Security

2 min read

Based on the cybersecurity news proliferating in the mainstream media today – from ransomware incidents to data breaches of massive proportions – it has become clear that organizations need to...

3 min read

In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]

2 min read

During the last few years we have witnessed how the cyber security threat landscape has evolved. The emergence of the Internet of Things combined with recent events have profoundly changed how we protect our systems and people, and drive us to think about new approaches for vendors to disclose security vulnerabilities to customers and consumers. […]

1 min read

Vulnerability Discovered by Tyler Bohan and Cory Duplantis of Cisco Talos Talos has identified an exploitable out-of-bounds write vulnerability in the ELF Section Header parsing functionality of Hopper (TALOS-2016-0222/CVE-2016-8390). Hopper is a reverse engineering tool for macOS and Linux allowing the user to disassemble and decompile 32/64bit Intel-based Mac, Linux, Windows and iOS executables. During the parsing […]

1 min read

Vulnerability discovered by Aleksandar Nikolic of Talos. Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer. The `memcpy` call is properly […]

2 min read

In April we covered the description of Email Spoofing using Microsoft Outlook, but what about detecting and mitigating it on the Mail Transfer Agent (MTA)? There are multiple technologies that have attempted to address the issues surrounding spoofed emails on the MTA, but they all have shortcomings that can limit their usefulness. DKIM, or Domain […]

4 min read

On or Off the Clock, Staying Cyber Secure is a New Fact of Life  Cybersecurity has always been a major concern for workplace networks. But, increasingly, it is top of...

3 min read

Thanks to DigiCert for their contributions co-authoring this post. Interoperability for technology solutions is a top priority—standards used in these solutions become irrelevant when products operate in a silo. Thus, shifting to a new protocol in any solution takes careful consideration and collaboration by multiple parties in order to achieve a seamless operation. One such […]

4 min read

As groups around the world continue the conversation around cybersecurity – we’re at the midway point of National Cyber Security Awareness Month (#NCSAM) in the U.S. and European Cyber Security...