CVE-2014-7911 – A Deep Dive Analysis of Android System Service Vulnerability and Exploitation

In this post we discuss CVE-2014-7911 and the various techniques that can be used to achieve privilege escalation. We also examine how some of these techniques can be blocked using several security mechanisms. The Vulnerability CVE-2014-7911 was presented here along with a very descriptive POC that was written by Jann Horn. Described briefly, the ObjectInputStream […]

Continue Reading

Debunking Myths Around Industrial Control Systems Cybersecurity

General awareness for the need to improve cybersecurity in industrial control systems (ICS) has increased significantly in recent years, but there are still plenty of misconceptions. A recent incident that can be used to highlight some of these is the cyber attack on a German steel factory, described in a report from the German Federal […]

Continue Reading

Financial Sector as a Main Target: Analyzing Anunak and Chthonic Malicious Campaigns

March 20, 2012 was a good day for cybersecurity. It was the day that the Russian police had managed to arrest the criminals behind “Carberp”, a Trojan used to compromise numerous bank accounts. Less than two years later, the minds behind this operation can add to their list of accomplishments: a major operation targeting financial […]

Continue Reading
%d bloggers like this: