[SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes

I published the following diary on isc.sans.edu: “A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes“: Yesterday, I analyzed a malicious archive for a customer. It was delivered to the mailbox of a user who, hopefully, was security-aware and reported it. The payload passed through the different security layers based on big

[SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware

I published the following diary on isc.sans.edu: “A Good Old Equation Editor Vulnerability Delivering Malware“: Here is another sample demonstrating how attackers still rely on good old vulnerabilities…  In 2017, Microsoft Office suffered from a critical vulnerability that affected its Equation Editor tool, known as CVE-2017-11882. It’s a memory corruption

1 2 3 20