents over the ...
Read MoreUnderground Code of Honor – Part 1 of 3
"We are all honorable men here, we do not have to give each other assurances as if we were ...
Read MoreRed Alert v2.0: Misadventures in Reversing Android Bot Malware
(Analysis by Rodel Mendrez and Lloyd Macrohon)
Read More