Security Intelligence Blog

A recap of Kevin Mandia’s “State of the Hack: One Year after the APT1 Report” keynote at RSA 2014 and “Hacking Exposed: PLA Edition” talk by Dmitri Alperovitch and George Kurtz.

More than half of web servers on the internet use OpenSSL to safeguard data and user accounts. Versions 1.0.1 through 1.0.1f are vulnerable to an exploit that may expose user credentials, credit card data, sensitive documents and the server’s certificate itself. Explanation of what the vulnerability is, how it manifests itself and how you can protect yourself from being compromised.

IE 10 Enhanced Protected Mode (EPM) sandbox research that was presented at Hack in the Box 2013 and the Black Hat Asia 2014 security conferences. Summary of findings and discussion of the most important points and related resources to find out more about the subject.

In this post, we will describe an unpatched vulnerability (CVE-2014-0900) in earlier releases of Android and how it can be exploited by malicious and lazy users to bypass MDM restrictions.

SQL injection and cross-site scripting are the most prevalent Web application vulnerabilities and have been for many years. We know how to avoid introducing these code flaws into our applications. Here are five easy steps to get closer to eliminating common Web vulnerabilities.

We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to leak sensitive information pertaining to the user profile. We developed attacks that first try to determine the random Firefox profile directory name and then exfiltrate sensitive data, such as cookies and cached information, from the derandomized folder, breaking Android’s sandbox.

If you’re using Internet Explorer in immersive mode on Windows 8/8.1 to browse Internet web sites, under the hood, your browser will be running inside the Enhanced Protected Mode sandbox. Enhanced Protected Mode (EPM) is the sandboxing mechanism in IE that attempts to prevent a successful remote exploit from installing persistent malware and from stealing personal/sensitive information.

Mikko Hypponen’s “Government as Malware Authors” version at TrustyCon. There is a value for security professionals, researchers and leaders in the community to revive the keynotes and continue the discussion.

A in-depth look at how to analyze OBAD manually and discover the device administrator vulnerability that makes it hide and prevent uninstallation. See also how to avoid ANR timeouts.

Return Oriented Programming (ROP) is the general case of a technique often used when exploiting security vulnerabilities caused by memory corruption issues. ROP has become a more frequently used technique in the exploitation of memory corruption vulnerabilities.