Exploit - Security Intelligence

Man using a laptop in public that is vulnerable to the WinRAR bug

news

Researchers Uncover Highly Exploitable WinRAR Bug That Puts 500 Million Users at Risk

More than 100 unique exploits of a WinRAR bug have been identified since security researchers discovered a 19-year-old vulnerability in the file compression system.

March 19, 2019 | By Shane Schick

news

Woman working on a computer in the office: gandcrab

news

Malvertising Campaign Delivers Vidar Information Stealer and GandCrab Ransomware

Researchers have spotted a malvertising campaign that is delivering two payloads to victims: the Vidar information stealer and GandCrab ransomware.

January 8, 2019 | By David Bisson

news

A cryptocurrency mining rig: crypto-mining malware

news

NRSMiner Crypto-Mining Malware Infects Asian Devices With the Help of EternalBlue Exploit

Security researchers report that the newest version of NRSMiner crypto-mining malware is causing problems for companies that haven't patched the EternalBlue exploit.

January 8, 2019 | By Douglas Bonderud

news

Man using a digital tablet to control IoT devices at home: mirai malware

news

New Variant of Mirai Malware Exploits Weak IoT Device Passwords to Conduct Brute-Force Attacks

Security researchers discovered a new variant of Mirai malware known as Miori that is targeting internet of things (IoT) devices to integrate into a larger botnet.

January 2, 2019 | By Shane Schick

news

Woman using her IoT device at home: hide 'n seek botnet

news

Hide ‘N Seek Botnet Continues to Grow by Infecting IoT Devices Using Default Credentials

Avast security analysts reported that the Hide 'N Seek botnet continues to grow by infecting vulnerable Internet of Things (IoT) devices still using their default passwords.

December 14, 2018 | By David Bisson

news

Website administrators collaborating in a modern office: WordPress exploit

news

WordPress Exploit in GDPR Plugin Puts 100,000 Websites at Risk

Researchers discovered a WordPress Exploit in a plugin designed to help site owners comply with the GDPR that enables attackers to take control of admin accounts.

November 20, 2018 | By Shane Schick

news

Illustration representing a targeted phishing email: KeyBoy

news

KeyBoy Attacker Group Uses Publicly Available Exploit Code to Deliver Malware

The KeyBoy attacker group recently used known exploit code for two Microsoft security flaws to infect machines with TSSL and Titan Android malware, according to AlienVault.

October 16, 2018 | By David Bisson

news

news

The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities

Security researcher Ed Foudil proposed adding a security.txt to every website to standardize the process of reporting vulnerabilities.

September 19, 2017 | By Douglas Bonderud

news

article

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

IBM X-Force reported a downward trend in publicly available exploit code, but security teams must still prioritize vulnerability and patch management.

September 14, 2017 | By Lyndon Sutherland

article

A businessman checking his email inbox while on the phone.

news

ROPEMAKER Exploit Could Allow Fraudsters to Alter Emails Post-Delivery

A new vulnerability called ROPEMAKER could enable threat actors to replace a benign URL with a malicious one after an email has already been sent.

August 24, 2017 | By Shane Schick

news

GlitchPOS Creator Offers Instructional Video to Make Deploying POS Malware Easier

New Mirai Variant Targets Business Presentation and Display Devices

Brute-Force Attack Wave Uses Legacy Protocols, Credential Dumps to Compromise Cloud Accounts

Threat Actors Use Fake Copyright Infringement Notifications in Instagram Hacking Campaign

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

Security Considerations for Whatever Cloud Service Model You Adopt

At RSAC 2019, It’s Clear the World Needs More Public Interest Technologists

To Improve Critical Infrastructure Security, Bring IT and OT Together

The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018

Spectre, Meltdown and More: What You Need to Know About Hardware Vulnerabilities

Stranger Danger: X-Force Red Finds 19 Vulnerabilities in Visitor Management Systems

Cryptojacking Rises 450 Percent as Cybercriminals Pivot From Ransomware to Stealthier Attacks

Podcast: Digital Identity Trust, Part 3 — Powering Digital Growth With Digital Identity Trust

Podcast: Monitoring National Cybersecurity Trends With Former NSA Deputy Director Bill Crowell

X-Force Red in Action: Spotlight on Password Security With Dustin ‘Evil Mog’ Heywood

Podcast: Demystifying the Role of AI in Cybersecurity

Webinar: Under the Radar: March Live Webinar and Demo

Cyberattacks and the Airline Industry: The Strategic Threat Landscape

Webinar: Crypto Agility: Your Super Power Defense

Webinar: Bridging the Gap Between Privacy and Security: Using Technology to Manage Complex Breach Disclosure Regulations

Tag: Exploit

Researchers Uncover Highly Exploitable WinRAR Bug That Puts 500 Million Users at Risk

Malvertising Campaign Delivers Vidar Information Stealer and GandCrab Ransomware

NRSMiner Crypto-Mining Malware Infects Asian Devices With the Help of EternalBlue Exploit

New Variant of Mirai Malware Exploits Weak IoT Device Passwords to Conduct Brute-Force Attacks

Hide ‘N Seek Botnet Continues to Grow by Infecting IoT Devices Using Default Credentials

WordPress Exploit in GDPR Plugin Puts 100,000 Websites at Risk

KeyBoy Attacker Group Uses Publicly Available Exploit Code to Deliver Malware

The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

ROPEMAKER Exploit Could Allow Fraudsters to Alter Emails Post-Delivery