The vulnerabilities could allow attackers to remotely compromise hosts, cause denial-of-service conditions or elevate their privileges

Israeli authorities have warned of possible attacks on SCADA systems of wastewater treatment, water pumping and sewerage facilities

The attackers use PoetRAT, a new RAT Trojan distributed via Microsoft Word documents

On the 27th of April 2020 SensePost created a CTF challenge (https://challenge.sensepost.com) for the public. The names of those who managed to capture flags would be placed in a draw for a seat...

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.

This section presents an overview of threats related to ransomware activity against municipal institutions, industrial enterprises and critical infrastructure facilities.

Overview of APT attacks on industrial enterprises information on which was published in 2019.

The analysis of vulnerabilities was performed based on vendor advisories, publicly available information from open vulnerability databases (US ICS-CERT, CVE, Siemens Product CERT), as well as the...

Malicious objects were blocked on 46.6% and ransomware on 1.0% of ICS computers. Kaspersky ICS CERT identified 103 vulnerabilities in industrial systems, IIoT/IoT systems, and other types of solutions.

I’ve been spending some time building new content for our Introduction to Red Teaming course, which has been great for diving into AV/EDR bypass techniques again. In this blog post, I will...

In my previous blog post I dug into a general overview of the KASAN implementation in XNU. This post goes more in depth in detecting kernel uninitialized information leaks using it (no 0days...

Siemens industrial solutions are affected by SegmentSmack and FragmentSmack vulnerabilities, which could lead to device denial of service

In new ransomware attacks, victims face the choice between paying the ransom and seeing their sensitive data published by the attackers

If exploited, the vulnerabilities could lead to arbitrary code execution, file manipulations, denial of service and the creation of an admin account

Authored by: Sang Ryol Ryu and Chanung Pak McAfee Mobile Research team has found another variant of MalBus on an... The post MalBus Actor Changed Market from Google Play to ONE Store appeared...

In order to learn about serverless architecture, I experimented with implementing a quick proof of concept crash triaging tool using AWS Lambda Functions. There are many benefits of serverless...

On 2020-04-08, a campaign was reported, involving an unknown actor, gaining initial access via , targeting Kubernetes to achieve Resource hijacking.

While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we... The post Transitioning to a Mass Remote Workforce – We Must Verify Before...

Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of... The post COVID-19 Threat Update – now includes Blood for Sale appeared first...

In the past month, 10 more hospitals have fallen victim to Ryuk attacks in the US

Recently Apple patched a vulnerability (CVE-2020-3919) in IOHIDFamily in their security update 10.15.4 which may allow a malicious application to execute arbitrary code with kernel privileges. It...

Introduction Recently, I encountered a fully password-less environment. Every employee in this company had their own smart card that they used to login into their computers, emails, internal...

We found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently named this operation WildPressure.

LibVNC client code contains heap buffer overflow vulnerability in commit prior to 6073771eed1caf72f196e410182471e0dfd32149. This could possible result into remote code execution. This attack...

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of...

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code...

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability...

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception,...

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing...

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server version 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1...