Blog

Blog

What Is the One Thing We Can Do Right Now to Improve Our Cybersecurity?

This article was originally published on U.S. Chamber of Commerce on April 08, 2019.If you could create your own fantasy Board of Directors, who would be on it? CO— connects you with thought leaders from across the business spectrum and asks them to help solve your biggest business challenges. In this edition, a CO— reader asks how to improve a business’s cybersecurity when expert help isn’t...
Blog

Phishing Attacks - What is Phishing?

Although phishing attacks can occur against individuals, we will primarily focus on attacks against organizations in this post. We will use the term organization to represent governments, educational and healthcare institutions, and commercial businesses, but we will draw distinctions in the “bounty” sought after in each industry. So, let’s get started…What is Phishing?There are lot of “nice” or ...
Vulnerability Research

SoftNAS Cloud® Zero-day Blog

A vulnerability has been identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT). The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.SoftNAS has provided a patch for the vulnerability identified on the application. The...
Vulnerability Research

Analysis of NUUO NVRmini2 Stack Overflow Vulnerability

Exploiting CVE-2018-19864- Samuel S., Senior Vulnerability ResearcherDuring an audit of NUUO’s NVRmini2, a stack overflow vulnerability was discovered in a request handling function in the ‘lite_mv’ custom SIP service binary. The NUUO NVRmini2 runs a custom SIP service on TCP ports 5160 and 5150 via a binary at /NUUO/bin/lite_mv. In order to examine this bug more closely, we analyze the function...
Blog

Why Corporate Networks are Key Targets for Cryptojacking

The days of being able to ignore cryptocurrency is over. Even if you don’t use it, you’re now at risk of being adversely affected by it through cryptomining malware, also known as cryptojacking. Read on to find out what cryptocurrency is, how cryptojacking is on the rise, and how you can protect your organization.
Vulnerability Research

NUUO Firmware Disclosure

NUUO Zero-Day BlogA vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.NUUO has provided a patch for the vulnerability identified on the application. The patched...