Exploit kits: Spring 2018 review

Exploit kits: Spring 2018 review

In this Spring 2018 snapshot, we review the top exploit kits observed in the wild. Categories: Cybercrime Exploits Tags: EKEKsexploit kitsgrandsoftGreenFlash SundownMagnitudeRIG (Read more...) The post Exploit kits: Spring 2018 review appeared ...
Blocks for Flash and others coming to Office 365

Blocks for Flash and others coming to Office 365

If you make use of Flash or Silverlight in your day-to-day activities, you may need to have a word with IT. For everyone else, your Office 365 experience is about to become ...
Adobe Reader zero-day discovered alongside Windows vulnerability

Adobe Reader zero-day discovered alongside Windows vulnerability

A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape. Categories: Exploits Threat analysis Tags: 0dayadobeAdobe ReaderCVE-2018-4990CVE-2018-8120zero day (Read more...) The post Adobe Reader zero-day discovered alongside Windows ...
Internet Explorer zero-day: browser is once again under attack

Internet Explorer zero-day: browser is once again under attack

Internet Explorer is yet again leveraged for a zero-day exploit delivered via Office document—the first zero-day observed for IE in over two years. Categories: Exploits Threat analysis Tags: 0dayCVE-2018-8174zero day (Read more...) ...
SamSam ransomware: what you need to know

SamSam ransomware: what you need to know

We take a look at SamSam ransomware, the malware that messed with Atlanta, and tell you how it works and what you can do to combat it. Categories: Cybercrime Malware Tags: atlanta ...
Magnitude exploit kit switches to GandCrab ransomware

Magnitude exploit kit switches to GandCrab ransomware

After being faithful to its own Magniber ransomware for several months, Magnitude EK joins others to adopt GandCrab. Categories: Exploits Threat analysis Tags: EKexploit kitgandcrabMagnituderansomware (Read more...) The post Magnitude exploit kit ...
Exploit kits: Winter 2018 review

Exploit kits: Winter 2018 review

In this Winter 2018 review, we check the pulse of exploit kits and their latest developments. Categories: Exploits Threat analysis Tags: CVE-2014-6332CVE-2015-2419CVE-2015-7645CVE-2015-8651CVE-2016-0189CVE-2018-4878EKsexploit kitsgrandsoftGreenFlash SundownMagnitudeRIG (Read more...) The post Exploit kits: Winter 2018 ...
Figure 1: How branch misprediction leads to speculative execution. When the branch predictor makes an incorrect guess about the destination of a conditional branch, some instructions are speculatively executed. The execution of these instructions is undone, but their effects on the cache remain. Spectre causes the branch predictor to guess wrong and speculatively execute a carefully chosen set of instructions.

An accessible overview of Meltdown and Spectre, Part 2

This is the second half of our blog post on the Meltdown an Spectre vulnerabilities, describing Spectre Variant 1 (V1) and Spectre Variant 2 (V2). If you have not done so already, ...

Israeli Security Attacks AMD by Publishing Zero-Day Exploits

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website, detailed whitepaper, cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, ...
Demystifying the Secure Enclave Processor

“AMD Flaws” Technical Summary

Two weeks ago, we were engaged by CTS Labs as independent consultants at our standard consulting rates to review and confirm the technical accuracy of their preliminary findings. We participated neither in ...
Loading...