CVE-2018-18500: Heap write-after-free in Firefox, Analysis and Exploitation

Credit to Author: Yaniv| Date: Thu, 18 Apr 2019 15:35:40 +0000

Editor&#8217;s note: This article is a technical description of a bug discovered by a member of the Offensive Research team at SophosLabs, and how the researcher created a proof-of-concept &#8220;Arbitrary Read/Write Primitive&#8221; exploit for this bug. The vulnerability was deemed critical by Mozilla&#8217;s bug tracking team and was patched in Firefox 65.0. It&#8217;s written for [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/oTcYk6i594c” height=”1″ width=”1″ alt=””/>

Read more

Protected: CVE-2018-18500: Heap write-after-free in Firefox, Analysis and Exploitation

Credit to Author: Yaniv| Date: Thu, 18 Apr 2019 15:35:40 +0000

Editor&#8217;s note: This article is a technical description of a bug discovered by a member of the Offensive Research team at SophosLabs, and how the researcher created a proof-of-concept &#8220;Arbitrary Read/Write Primitive&#8221; exploit for this bug. The vulnerability was deemed critical by Mozilla&#8217;s bug tracking team and was patched in Firefox 65.0. It&#8217;s written for [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/oTcYk6i594c” height=”1″ width=”1″ alt=””/>

Read more

Microsoft fixes 74 bugs in its April, 2019 Patch Tuesday releases

Credit to Author: Yaniv| Date: Tue, 09 Apr 2019 21:28:38 +0000

There are 16 Microsoft bugs marked as critical, as well as serious flaws in Adobe Flash and Acrobat that require immediate attention<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/VAyR1kHbAYM” height=”1″ width=”1″ alt=””/>

Read more

Machine learning hones weapons of maldoc destruction

Credit to Author: Jason Zhang| Date: Tue, 09 Apr 2019 14:49:19 +0000

By Jason Zhang Criminals continue to leverage the features of Adobe&#8217;s PDF document format to engage in malware and phishing attacks, with no sign of a slowdown. Last year at Black Hat USA, I gave a presentation about PDF-based malware detection using machine learning. We discovered that the best AV engine could only catch fewer [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/3k1sko1i93Y” height=”1″ width=”1″ alt=””/>

Read more

Sophos Cloud Optix is solving the toughest challenges in public cloud security

Credit to Author: Rich Beckett| Date: Tue, 09 Apr 2019 13:19:38 +0000

You move to the public cloud with the dream of infrastructure cost savings, added agility, and taking full advantage of devOps process to speed up development and product delivery. A move to Amazon Web Services, Microsoft Azure or Google Cloud Platform can bring all that good stuff. But soon you’ll meet your new challenge of [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/_I29jGUvCKQ” height=”1″ width=”1″ alt=””/>

Read more

It’s still business as usual at Sophos: A Brexit overview

Credit to Author: Editor| Date: Thu, 04 Apr 2019 17:14:43 +0000

Following the vote by the UK electorate to exit from the European Union, Sophos has been monitoring and preparing for Brexit using the most likely outcome scenarios. Regardless of the decisions made in the coming weeks and months ahead, we are ready to handle them in the best way possible for our customers, partners and [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/KMDSblkU94Y” height=”1″ width=”1″ alt=””/>

Read more

How Intercept X Advanced can protect you from Mar-a-Lago-like USB stick attacks

Credit to Author: Seth Geftic| Date: Thu, 04 Apr 2019 15:16:02 +0000

Earlier this week, news broke that a Chinese woman attempted to sneak a USB stick loaded with malware into Mar-a-Lago, President Trump’s main place of residence outside of the White House. The news made international headlines due to the nationality of the alleged attacker and the location of the attempted attack. Using an external device [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/_l8VeQdP3ck” height=”1″ width=”1″ alt=””/>

Read more

Eine Generation Datenkidnapping: Ransomware wird 30

Credit to Author: Jörg Schindler| Date: Fri, 22 Mar 2019 08:13:40 +0000

1989 erblickte die erste Erpressungssoftware das Licht der Welt und hat sich seither zu einer der unverfrorensten Datenbedrohungen entwickelt. Grund genug, einmal eine kurze Rückschau auf 30 Jahre digitale Erpressung zu halten.  In den letzten Jahren hat es Ransomware immer wieder in die Schlagzeilen geschafft – dabei waren es tatsächlich nur die wenigsten Angriffe der [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/S82QWXAEtvs” height=”1″ width=”1″ alt=””/>

Read more

Viel Bewusstsein für persönliche Daten, wenig Absicht zur Einschränkung

Credit to Author: Jörg Schindler| Date: Mon, 18 Mar 2019 10:23:04 +0000

Unerlaubtes Sammeln, keine Transparenz, Verkauf an Kriminelle – der Umgang von Internetkonzernen mit Nutzerdaten ist ein immerwährendes Diskussions-Thema. Sophos wollte wissen, was Nutzer bewegt und was sie sich von den Internetfirmen wünschen und hat hierfür ein Marktforschungsunternehmen mit einer Umfrage beauftragt. Es zeigt sich: die Angst vor einer kriminellen Daten-Nutzung ist groß, die mögliche Verletzung [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/U_cDzgJjURw” height=”1″ width=”1″ alt=””/>

Read more