Vulnerabilities & Exploits

Exploit kits have been around since 2006, and have been continuously evolving to take advantage of vulnerabilities found on popular software. This research paper discusses what exploit kits are, how they work, and how they evolved over time.

We noticed a problematic pattern developing: the increasing use of exploit kits in malvertising. Zero-day exploits are now deployed in malicious ads, instead of first being used in targeted attacks against enterprises and other organizations.

An old flaw that affects TLS/SSL, an authentication protocol used by countless websites and browsers has been discovered that allows cybercriminals to decrypt sensitive information from secure sites.

Recently, a security researcher disclosed that Seagate’s Network Attached Storage (NAS) unpatched vulnerabilities leaves thousands at risk. Find out what you can do to secure your NAS devices in order to avoid likely attacks.

Is it better to focus on defending against attacks that exploit old or new vulnerabilities? It doesn't matter. You can cover both with an IT staff that's both agile and proactive.

A new vulnerability was recently found in Samba, the Windows interoperability suite of programs for Linux and Unix. The vulnerability, once successfully exploited, could result in remote code execution, which may possibly compromise a server’s security.

Microsoft has enabled a new exploit mitigation mechanism in Windows 10 and 8.1 called Control Flow Guard that makes vulnerabilities more difficult to exploit. This paper takes an in-depth look at its implementation and weaknesses.

In a thorough investigation of gas pumps that use the Guardian aboveground storage tanks (AST) monitoring system in the United States, threat researchers Kyle Wilhoit and Stephen Hilt found one particular unit that has been tampered with.

2014 Annual Security Roundup: 2014 was the year of mega breaches, hard-to-patch vulnerabilities, and thriving cybercriminal underground economies.