Software Vulnerabilities August 9, 2022

Controlling the Source: Abusing Source Code Management Systems

13 min read - For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within…

Advanced Threats July 19, 2021

FragAttacks: Everything You Need to Know

4 min read - A cybersecurity researcher discovered a new category of Wi-Fi vulnerabilities recently. But the surprising news is that this new category is actually very old. Called FragAttacks, these 12 Wi-Fi vulnerabilities have existed since the late 90s. But they’re new to the cybersecurity…

February 19, 2020

Evolving Turkish Phishing Campaign Targets More Than 80 Companies With Adwind Malware

< 1 min read - Security researchers spotted the latest iteration of an evolving Turkish phishing campaign that's targeting more than 80 companies with Adwind malware.

March 12, 2019

SLUB Backdoor Receives Commands From GitHub and Communicates Through Slack

2 min read - Security researchers have discovered that the new SLUB backdoor is receiving attack commands from GitHub and relying on Slack for communicating with its attackers.

January 15, 2019

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

2 min read - A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.

September 12, 2018

Researchers Observe Threat Actor Using Varied Tools and Payloads to Distribute Monero Miners

2 min read - Researchers observed a new threat actor known as Rocke leveraging a varied tool kit and multiple payloads to distribute cryptomining malware, including Monero miners.

September 11, 2018

New Zero-Day Vulnerability for Windows Tweeted, Immediately Exploited

2 min read - A new zero-day vulnerability affecting Windows 7 through 10 was recently disclosed on Twitter. Within two days, security researchers spotted it in the wild.

Artificial Intelligence April 17, 2018

Adversarial AI: As New Attack Vector Opens, Researchers Aim to Defend Against It

3 min read - While fraudsters have yet to master adversarial AI, the only way for the security community to get ahead of the emerging threat is through collaborative defense.

August 14, 2017

Git Vulnerabilities Found in Version Control Systems

2 min read - Three popular version control systems were found to contain vulnerabilities that could enable threat actors to steal source code.

August 7, 2017

GitPwnd Shows How Threat Actors Could Hijack Git Repositories in Software Development

2 min read - Researchers have created a tool that uses Git repositories to demonstrate how Agile and other software development approaches could have security issues.