Image parsing is a basic feature in operating systems, and a vulnerability could lead to remote code execution or information disclosure.

Keeping up with today's fast moving cyber threat landscape is a challenge for many organizations.

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.

On Dec. 17, 2019, Citrix released security bulletin  CTX267027 , which identified a vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability, assigned  CVE-2019-19781 , could allow an unauthenticated attacker to perform arbitrary remote code execution via directory traversal. This vulnerability received a score of 9.8 and was deemed Critical. On Jan. 8, 2020, Tripwire  provided a very detailed explanation of the CVE  that we recommend reading.

We dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBANAK of a network operator preparing for an offensive engagement.

We  take a look into how the Nomad bridge smart-contract was exploited and analyze the on-chain transactions post-compromise.

Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers.

FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability.

Ghidrathon is a Ghidra extension that adds Python 3 scripting capabilities that tightly integrate with the user interface.