Our Blog

One Month, Five CVEs: Welcome to Patch Tuesday

A very exciting Patch Tuesday for us at Cybellum, with 5 CVEs published for vulnerabilities discovered by our automated vulnerability detection platform. Four of them are in Adobe products, whereas the fifth is byproduct of a decision reversal by Microsoft Security...

read more

CY-2017-011: Type Confusion in Adobe Acrobat

Overview Our vulnerability detection platform had discovered a new Type Confusion vulnerability, which affects the latest version of all Acrobat Readers (Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat XI, Reader XI). ...

read more

CY-2017-022: Type Confusion in Microsoft Word 2016

Introduction This post explores the Type Confusion discovered by Cybellum's automated vulnerability detection platform in Microsoft Word. It was reported to Microsoft on August 21st. Microsoft has confirmed the vulnerability, and patched it as part of October 2017...

read more

DevSecOps Is Important, but Can It Be Done Well?

Ask a DevSecOps evangelist what it’s all about, and they’ll tell you that it’s the mindset that makes everyone care about product security - an idyllic scenario where through changes to company workflows and addition of new tools, products are built in a more secure...

read more

DoubleAgent: Taking Full Control Over Your Antivirus

See how Cybellum uses dynamic analysis to detect ulnerabilities in C/C++ closed binaries. Get a free demo. OverviewOur research team has uncovered a new Zero-Day attack for taking full control over major antiviruses and next-generation antiviruses. Instead of hiding...

read more

The Zero-Day Kill Chain

The term ‘kill chain’ was originally used as a military concept related to the structure of an attack. In 2011 Lockheed Martin adopted the term for cyber security, modeling network intrusion. In this post we zoom in, model and simplify the Zero-Day kill chain, a chain...

read more