Problems with hardcoded credentials are hitting consumer IoT devices, industrial SCADA devices, and even critical infrastructure. Despite the appeal on source code and firmware audition, this type of vulnerability recurs and threatens users’ privacy and data security.Read More
Senior Threat Researcher
- Senior engineer of Smart Protection Network. Linguist.
The dissection of the data from the Hacking Team leak has yielded another critical discovery: Hacking Team uses a UEFI BIOS rootkit to keep their Remote Control System (RCS) agent installed in their targets’ systems. This means that even if the user formats the hard disk, reinstalls the OS, and even buys a new hard…Read More
Compromised websites are part of many attacks online. They can be used to host a variety of threats, ranging from simple spam pages, to redirection pages, to actual malicious files. We recently came across a case that highlighted the scale of this threat. A backdoor (detected as BKDR_FIDOBOT.A), was being used to brute-force many WordPress…Read More