Wiz CTO Ami Luttwak discusses a new class of vulnerabilities discovered by Wiz Research, which exposed valuable dynamic DNS data from millions of endpoints worldwide.

Using the Windows Remote Procedure Call (RPC) interface is an interesting concept when conssidering the fact that it allows you to call functions, over the network in a remote process. I wanted to...

Line, a popular Japanese messaging app with over 84 million monthly users, was breached resulting in the compromise of over 100 accounts belonging to Taiwanese political figures.

Line, a popular Japanese messaging app with over 84 million monthly users, was breached resulting in the compromise of over 100 accounts belonging to Taiwanese political figures.

Phew! This year’s hacker summer camp is packed with presentations from several hackers across the globe at Orange Cyberdefense. I can’t possibly go into all of the many details, but hope to give a...

Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating... The post Babuk: Biting off More than they Could...

Guess has issued a breach notification to customers that were impacted by a ransomware attack that occurred in February.

Guess has issued a breach notification to customers that were impacted by a ransomware attack that occurred in February.

In 2021 ransomware attacks have been dominant among the bigger cyber security stories. Hence, I was not surprised to see... The post Fighting new Ransomware Techniques with McAfee’s Latest...

Wi-Fi is everywhere and having a better understanding of it can fair you well! Over the years we have made various tools such as hostapd-mana to enable attacks against Wi-Fi, and then tools such...

We are excited to be presenting our Hands-on-Hacking Fundamentals (HHF) course at this year’s BlackHat USA 2021 conference. In our HHF course we explore the fundamentals required to grow your...

Here at Orange Cyberdefense, clients often ask us to test and help secure their infrastructure. We do this a lot. We test clients, we test ourselves, and we set up labs to test new ideas and...

The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and... The post An Overall Philosophy on the Use of Critical...

This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among... The post REvil Ransomware Uses DLL...

ISaGRAF Runtime stores the password in plaintext in memory and in a file which is located in the same directory with the executable file ISAGRAF.exe.

A remote attacker is able to decrypt passwords captured during a Man-in-the-Middle attack, because the affected software uses Tiny Encryption Algorithm (TEA) algorithm with fixed keys to encrypt...

An attacker with write privileges in VirtualStore folder can perform arbitrary code execution by placing ".dll" files in affected software directory, because the software loads dynamic libraries...

A remote attacker is able to read and modify captured data during a Man-in-the-Middle attack, because the affected software uses ISaGRAF eXchange Layer* protocol, which is unencrypted by design.

Some commands used by the ISaGRAF eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved...

CNA Financial customers are feeling the ripple effects of a ransomware attack that occurred earlier this year.

CNA Financial customers are feeling the ripple effects of a ransomware attack that occurred earlier this year.

This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats... The post Hancitor Making Use of Cookies to Prevent URL Scraping appeared...

This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware... The post Zloader With a New Infection Technique appeared first on McAfee Blog.

While the world continues to wait for Kaseya to issue an update to patch VSA installations against a vulnerability exploited by the REvil ransomware gang, security researchers spotted a malware...

Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the... The post New Ryuk Ransomware Sample Targets Webservers...

Kaspersky ICS CERT discovered a Denial of Service of the device through GET HTTP request to the web server of camera.

Kaspersky ICS CERT has discovered that the web service of the Robert Bosch GmbH CPP HD/MP cameras does not correctly parse the HTTP protocol. Scope Scope changed

Kaspersky ICS CERT discovered a reflected XSS in a page parameter. Scope Scope changed

Kaspersky ICS CERT discovered multiple reflected XSS in URI handlers. Scope Scope changed

Kaspersky ICS CERT has discovered missing authentication vulnerability for execution critical commands by HTTP requests.