THREATS
 
The group that originally leaked the NSA tools in April, “the Shadow Brokers”, are promising to dump more exploits, which will be available through a paid subscription service starting in June. The subscription will cost $ 21,000 per month, and the group says that the monthly dumps are for " (...)
THREATS
 
Senior security consultant Giuseppe Trotta tells the story of a pentest where a private smartphone and poor network configuration resulted in a compromise of a corporate network and data exfiltration.
THREATS
 
A new ransomware outbreak hits Eastern Europe again. On the 24th of October 2017 several (infrastructural) organisations such as the Kiev Metro and Russian media outlets were hit by a cyber attack.
THREATS
 
Attack and defence has always been in a weapons race, where attackers find new ways of compromising systems, while defence comes up with new ways of defending against these attacks. How do we get ahead of the bad guys, and detect and mitigate new types of attacks?
THREATS
 
In the days of yore, an IMSI catcher was an extremely expensive unit to buy, and the training needed to use it was limited to a select few. This is no longer the case, since the knowledge needed to use IMSI catchers is now in the public domain, and the skills for creating one are more generally (...)
THREATS
 
Over the past week, various articles have been published about the Industroyer malware. The technical aspects have been laid out clear and plain for all to understand, albeit mostly picked up by the cybersecurity community itself. But how alarming is Industroyer really?
THREATS
 
NCC Group was recently posed the following by one of our UK CISO Research Council members: ‘Blockchain (especially BitCoin) is highly dependent on elliptic curve crypto and hashes like SHA256 and RIPEMD-160, which are all vulnerable to quantum computing attacks using Shaw’s and Grover’s algorithms (...)
THREATS
 
In September 2012 NCC Group noted a security issue relating to the use of ASP.NET forms authentication in a shared/cloud hosting environment, which could potentially allow an attacker to successfully authenticate to an application for which they do not have valid credentials. This threat brief will (...)
THREATS
 
This threat brief discusses the existence of embedded USB keyboards that are becoming increasingly common. These keyboard-like devices can be used to bypass the security enhancements in modern operating systems or configuration settings that stop the automatic execution of code from USB devices. (...)
Subscribe to Threats