Quantcast
Channel: Positive Technologies - learn and secure
Browsing all 198 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

IronPython, darkly: how we uncovered an attack on government entities in Europe

Hunting for new and dangerous cyberthreats is the job of the Positive Technologies Expert Security Center (PT ESC). In early April 2019, PT ESC analysts detected a targeted attack on the Croatian...

View Article


Image may be NSFW.
Clik here to view.

Finding Neutrino

In August 2018, PT Network Attack Discovery and our honeypots began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command...

View Article


Case study: Searching for a vulnerability pattern in the Linux kernel

This short article describes the investigation of one funny Linux kernel vulnerability and my experience with Semmle QL and Coccinelle, which I used to search for similar bugs.The kernel bugSeveral...

View Article

Image may be NSFW.
Clik here to view.

Sustes malware updated to spread via vulnerability in Exim (CVE-2019-10149)

A new wave of attacks by the Sustes cryptominer is infecting computers via a June vulnerability in the Exim mail server. Starting on August 11, our PT Network Attack Discovery network sensors have...

View Article

Image may be NSFW.
Clik here to view.

Positive Technologies Brings ‘Hackable City’ to Life in The Standoff...

Attackers and defenders to face off in digital metropolis security challenge featuring real-world critical infrastructure and technologies.Cybersecurity experts at Positive Technologies and Hack In The...

View Article


Image may be NSFW.
Clik here to view.

Studying Donot Team

APT group called Donot Team (aka APT-C-35, SectorE02) has been active since at least 2012. The attackers hunt for confidential information and intellectual property. The hackers' targets include...

View Article

Image may be NSFW.
Clik here to view.

Malware creators trying to avoid detection. Spy.GmFUToMitm as an example

Image credit UnsplashSpecialists from PT Expert Security Center found an interesting specimen of malware distributed in the Chinese segment of the Internet. Among other things, this malware is used for...

View Article

Image may be NSFW.
Clik here to view.

Turkish tricks with worms, RATs… and a freelancer

The Positive Technologies Expert Security Center has detected a malicious campaign active since at least mid-January 2018. The operation most focused on users from Brazil, Germany, Hungary, Latvia, the...

View Article


Image may be NSFW.
Clik here to view.

Fileless ransomware FTCODE now steals credentials

In 2013, SophosLabs announced infections by a ransomware written in PowerShell. The attack targeted users from Russia. The ransomware encrypted files and renamed them with an extension .FTCODE, whence...

View Article


Image may be NSFW.
Clik here to view.

Intel x86 Root of Trust: loss of trust

The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and...

View Article

Image may be NSFW.
Clik here to view.

CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem

This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. I...

View Article

Image may be NSFW.
Clik here to view.

Linux kernel heap quarantine versus use-after-free exploits

It's 2020. Quarantines are everywhere – and here I'm writing about one, too. But this quarantine is of a different kind.In this article I'll describe the Linux Kernel Heap Quarantine that I developed...

View Article

Image may be NSFW.
Clik here to view.

Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel

Author: Alexander Popov, Positive TechnologiesCVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January...

View Article


Positive Technologies' official statement following U.S. sanctions

As a company, we deny the groundless accusations made by the U.S. Department of the Treasury. In the almost 20 years we have been operating there has been no evidence of the results of Positive...

View Article

Image may be NSFW.
Clik here to view.

Open letter to the research community

Dear all,In light of recent events, we have received many words of encouragement in comments on social media, through direct messages, and over the phone. We truly appreciate your support. It means a...

View Article


Image may be NSFW.
Clik here to view.

How to detect a cyberattack and prevent money theft

Money theft is one of the most important risks for any organization, regardless of its scope of activity. According to our data, 42% of cyberattacks on companies are committed to obtain direct...

View Article

Image may be NSFW.
Clik here to view.

APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and...

Our pros at the PT Expert Security Center regularly spot emerging threats to information security and track the activity of hacker groups. During such monitoring in April 2021, a mailing list with...

View Article


Image may be NSFW.
Clik here to view.

PHDays 10 IDS Bypass contest: writeup and solutions

For the second time, the IDS Bypass contest was held at the Positive Hack Days conference. Just like last time (see blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html), the players...

View Article
Browsing all 198 articles
Browse latest View live