Authored by Anuradha M McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint.... The post Malicious PowerPoint Documents on the Rise...

Phishers take an approach to bypass security controls never seen in the country

Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.

Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.

The first half of 2021 has been incredible for Wiz. Fueled by an additional $250M in funding ($350M total) from Sequoia, Index Ventures, Insight, Salesforce, Blackstone, Advent, Greenoaks, and...

Authored by Fernando Ruiz McAfee Mobile Malware Research Team has identified malware targeting Mexico. It poses as a security banking tool or as a bank... The post Android malware distributed in...

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.

Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information...

Wiz Research found an unprecedented critical vulnerability in Azure Cosmos DB. The vulnerability gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB...

As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s...

A security researcher discovered that a secret FBI’s terrorist watchlist was accidentally exposed on the internet for three weeks between July 19 and August 9, 2021. The security researcher Bob...

Co-written by Catherine Huang, Ph.D. and Abhishek Karnik Artificial Intelligence (AI) continues to evolve and has made huge progress over the last decade. AI shapes our daily lives. Deep learning...

Written by: Lakshya Mathur Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw... The post XLSM Malware with...

At Black Hat on Wednesday, Wiz researchers disclosed a vulnerability in DNS hosting services that affects millions of corporate endpoints.

Security researchers from the threat hunting and intelligence company Group-IB have revealed that in 2020, at least two espionage groups from China targeted the Russian Federal authorities....

Stephan Borosh // The year of 2021 has presented some interesting challenges to securing Windows and Active Directory environments with new flaws that Microsoft has been slow to address. In June,...

Last November, Wiz Research mapped all the services in AWS that allow access from other accounts to see if any of them might inadvertently expose customers and discovered 3 vulnerabilities in...

Wiz CTO Ami Luttwak discusses a new class of vulnerabilities discovered by Wiz Research, which exposed valuable dynamic DNS data from millions of endpoints worldwide.

Using the Windows Remote Procedure Call (RPC) interface is an interesting concept when conssidering the fact that it allows you to call functions, over the network in a remote process. I wanted to...

Line, a popular Japanese messaging app with over 84 million monthly users, was breached resulting in the compromise of over 100 accounts belonging to Taiwanese political figures.

Line, a popular Japanese messaging app with over 84 million monthly users, was breached resulting in the compromise of over 100 accounts belonging to Taiwanese political figures.

Phew! This year’s hacker summer camp is packed with presentations from several hackers across the globe at Orange Cyberdefense. I can’t possibly go into all of the many details, but hope to give a...

Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating... The post Babuk: Biting off More than they Could...

Guess has issued a breach notification to customers that were impacted by a ransomware attack that occurred in February.

Guess has issued a breach notification to customers that were impacted by a ransomware attack that occurred in February.

In 2021 ransomware attacks have been dominant among the bigger cyber security stories. Hence, I was not surprised to see... The post Fighting new Ransomware Techniques with McAfee’s Latest...

Wi-Fi is everywhere and having a better understanding of it can fair you well! Over the years we have made various tools such as hostapd-mana to enable attacks against Wi-Fi, and then tools such...

We are excited to be presenting our Hands-on-Hacking Fundamentals (HHF) course at this year’s BlackHat USA 2021 conference. In our HHF course we explore the fundamentals required to grow your...

Here at Orange Cyberdefense, clients often ask us to test and help secure their infrastructure. We do this a lot. We test clients, we test ourselves, and we set up labs to test new ideas and...

The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and... The post An Overall Philosophy on the Use of Critical...