Many research teams have reported on their observations of exploits
involving the use of the Apache Struts vulnerability CVE-2017-5638 since
Cisco Talos published their post on Wednesday March 8. Fidelis Cybersecurity
Threat Research is also seeing widespread activity and contrary to some
There’s a reason why airport security x-rays your bags. It’s because
the only way you can tell if something is a true threat is to actually look
at the contents. It’s the same with network security. The only way to
prevent modern intrusions is to actually inspect the content on your network …
Modern messaging apps, many of which offer end-to-end encryption, are used
every day by millions of people. These apps come with the expectation of
privacy. However, we recently observed an interesting operational security
issue involving one such popular messaging app, Telegram. We're posting ou …
Downloaders and droppers (aka malware that delivers other malware) have
been forced to live in the shadow of more famous stages of the exploit kit
chain, like landing pages or the malware that's eventually dropped. One
reason they are often overlooked and not analyzed as often is because they
We're counting down the last few days to RSA 2017. As you pack your suitcase
and map outyour schedule, plan on joining us for a demo atBooth #933.
Stop by and say hello and grab your limited edition t-shirt. Here’s a quick
rundown on where you can find us: RSA 2017 EXPO: Join Fidelis Cybersecur …
Producers of the 1995 James Bond film “GoldenEye” packed the plot with
all the signature elements fans expect from the successful franchise.
Over-the-top supervillain – check. Coolspy gadgets – check. Exotic
locations – check. And, of course, 007 saves the day. The film was also
What does 2017 hold for security professionals and the industry as a whole?
To answer this question, let’s take a quick look at what has not changed.
For one, ransomware continues to be an effective extortion tool for
attackers. They’re constantly honing their ability to use backdoors and
Earlier this month, security news media reported attackers holding
internet-exposed MongoDB and Elasticsearch databases for ransom. Attackers
said they’d return the data if they got paid -- otherwise, the data would
be erased. In many reported instances, attackers simply deleted the data.
Security got the boring end of the stick when names for the generations
were handed out. Instead of Millennials, Gen X, Baby Boomers or the Greatest
Generation, we're stuck with "Next Gen." What comes after "Next Gen"? And
where were the creative minds hiding when we needed them most? In this pos …