In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys Read Full Article
If someone steals your phone number, you’ll face a lot of problems, especially because most of our modern two-factor authentication systems are based on SMSs that can be intercepted using this technique. Read Full Article
From the famous Cardingplanet forum to Darknet stolen card stores – financial cybercrime schemes were not dead at all during all these years. They have evolved and become more dangerous than ever. Read Full Article
There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that was reported in the wild years ago – the UTF-8 BOM (Byte Order Mark) additional bytes. Read Full Article
In early March 2019, a number of malicious files detected by our products caught the eye. Although similar to AZORult stealer already known to us, unlike the original malware, they were written not in Delphi, but in C++. Read Full Article
I have given a step-by-step guide on the analysis of embedded firmware, finding vulnerabilities and exploiting them to acquire a firmware dump and to carry out code execution on a USB device. Read Full Article
In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. Read Full Article
Predator is a data stealer developed by Russian-speaking individuals. It’s being sold cheaply on Russian forums and has been detected many times in the wild. Read Full Article
Cybercriminals are always coming up with new kinds of fraud. In this particular case, they employed a method for delivering malicious content through torrent trackers to install adware on user computers. Read Full Article
Like other IoT devices, the prosthetic arm sends statistics to the cloud, such as movement amplitudes, the arm’s positions, etc. And just like other IoT devices, this valuable invention must be checked for vulnerabilities. In our research, we focused on those attack vectors that can be implemented without the arm owner’s knowledge. Read Full Article