July proves to be pretty busy for both software vendors and security researchers as various zero-day vulnerabilities were reported. In this month’s patch Tuesday, Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak. The said vulnerability, covered in MS15-065 and rated as ‘critical’, could allow attackers…
Read MoreBest practices are failing. No matter how good you are at sticking to them, they can no longer guarantee your safety against the simplest threats we saw last quarter. Malicious advertisements are in the sites you frequent, data-leaking apps come preinstalled in your gadgets, and data-encrypting malware run silently in your office networks. Even the…
Read MorephpMoAdmin (short for PHP MongoDB administration tool) is a free and open source MongoDB GUI tool. phpMoAdmin is written in PHP and is a popular administration tool to manage the noSQL database MongoDB. A zero-day remote code execution vulnerability was seen in phpMoAdmin which allows an attacker to execute arbitrary code without requiring any authentication. The…
Read MoreMuch has been reported about the recent discovery of a cyber-espionage campaign that was launched by a group known as the “Sandworm Team.” At the very heart of this incident—a zero-day vulnerability affecting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. In our analysis, the vulnerability may allow attackers to execute…
Read MoreIn our efforts around addressing targeted attacks, we often work with IT administrators from different companies in dealing with threats against their network. During these collaborations, we’ve recognized certain misconceptions that IT administrators — or perhaps enterprises in general — have in terms of targeted attacks. I will cover some of them in this entry, and…
Read More