Blog

Blog

Phishing Attacks - What is Phishing?

Although phishing attacks can occur against individuals, we will primarily focus on attacks against organizations in this post. We will use the term organization to represent governments, educational and healthcare institutions, and commercial businesses, but we will draw distinctions in the “bounty” sought after in each industry. So, let’s get started…What is Phishing?There are lot of “nice” or ...
Vulnerability Research

SoftNAS Cloud® Zero-day Blog

A vulnerability has been identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT). The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.SoftNAS has provided a patch for the vulnerability identified on the application. The...
Vulnerability Research

Analysis of NUUO NVRmini2 Stack Overflow Vulnerability

Exploiting CVE-2018-19864- Samuel S., Senior Vulnerability ResearcherDuring an audit of NUUO’s NVRmini2, a stack overflow vulnerability was discovered in a request handling function in the ‘lite_mv’ custom SIP service binary. The NUUO NVRmini2 runs a custom SIP service on TCP ports 5160 and 5150 via a binary at /NUUO/bin/lite_mv. In order to examine this bug more closely, we analyze the function...
Blog

Why Corporate Networks are Key Targets for Cryptojacking

The days of being able to ignore cryptocurrency is over. Even if you don’t use it, you’re now at risk of being adversely affected by it through cryptomining malware, also known as cryptojacking. Read on to find out what cryptocurrency is, how cryptojacking is on the rise, and how you can protect your organization.
Vulnerability Research

NUUO Firmware Disclosure

NUUO Zero-Day BlogA vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.NUUO has provided a patch for the vulnerability identified on the application. The patched...
Blog

Arcserve Zero-Day Disclosure

We are disclosing four previously undisclosed vulnerabilities within the Arcserve Unified Data Protection platform. The vulnerabilities can open the door for potential compromise of sensitive data through access to credentials, phishing attacks and the ability for a hacker to read files without authentication from the hosting system.________________________________________TitleDDI-VRT-2018-18 -...