Antivirus

WDigest credential harvesting

WDigest, a legacy authentication protocol that is still in use on many corporate networks, presents opportunities for attackers to acquire passwords. Its abuse essentially nullifies…

Read more

POTASSIUM APT10 campaigns

POTASSIUM, the activity group also known as APT 10, Stone Panda, Cloud Hopper, Red Apollo, or menuPass, has been reported to be responsible for global…

Read more

WannaCrypt

WannaCrypt (also known as WannaCry) began propagating May 12, 2017 07:44 UTC, installing ransomware to computers affected by CVE-2017-0145, a vulnerability present in version 1 of…

Read more

BARIUM targets gaming supply chains

Enterprise security personnel often assume that legitimate software products are inherently trustworthy. If an attacker takes over a legitimate app or service, they gain a…

Read more

ShadowHammer supply chain attack

The software supply chain continues to be a popular channel for launching attacks. Publicly available reports indicate that attackers have reached a large number of devices through…

Read more

WinRAR CVE-2018-20250 exploit

On February 20, 2019, researchers from Check Point Software Technologies revealed a flaw in WinRAR, a popular third-party compression app. The flaw (CVE-2018-20250) had existed…

Read more

May 2019 0-day disclosures

Starting Tuesday, May 21, a security researcher publicly disclosed multiple elevation-of-privilege vulnerabilities by posting proof-of-concept code on GitHub. Successful exploitation of these vulnerabilities requires an…

Read more