Exploits

05/23/2017 - After the big infection wave that hit thousands of computers all over the world on Friday, May 12, we are taking a look at some things that WannaCry has taught us and some of the aspects that have surprised many.

05/09/2017 - A few days ago reports emerged that attackers have exploited a weakness in a communication protocol which is used for SMS services by mobile carriers. This has increased the susceptibility of processes such as mTAN significantly. We will take a look at the facts and backgrounds as well as measures you can take to stay secure.

04/13/2017 - The current patches of Microsoft close i.a. a critical vulnerability in Office, which has been exploited by massively spammed Dridex banking trojans. Updating is the best protection.

03/30/2017 - A company offering protection against Zero-day exploits, exposes a vulnerability in Windows, which allegedly allows attackers to turn AV-products into malware. A lot of uncertainty has been created. On closer inspection, there is no reason to panic.

03/15/2017 - Many Twitter users in Europe woke up to some unexpected Tweets: many Twitter accounts suddenly posted messages which attacked the Dutch and German governments. Unknown attackers were able to gain access to the millions of accounts through an app which provides statistics.

03/09/2017 - Agencies spy. That’s a trivial fact. And even if most of the leaked details have been known before, a bad feeling comes up when information is leaked that provides insight about the extent and the systematics of the agencies’ acitivities. Vault 7 Year Zero is the first set of documents and it demands for homework to be done.

03/03/2017 - Manufacturer "Spiral Toys“ sells connected soft toys under the "Cloud Pets" brand. The toy transmits voice recordings between parents and their children. A massive data leak has now resulted in the exposure of this personal information to unauthorized individuals. About 800.000 registered users are affected.

01/09/2017 - G DATA started its blogs six years ago and the team has published numerous articles about IT security, malware, mobile device security, awareness and also the Internet of Things since then. It is time for us to take a look back at the Top 10 most read articles in 2016 – both in the German and the English G DATA Blog.

12/06/2016 - The fact that there are many free apps on unofficial market platforms appeals to many users. This is especially true since a lot of the apps would cost money on Google Play. There is a downside to this, however, as recent findings about a new Android malware called "Gooligan" have shown.

11/30/2016 [UPDATE: 12/01/2016] - Yesterday a Firefox 0-Day was made publicly available. We have analyzed the exploit from begin to end and talk about the different stages, including: the exploit techniques that aim to defeat general protection mechanisms like ASLR and DEP, as well as more advanced protection mechanisms like Export Address Filtering from EMET, the shellcode and its similarity to the FBI-Exploit from 3 years ago.