Patch Tuesday, May 2018
May's Patch Tuesday is here and it looks like these monthly releases have plateaued at around 70 ...
Read More'Drupalgeddon2' Recent Developments
Drupal, the popular Content Management System, (might) have seen better days. There's been a lot of ...
Read MoreAll Your Base64 Are Belong To Us – Dynamic vs. Static Analysis of Web Content
I recently encountered an interesting phishing scheme when reviewing telemetry of incidents blocked ...
Read MorePatch Tuesday, April 2018
April's Patch Tuesday didn't let up much compared to March. Overall April brings with it patches ...
Read MoreCrypter-as-a-Service Helps jRAT Fly Under The Radar
(Contributor: Dr. Fahim Abbasi and Phil Hay)
Read MorePatch Tuesday, March 2018
March is coming in like a lion with this Patch Tuesday. The release patches 73 CVEs and includes ...
Read MoreFake ASIC Renewal Spam Delivers Malware to Australian Companies
The Australian Securities and Investment Commission (ASIC) is an independent government agency that ...
Read MoreMulti-Stage Email Word Attack Without Macros
Malware authors often distribute malware through code macros in Microsoft Office documents such as ...
Read MoreAdvanced Deception with BEC Fraud Attacks
Background Business Email Compromise (BEC) email fraud, also known as "CEO Fraud" or "Whaling", has ...
Read MoreFlash Zero Day (CVE-2018-4878)
A zero day Flash exploit caught targeting South Korean users was announced by South Korea's CERT on ...
Read MoreMicrosoft Patch Tuesday, February 2018
February's Patch Tuesday is here and after the light January, it's back with patches for 50 CVEs ...
Read MoreMass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?
On July 31st , just after getting back to the office from my talk at RSA Asia 2018 about how cyber ...
Read MoreMultiple Vulnerabilities in NETGEAR Routers
Last year I discovered multiple vulnerabilities in NETGEAR products. Now that these vulnerabilities ...
Read MoreMultiple Vulnerabilities in WD MyCloud
While performing security research on personal storage I found some vulnerabilities in the WD ...
Read MoreInspecting Encrypted Network Traffic with JA3
Part of our job as security researchers is keeping up with new tools and techniques used to monitor ...
Read MoreModSecurity - News and Commercial Rules Update
Over the past few months there has been a lot going on with ModSecurity. There was libModSecurity ...
Read MoreModSecurity Version 3.0 Announcement
libModSecurity aka ModSecurity version 3.0 is out there. libModSecurity starts a new era in terms ...
Read MoreMicrosoft Patch Tuesday, January 2018
Happy 2018 everyone! January's Patch Tuesday will ease you into the new year with just 23 CVEs ...
Read MoreBrickerBot mod_plaintext Analysis
A week ago, the author of BrickerBot claimed that they retired and published their manifesto along ...
Read MoreCHM Badness Delivers a Banking Trojan
Like good old Microsoft Office Macros, Compiled HTML (CHM) Help files have been utilized by malware ...
Read MoreSneaky .BAT File Leads to Spoofed Banking Page
If you thought using BAT files was an old hat, think again. While monitoring our Secure Email ...
Read MoreMicrosoft Patch Tuesday, December 2017
Today marks the last Microsoft Patch Tuesday of 2017 and, with only 34 CVEs patched, it's one of ...
Read MoreSimplifying Password Spraying
As a penetration tester, attaining Windows domain credentials are akin to gaining the keys to the ...
Read MoreUsing Buildroot for Security Research of IoT and Other Embedded Systems
These days many vendors, like IoT vendors, use Linux running on top of ARM CPU for their embedded ...
Read MoreHelping to Secure your PostgreSQL Database
When big high-tech companies like Apple, Red Hat and Cisco use PostgreSQL in their data ...
Read MoreMicrosoft Patch Tuesday, November 2017
It's that time of the month again for Microsoft updates. November's Patch Tuesday brings with it ...
Read MoreDenial of Service Vulnerability in Brother Printers
A vulnerability in the web front-end of Brother printers (called Debut) allows an attacker to ...
Read MoreThe Complexity amidst Simplicity: Exploiting the MS Office DDE Feature
Albert Einstein once said, "Out of Complexity, Find Simplicity" but it also seems that simplicity ...
Read More