We found a new wormable malware we’ve named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
Read More
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability. It’s important to note that this exploit doesn’t work on systems with updated Internet Explorer versions.
Read More
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
Read MoreThis month’s Patch Tuesday features 12 updates, with five rated as “critical” and seven as “important.” Included in the critical updates are cumulative updates for both Internet Explorer (MS15-094) and Microsoft Edge (MS15-095). These updates address bugs that could allow remote code execution if the user visits a specially crafted webpage using either browser. Adobe…
Read MoreMicrosoft has released MS15-093, an out-of-band update for all supported versions of Windows. This bulletin fixes a vulnerability in Internet Explorer (designated as CVE-2015-2502) that allowed an attacker to run arbitrary code on a user’s system if they visited a malicious site. A compromised site, spear phishing, and/or malicious ads could all be used to deliver exploits…
Read More