Blog

Thought Leadership

Our experts share with you.

See All Articles

Microsoft Office Vulnerability Lets Attackers Install Malware Without User Interaction

A new vulnerability in Microsoft Office has surfaced. The vulnerability is a memory corruption issue that resides in all versions of Microsoft...

Posted on November 15, 2017
Oct 16

KRACK Attack WPA Vulnerabilities

Researchers have discovered and documented critical weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. The attack, dubbed KRACK (Key Reinstallation Attacks), allows attackers within range of the target wifi network to view seemingly “protected” information; and possibly “inject and manipulate” information, as well.

read more →
Jun 27

Petya Ransomware Without The Fluff

When WannaCry hit, the news sent shivers down the world. Reports of hospital outages and super secret tools used by the NSA (Equation Group) that could hack into any version of Windows was released to the public. During this period of time, the community warned of more waves were soon to come. This started yesterday around June 26, 2017 primarily in Ukraine and Binary Defense started to see some of the first large infections of Petya (or some calling it NotPetya) happening at other geographic locations early this morning. On the surface, this appeared to be another EternalBlue/MS17-010 campaign being used on the surface and a new variant. No-one at the time knew exactly how the infection methods were being used, but multiple companies jumped the gun and reports claimed multiple avenues including HTA attack vectors, email campaigns with attached word and excel documents.

read more →
Nov 14

NOAA Reportedly Hacked by China

It was reported on November 13th 2014 that in late September the National Oceanic and Atmospheric Administration, NOAA, was breached by a Chinese hacker. This announcement comes only days after the reports of the USPS being hacked. Currently the full scope of what was compromised by the breach is unknown and NOAA officials have declined to comment on what was targeted by the breach. Though NOAA officials stated that incident response was started immediately, they did not notify anyone of the breach until the 4th of November when it was reported the Commerce Department Inspector General Todd Zinser. The first indication to anyone outside of the agency that something was wrong was October 20th when NOAA took several systems offline for “unscheduled maintenance”.

read more →
Nov 11

The ISIS Cyber Security Threat

While many look at ISIS and think only of the campaign of terror they are driving through the middle east, but what most do not think of is the terror campaign they are waging through cyberspace. Since its inception ISIS has continually evolved to thrive in current times. ISIS began using relatively old tactics such as when they raided the Central Bank of Mosul making off with over $475 million and taking control of oil fields in Syria. ISIS has since moved into the cyber world for recruiting, propaganda, and theft to expand the reach of the organization.

read more →
Nov 10

United States Postal Service Breached

On November 10, 2014 the United States Postal Service (USPS) announced they were the victim of a cyber security intrusion. The breached was discovered in September and it appears that the Chinese government may be responsible. In the document "USPS Cyber Intrusion and Employee Data Compromise November 10, 2014" released on 11/10/2014, the USPS stated the intrusion was similar to attacks being reported by many other federal government entities and corporations. Although this is a blanket statement, the release does highlight some key information.

read more →
Oct 24

Active Shellshock SMTP Botnet Campaign

We recently became aware (special thanks to @slideintohome) of a SMTP botnet campaign occurring for a number of large-scale customers targeting SMTP gateways with Shellshock based attacks. The attack leverages Shellshock (https://www.trustedsec.com/september-2014/cve-2014-6271/) as a main attack vector through the subject, body, to, from fields (targets every main header field in order to download the perl botnet script). Once compromised, a perl botnet is activated and beaconing on IRC for further instructions.

read more →