Breaking News

•••  All important news related to new attacks and see the solutions we can offer you  •••

08/10/2020

Remote Access Trojan: SLOTHFULMEDIA Discovered

Cyber Defense

Slothfulmedia is a dropper, which deploys two files when executed.
1. A RAT designed for C&C communication with the victim machine
2. A dropper deleter that runs once the RAT achieved persistency

Contact us for a test with Cymulate Breach and Attack Simulation and see if you are vulnerable!
06/10/2020

MosaicRegressor: UEFI Rootkit discovered

Cyber Defense

UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems.
Replacing the legacy BIOS, it is typically used to facilitate the machine's boot sequence and load the operating system, while using a feature-rich environment to do so.
At the same time, it has become the target of threat actors to carry out exceptionally persistent attacks.

One such attack has become the subject of our research, where Kaspersky found a compromised UEFI firmware image that contained a malicious implant.
This implant served as means to deploy additional malware on the victim computers, one that they haven't come across thus far.
To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild.

Contact us for a test with Cymulate Breach and Attack Simulation
05/10/2020

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Lees het originele artikel hier
Software Security

Larry Cashdollar, senior security response engineer at Akamai, has been finding CVEs since the 1990s, around when MITRE was first being established. Since then, he’s found 305 CVEs – as well as various security findings, such an IoT bricking malware called Silex, and cybercriminals targeting poorly secured Docker images.

Cashdollar shares his craziest bug finding stories, including his first flaw (CVE-1999-0765) found during his position as a UNIX Systems Administrator, which accidentally threw a wrench in a demo for a Navy Admiral on the Aegis destroyer class ship.

Beyond his own personal stories, Cashdollar shares the top pieces of advice he would impart on today’s security researchers and those hunting for vulnerabilities. Listen to more on the Threatpost podcast.

Find out how the sollutions we offer can help you to make sure your systems are safe
Load more