Security Research

Unpatched Vulnerabilities Leave Apple Users at Risk

Apple has a long-standing reputation for silence when it comes to security. Whether it’s OS X or iOS, details around vulnerabilities, security patches and malware attacks are often obscured. This has led leading researchers and security vendors to reference the notorious idiom“security through obscurity” to describe Apple’s approach to threats. Whether this approach is effective or not, is up for […]

READ MORE

Sandworm Demonstrates Why Patches aren’t Foolproof

Last week the security community was scrambling to update new AV signatures while continuing to patch systems against new variants of the “Sandworm” malware, which attacks Windows systems using a zero-day flaw that can enable attackers to take complete control of an infected system. The vulnerability used by Sandworm resides in a Windows component called […]

READ MORE

More Embedded Systems Havoc: ATM Hacks Target Endpoints Once Again

Recently, reports surfaced about new malware being used to hack ATM machines across the globe. The program, named Backdoor.MSIL.Tyupkin, creates a backdoor that bypasses the ATM’s security system and forces it to dispense cash. Though the hacks are primarily taking place in Russia and Europe, reports from the U.S., China, India, and Israel have also […]

READ MORE

Internet Explorer Vulnerability Kept Secret For Three Years

Security vulnerability research companies search for vulnerable applications and disclose their findings to application vendors, governmental agencies, and operating system vendors. Often this information costs a substantial fee. For example, vulnerable code found inside a browser, such as Internet Explorer or Chrome, can cost thousands of dollars. Agencies around the world typically pay high amounts of money in […]

READ MORE

The case of the Gyges, the invisible Malware

Government-Grade now in the Hands of Cybercriminals In March 2014, the Sentinel Labs Research Lab detected a sophisticated piece of malware dubbed Gyges that is virtually invisible and capable of operating undetected for long periods of time. We first detected Gyges with our heuristic sensors and then our reverse engineering task force performed an in-depth […]

READ MORE