Threat Research​

In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...

In 1988, graduate student Robert Tappan Morris created a computer worm and inadvertently launched what many consider to be the world’s first cyber attack. Since that infamous “Morris Worm,” major...

A year ago, the business world entered 2021 still reeling from the catastrophic SolarWinds attack that impacted thousands of organizations and put software supply chain risks on everyone’s radar —...

Threat researchers on the cutting edge of cybersecurity have a certain kind of drive — almost a relentless need — to get into the attacker’s mind, solve the “unsolvable” challenge and expose ...

In December 2020, a series of network breaches was reported in rapid succession — the beginning of what soon became known as the cyber attack that changed everything. By compromising identities...

The Greek philosopher Heraclitus once said “the only constant is change.” This still rings true thousands of years later — particularly as we reflect on 2021, another year marked by continued...

Chinese military general Sun Tzu’s treatise The Art of War has been cited over the years by millions of self-help gurus and corporate strategy consultants – and misquoted in a million more...

How I Cracked 70% of Tel Aviv’s Wifi Networks (from a Sample of 5,000 Gathered WiFi). In the past seven years that I’ve lived in Tel Aviv, I’ve changed apartments four times. Every time I...

While enterprises fight to stave off relentless attacks, 57% of them are hamstrung by the ever-worsening global cybersecurity skills shortage. An estimated 4.07 million industry positions remain...

Introduction This post describes the work we’ve done on fuzzing the Windows RDP client and server, the challenges of doing so, and some of the results. The Remote Desktop Protocol (RDP) by...

Black Hat 2021 had a markedly different tone from previous years. Welcoming remarks explored the strong parallels between cybersecurity and COVID-19 prevention, with founder Jeff Moss asking...

Ninety-one percent of cybersecurity practitioners agree they must keep up with their skills, or the organizations they work for are at a significant disadvantage against today’s cyber adversaries,...

This blog introduces a new information stealer, written in Rust and interestingly named FickerStealer. In this blog post, we provide an in-depth analysis of this new threat and its obfuscation...

Biometric authentication is beginning to see rapid adoption across the enterprise as organizations look to incorporate passwordless solutions to help mitigate the numerous security risks inherent...

While many Americans took off early to jump-start the Independence Day weekend, cyber attackers were launching the single biggest ransomware attack in history. It’s estimated that at least 800 to...

Digital transformation, widespread remote work due to the COVID-19 pandemic and ever-increasing reliance on cloud services and infrastructure have all contributed to new enterprise access...

We can’t help it. We hear the word “hacker” and our minds instantly go to shadowy figures in dark rooms frantically causing as much malicious digital mayhem as they can. It’s a misconception that...

In Part 1 of this blog post, we discussed attack vectors that utilize the different features of the devices that network plugins use, such as bridge devices and tunneling devices (VXLAN in...