Exploits

Looking back at the biggest security stories and issues of 2014, how they affected users and various industries, and what we can learn from them.

A look into the threat landscape during the third quarter of 2014 reveals the loopholes and vulnerabilities in often overlooked targets such as routers and PoS systems that were used as attack vectors.

A new Shellshock attack targeting SMTP servers has been discovered. Attackers used email to deliver the exploit, which downloads and executes an IRC Bot.

A recent investigation revealed that the Sandworm zero day exploit could likely be used to target GE Intelligent Platform CIMPLICITY users. Find out what it does and how you can safeguard your systems against this emerging attack.

The term “secure” can only mean so much, especially in the case of the widely-used Secure Sockets Layer (SSL) protocol version 3.0, a 15-year old design Google found to have a major flaw that possibly affects millions of Internet users.

A new zero-day exploit that reportedly targets a military organization welcomes Patch Tuesday announcements as Microsoft announces a previously unknown vulnerability on Windows systems. (Update: Patch for "Sandworm" vulnerability has been released.)

Earlier this year, a website was compromised and used to spread online baking malware to approximately 7,000 victims in a span of two hours. This video describes how the site was compromised, the details of the attack, and the capabilities of the payloads.

There are new reports that mention incidents of botnet attacks that leveraged Shellshock against certain institutions. A botnet is a network of infected computers/systems.

Shortly after the Bash vulnerability known as Shellshock was discovered, we've seen attacks using it to deliver DDoS malware onto Linux systems. Bigger, badder attacks are to be expected. What are some of the other potential scenarios?