Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus Threats Analyst

Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple’s BlastDoor security, and allow attackers access to a device without user interaction. Read More HERE…

Read more

APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs Threat Researcher Threat Researcher

In 2019, we wrote a blog entry about a threat actor, known as APT-C-36 or Blind Eagle, targeting entities in Colombia and other South American countries with spam emails. We have continued tracking this threat actor and share our new findings about APT-C-36’s ongoing spam campaign during that monitoring phase. Read More HERE…

Read more

Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs

Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger. Read More HERE…

Read more

The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors Sr. Threat Researcher Manager, Threat Research

The United Nations Regulation No. 155 sets requirements for cybersecurity in vehicles. We conducted a threat modelling exercise on its defined attack vectors as a form of risk assessment in order to help organizations comply with this regulation and identify what to prioritize. Read More HERE…

Read more

Fake Cryptocurrency Mining Apps Trick Victims Into Watching Ads, Paying for Subscription Service Mobile Threats Analyst

We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications where users can earn cryptocurrency by investing money into a cloud-mining operation. Read More HERE…

Read more

Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military Threat Researcher

While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer. Read More HERE…

Read more