The new Vulnerability and Threat Trends Report released today by the Skybox Research Lab includes security analyst research of the vulnerabilities, exploits and threats that are shaping the threat landscape. The report outlines the top six vulnerabilities to follow in 2018 amid the 14,000 new vulnerabilities catalogued by MITRE’s National Vulnerability Database the previous year. [...]
Need a new search?
If you didn't find what you were looking for, try a new search!
A Microsoft Office vulnerability first discovered in July 2017 has been exploited by Formbook malware
A weaponized Excel file titled “Kuwait Oil Company Business Profile” breathes new life into an old vulnerability, raising concern for unsuspecting OT networks
A Sophos survey shed light on the state of ransomware in India. It revealed that 67 percent of Indian respondents reported being hit by ransomware in the last year. Due to a number of factors, it’s likely Indian business will see an increase in cyberattacks in the near future. SamSam ransomware could be one of [...]
Cryptominers have surpassed ransomware as the cybercriminal’s tool-of-choice in the first half of 2018. That’s according to the mid-year update to the Vulnerability and Threat Trends Report. The report is compiled by the Skybox Research Lab and includes security analyst research of the vulnerabilities, exploits and threats that are shaping the threat landscape. It explores trends observed [...]
The last few years have seen ransomware attacks capture global headlines for the widespread and brazen tactics used to install and hold victim's data hostage. As recently as March of 2018, WannaCry reared its head again at a US-based Boeing manufacturing plant, and SamSam striking the city of Atlanta, one of the country’s largest municipalities. [...]
Cryptominers have become their own class of malware, growing in popularity as a low-risk, high-reward way for cybercriminals to make an easy crypto-buck. In this post, we’ll look at the members of the cryptomining malware family and their techniques. Browser-Based Cryptomining Software CoinHive, Crypto-Loot and JSEcoin allow website owners to legitimately monetize website traffic. Favoring [...]
If 2017 was the year of high-profile data breaches and ransomware attacks, 2018 seems to be the year of cryptocurrency-related malware. Cryptominers managed to impact 23 percent of organizations globally. Cryptomining is relatively new, and not all of it is purely malicious. Some cryptominers are considered to be legitimate techniques to gain cryptocurrency, akin to [...]
A high–profile Apple vulnerability in High Sierra allows anyone to login as root without providing any password. Apple has released an update to address the flaw in it’s MacOS X 10.13; if you’re unable to update, set a root password for devices running the operating system. The vulnerability is trivial to exploit. Simply enter the [...]
A recent article by Taylor Armerding of CSO Online explores the current state of the Common Vulnerabilities and Exposures (CVE) program managed by MITRE (read about the origins of CVE and MITRE here). He expands on the creeping belief that the CVE, the old–guard vulnerability “dictionary,” is falling behind and leaving security teams and technologies [...]