Advisories

Get the Cylance RSS feed: Cylance RSS Feed

Tech Blog

May 23, 2013 Uncommon Handle Analysis in IR and Forensics

From a higher-level, how can we use attributes of mutexes and their relatives (other handles) in Incident Response and Forensic analysis?

Read Full Post

May 21, 2013 WordPress Under Attack

In the last few weeks, Internet hacking attacks have increased and thousands of sites have already been compromised.

Read Full Post

View All »

Free Tools

Accelerify Accelerate the system clock in order to observe OS behavior.
Download

DecryptDLL Malicious software often utilizes XOR encoding. This utility assists with the decoding of executables to determine hidden content.
Download

View All »

Latest Advisory

Siemens WinCC TIA Portal Vulnerabilities (ICSA-13-079-03)

March 20, 2013

This advisory provides mitigation details for a vulnerability that impacts the Siemens WinCC TIA (Totally Integrated Automation) Portal (HMI). Researchers Billy Rios and Terry McCorkle of Cylance have identified multiple vulnerabilities in Siemens WinCC TIA Portal. Siemens has produced a new software version that mitigates this vulnerability.

Read Full Advisory

VMCI.SYS IOCTL Host and Guest Privilege Elevation
(CVE-2013-1406)

February 8, 2013

The vulnerability described in this document can be exploited by unprivileged code running in a VMware virtual machine (guest) or on the system where an affected VMware product is installed (host), in order to execute arbitrary code with kernel privileges.

Read Full Advisory

VMware VMX Process Insecure Thread Permissions Privilege Elevation (CVE-2012-5458)

November 11, 2012

The vulnerability described in this document can be exploited by unprivileged code running on a system where an affected VMware product is operating in order to read or modify any portion of physical memory (RAM), which in turn enables execution of arbitrary code with kernel privileges.

Read Full Advisory

VMware VMX Process Window Message Privilege Elevation (CVE-2012-5458)

November 11, 2012

The vulnerability described in this document can be exploited by unprivileged code running on a system where an affected VMware product is operating in order to read or modify any portion of physical memory (RAM), which in turn enables execution of arbitrary code with kernel privileges.

Read Full Advisory

Privilege Escalation in GarrettCom MNS-6K Software (CVE-2012-3014)

August 30, 2012

GarrettCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment. You'll find their gear installed in traffic control systems, railroad communications systems, power plants, electrical substations, and even US military sites. Beyond simple L2 and L3 networking these devices are also used for serial-to-ip conversion in SCADA systems and they even support Modbus and DNP.

Read Full Advisory

Key Management Errors in RuggedCom's Rugged Operating System (ICS-CERT Alert)

August 21, 2012

ICS-CERT is aware of a public report of hard-coded RSA SSL private key within RuggedCom's Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code was publicly presented by security researcher Justin W. Clarke of Cylance Inc. According to this report, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device.

Read Full Advisory

Emergency Incident Response

Our elite Emergency Incident Response team is available 24/7/365. If you require immediate assistance please submit a request or call our emergency hotline.

Call Us
  • Emergency Hotline: 1+ (877) 973-3336
Online Request

The following highlighted fields are required.

X