A look back at 2021: The year ransomware took the gloves off

We came into 2021 well aware of the risks ransomware posed. Even that didn’t prepare us for what was to come, as ransomware gangs and nation states launched attacks on critical infrastructure with cyber-physical consequences

A look back at 2021: The year supply chain threats went mainstream

Ransomware may have grabbed most of the headlines, but history will remember 2021 as the year that governments and companies finally woke up to the lurking threat posed by vulnerable software supply chains

Groundhog day: NPM package caught stealing browser passwords

This blog discusses the process used to find another NPM package that steals saved Chrome browser passwords.

Data Exfiltrator

A New Tactic for Ransomware Adversaries

Third-party code comes with some baggage

Recognizing risks introduced by statically linked third-party libraries

It only takes one line of code to ruin your day

They say there’s no such thing as bad press, but getting name recognition for a data breach never feels good. Enter Codecov.

Spotting malicious Excel4 macros

Relying on legacy functionalities comes with inherent security risks

Code Reuse Across Packers and DLL Loaders

One of the core tenets of computer science is code reuse.

DotNET Loaders

Many families of remote access trojan (RAT) are .NET executables.

Malware in images: When you can’t see 'the whole picture'

The attack on SolarWinds: Next-level stealth was key

The SunBurst supply chain attack, which was behind the breach of SolarWinds, took sophistication and patience.

Rana Android Malware

Your past catches up, sooner or later...

PoorWeb - Hitching a Ride on Hangul

Tearing Down HWP Files To Expose a Trojan

Taidoor - a truly persistent threat

When malware lasts longer than your washing machine

Excel 4.0 Macros

The Risk of Hidden Threats in Compound Files