Julien Maury Avatar
  • industroyer schema

    Critical Infrastructure, ICS/SCADA Systems Under Attack by Advanced Threat Groups

    Critical infrastructure, industrial control (ICS) and supervisory control and data acquisition (SCADA) systems are under increasing threat of cyber attacks, according to a number of recent warnings from government agencies and private security researchers. CERT-UA (Computer Emergency Response Team of Ukraine) reported a major attack on Ukrainian energy infrastructure last week. Researchers at ESET and […]

  • evasion techniques

    How Hackers Evade Detection

    Bypassing detection tools is part of a hacker’s routine these days. Despite the incredible evolution of defensive technologies, attackers often remain undetected for weeks or months, earning the label advanced persistent threat (APT). Classic security tools are necessary but less and less sufficient. That’s why most security companies are now focusing on behavioral analysis and […]

  • spring4shell poc

    Protecting Against the Spring4Shell Vulnerability

    Spring4Shell (CVE-2022-22965) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability, one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks. […]

  • printnightmare

    Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

    Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate privileges, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed last week. By using a misconfigured Cisco Duo MFA implementation to force enrollment of a new device, the hackers were […]

  • cobalt strike

    How Cobalt Strike Became a Favorite Tool of Hackers

    Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. It’s a comprehensive platform that emulates very realistic attacks. Indeed, the tool can assess vulnerabilities and run penetration tests, while most tools on the market cannot do both. Vulnerability assessment and pentesting are two different things. The first consists […]

  • kellermann poc

    Dirty Pipe Makes Linux Privilege Escalation Easy

    A major Linux vulnerability dubbed “Dirty Pipe” could allow even the least privileged users to perform malicious actions. Researcher Max Kellermann of Ionos revealed the new vulnerability earlier this week. The name is reminiscent of the “Dirty Cow” vulnerability discovered in 2016 that allowed attackers to gain root access on any Android Phone regardless of […]

  • daxin malware

    Newly Discovered Malware Evades Detection by Hijacking Communications

    While the cybersecurity world is focused on the Russian invasion of Ukraine, new research from Symantec serves as a reminder that significant threats remain elsewhere too. Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and […]

  • Hacker at computer

    Zero-Click Attacks a Growing Threat

    Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle. They can compromise the targeted device despite a victim’s good security hygiene and practices. There is no need for social engineering, as the program can implant backdoors directly without forced […]

  • QR encoding

    QR Codes: A Growing Security Problem

    Quick response (QR) codes are a convenient format for storing all kinds of information in a readable and secure way, at least when correctly implemented. With the ongoing COVID-19 pandemic, for example, governments have recently implemented QR codes to create Digital COVID Certificates for vaccination, tests status and other reasons. QR technology isn’t new, and […]

  • stenography malware

    How Steganography Allows Attackers to Evade Detection

    Steganography, derived from Greek words meaning “covered” and “writing,” has been used for centuries to hide secret messages inside regular documents. In cybersecurity, steganography mainly consists of hiding malicious payloads or secret information inside seemingly harmless files such as images, PDFs, audios, videos, and many other document types. While steganography is often considered something of […]

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis