Archive for February, 2016

Lately, I was doing research connected with different updating strategies, and I tested a few applications working under Mac OS X. This short weekend research revealed that we have many insecure applications in the wild. As a result, I have found a vulnerability which allows an attacker take control of another computer on the same network (via MITM). Continue reading

We created the flare-dbg Python project to support the creation of plug-ins for WinDbg. When we harness the power of WinDbg during malware analysis, we gain insight into runtime behavior of executables. flare-dbg makes this process particularly easy. This blog post discusses WinDbg plug-ins that were inspired by features from other debuggers and analysis tools. Continue reading

Camtasia, uTorrent, and a large number of other Mac apps are susceptible to man-in-the-middle attacks that install malicious code, thanks to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates. Continue reading


Yesterday Radek from VulnSec posted an interesting article named “There’s a lot of vulnerable OS X applications out there.“, he discovered that the Sparkle update system ( used by some very popular OSX apps such as VLC, Adium, iTerm and so forth ) uses HTTP instead of HTTPS to fetch updates informations for such applications, making all of them vulnerable to man in the middle attacks and, as he shown, remote command execution attacks. Continue reading


TENERFIE, Spain – Sergey Lozhkin knows malware. Medical devices? Admittedly, not so much. That, however, was not an impediment to the Kaspersky Lab researcher in cracking the digital walls of a Moscow hospital and finding a shocking array of open doors on the network and weaknesses in medical devices and applications crucial not only to the privacy of patients, but also their physical well-being. Continue reading


There are no flawless software systems or applications. Flaws often create security vulnerabilities that attackers can exploit to compromise systems and software. That is the primary reason software vendors issue vulnerability patches. So why do IT departments choose to delay (or even omit) the application of those patches to production environments? More importantly, how can security professionals prevent security breaches on endpoints that operate with unpatched and unpatchable software? Continue reading


Exclusive Microsoft researchers, in partnership with academia, have published a paper detailing how they have dramatically increased the speed of homomorphic encryption systems. Continue reading

Consider a hospital that would like to use a cloud service to predict the probability of readmission of a patient within the next 30 days, in order to improve the quality of care and to reduce costs. Due to ethical and legal requirements regarding the confidentiality of patient information, the hospital might be prohibited from using such a service. Continue reading

Poseidon Group: a Targeted Attack Boutique  specializing in global cyber-espionage

During the latter part of 2015, Kaspersky researchers from GReAT (Global Research and Analysis Team) got hold of the missing pieces of an intricate puzzle that points to the dawn of the first Portuguese-speaking targeted attack group, named “Poseidon.” The group’s campaigns appear to have been active since at least 2005, while the very first sample found points to 2001. This signals just how long ago the Poseidon threat actor was already working on its offensive framework. Continue reading