As CISOs and other security professionals prepare to slam the door on 2018, the question, unfortunately, must be asked: what does 2019 likely have in store for organizations when it comes to cyberattacks? Trend #1: a rise in ‘cryptojacking’ and the infection of crypto-miners Sometimes called “cryptojacking,” we unfortunately predict a continued rise in infection…
There was a time when the organizations that got rocked by a zero day attack garnered great amounts of sympathy. After all, how could an organization be expected to deal with the rare occurrence of an unknown threat? That time has come, and it has very much gone, however. Zero day attacks are now common,…
CSV Formula injections have been known for a while now, with many security solutions handling these kinds of attacks. The most common way of dealing with this threat is by applying a regex rule to detect the specific pattern used by Excel in its formulas, the most famous tool (and open-source) is MSODDE of oletools.As…
A new 0day vulnerability has been found in Adobe Flash and utilized in a malicious campaign by embedding it within an Office document (via ActiveX). The vulnerability is quite extensive and exploiting it shows great skill and ability. The attack followed a simple infection vector: RAR file with Office document -> Office document with embedded…
With IT developing at such a breakneck pace, it almost seems unbelievable that a technology from 26 years ago could be posing a cybersecurity threat. But CISOs and other security professionals know it’s all too believable, with yet another unpatched vulnerability, unnecessary protocol or outdated technology from decades ago causing major problems. This is precisely…
With IT developing at such a breakneck pace, it almost seems unbelievable that a technology from 26 years ago could be posing a cybersecurity threat. But CISOs and other security professionals know it’s all too believable, with yet another unpatched vulnerability, unnecessary protocol or outdated technology from decades ago causing major problems. This is precisely…
Threat Analysts Michael Villanueva and Toshiyuki Iwata of Trend Micro recently announced that they have uncovered an ITW campaign leveraging the “Online Video” vulnerability we’ve discovered and published last February and which was featured on Bleeping Computer. The campaign takes advantage of a Proof-Of-Concept that was released last October, which embedded a base64-encoded blob into the Online…
An unknown or zero-day exploit is, by its very nature, mysterious. However, thanks to new research, what is now crystal clear is exactly how big a risk these attacks pose to organizations and how badly traditional security measures are failing in the face of them. The Ponemon Institute’s 2018 State of Endpoint Security Risk surveyed…
It’s a simple matter of facts. Zero-day malware has proven to bypass even the most advanced detection mechanisms on the market. That alone should illustrate how defenseless organizations are when trying to protect themselves against one of the most sophisticated threats by using irrelevant tools. Perhaps this mindset is what helped lead us to the…