Our Blog
ENISA’s Latest Report on Automotive Cybersecurity – Part 2, Organisational Practices
Overview This is Part 2 of our blog series reviewing ENISA’s report on the importance of cybersecurity for connected cars. Continuing from where we left off in Part 1, in this blog we will cover the organisational practices. The last part will be published by Dec 24th...
read more
ENISA’s Latest Report on Automotive Cybersecurity – Introduction
ENISA, the European Union Agency for Cybersecurity, has recently published their updated report highlighting the importance of cybersecurity for connected cars. The ENISA report is the latest in a series of industry standards and best practices around the topic of...
read more
ENISA’s Latest Report on Automotive Cybersecurity – Part 1, Policies
Overview This is Part 1 of our blog series reviewing ENISA’s report on the importance of cybersecurity for connected cars. The next parts will be published in the coming two weeks. Follow us on Linkedin. We believe that one of the major pains in the industry right now...
read more
UV Protection for Cars
The summer is over - at least for the northern hemispherians of us. Isn’t it time for some reflection (pun intended) on the risks of the being exposed to the sun in the first place? The American Optometric Association suggests that the sun's primary danger is in the...
read more
Angel Has Fallen – and his Vehicles Too
Automotive cybersecurity concerns are on the rise, and Hollywood is taking note. In the latest action-packed “Angel Has Fallen” movie, cars are hacked and are turned off remotely. Science Fiction? Not anymore. A simple hack into the car’s Internet-connected...
read moreYour Next Car Might Be Autonomous, But Its Security Will Be More Hands-On Than Ever
There’s a glaring gap between the public perception of the autonomous vehicle industry, and what’s actually happening at the R&D facilities around the world. While the public still treats any news about cars that drive themselves as almost-magic, engineers who work on...
read more
Would Vulnerabilities That Were Rejected by Microsoft Meet Your Security Bar?
In the last months, our automated vulnerability detection platform has been working continuously, researching different products from various vendors. The platform found very interesting results, including Heap Overflows, Use After Frees, Uninitialized Data Accesses,...
read more
One Month, Five CVEs: Welcome to Patch Tuesday
A very exciting Patch Tuesday for us at Cybellum, with 5 CVEs published for vulnerabilities discovered by our automated vulnerability detection platform. Four of them are in Adobe products, whereas the fifth is byproduct of a decision reversal by Microsoft Security...
read more
CY-2017-011: Type Confusion in Adobe Acrobat
Overview Our vulnerability detection platform had discovered a new Type Confusion vulnerability, which affects the latest version of all Acrobat Readers (Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat XI, Reader XI). ...
read more
Security Solutions Can’t Solve Everything, and That’s Ok
With every passing year, the IT security market gets bigger and bigger. The increase in frequency and scope of attacks, driven by the ever-growing amount of valuable data stored on computers, created a huge demand for defensive solutions. Each of them has a unique...
read more
The Bug Bounty Problem: How Mishandled Bounties Hurt the Industry
Bug bounties are great, aren’t they? A company decides that instead of just testing their product in-house, it will also open the challenge to outside developers, and compensate them for their effort. Crowdsourced security at its best, with more of the attack surface...
read more
CY-2017-022: Type Confusion in Microsoft Word 2016
Introduction This post explores the Type Confusion discovered by Cybellum's automated vulnerability detection platform in Microsoft Word. It was reported to Microsoft on August 21st. Microsoft has confirmed the vulnerability, and patched it as part of October 2017...
read more
DevSecOps Is Important, but Can It Be Done Well?
Ask a DevSecOps evangelist what it’s all about, and they’ll tell you that it’s the mindset that makes everyone care about product security - an idyllic scenario where through changes to company workflows and addition of new tools, products are built in a more secure...
read more
It’s Not About Trust: 3rd Party Software Security Is Complicated, but Necessary
In 2014, Lenovo decided to trust third party software. What became a severe security incident, started when adware from a company named Superfish was installed on Lenovo laptops, ostensibly “to provide users with real-time price comparisons”, but with a nasty...
read more
Microsoft Claims Viewing Page Source Makes Their Browsers Less Secure
Introduction Cybellum is the developer of the first automated vulnerability detection technology on the market. Our platform detects vulnerabilities in compiled code, even when they don’t cause a crash, without performance impact on the tested software. The...
read more
CY-2017-021: Type Confusion in Edge/Internet Explorer
Introduction This post explores the Type Confusion discovered by Cybellum's automated vulnerability detection platform in Edge and Internet Explorer. It was reported to Microsoft on August 21st. Microsoft has confirmed the vulnerability. Cybellum's platform discovers...
read more
Fighting Vulnerabilities in 2017: Prioritize Engineering Over Marketing
Cybellum was founded because there's an industry blindspot around vulnerability detection. Software vulnerabilities aren't detected soon enough, assessed for risk well enough, and fixed quickly enough to deal with the rising tide of new threat actors - all of whom are...
read more
DoubleAgent: Taking Full Control Over Your Antivirus
See how Cybellum uses dynamic analysis to detect ulnerabilities in C/C++ closed binaries. Get a free demo. OverviewOur research team has uncovered a new Zero-Day attack for taking full control over major antiviruses and next-generation antiviruses. Instead of hiding...
read more