Reports have implicated a sophisticated piece of malware known as Regin that has been in use for years. Designed to carry out long-term stealthy surveillance on would-be victims, telecom companies are believed to have been its primary targets.
Microsoft has released an out-of-band security bulletin (MS14-068) that addresses a vulnerability in various versions of Windows, stating that the vulnerability is already being used in “limited, targeted attacks”.
For many organizations, the question is no longer if they fall victim to a targeted attack, but when. In such an event, how an organization responds will determine whether it becomes a serious event or if it stays a mere annoyance.
Point-of-Sale terminals and environments are very often left insecure, making them excellent targets. Here is a look into some of the tools and methods used by PoS threat actors.
Microsoft released 16 security updates during its Patch Tuesday release for November 2014, including one for the Windows OLE Automation Array Remote Code Execution Vulnerability that affects almost all Windows versions.
A new Shellshock attack targeting SMTP servers has been discovered. Attackers used email to deliver the exploit, which downloads and executes an IRC Bot.
Zero-day exploits aren't the only exploits used in the targeted attack landscape. In the first half of 2014, we also found out that attackers still heavily target older vulnerabilities.
This Operation Pawn Storm attack scenario involves the use of phishing emails. See how one line of Javascript code could place millions of Outlook Web Access (OWA) users at risk of becoming victims of a simple, but clever phishing attack.