Detecting CVE-2015-1130 on Mac OS X Endpoints

Security researcher Emil Kvarnhammar released details related to his discovery of the latest vulnerability in Mac OS X – CVE-2015-1130 – on his blog today. The vulnerability exists in Apple’s Admin.framework and allows unprivileged users to elevate their privileges to root on any vulnerable system. Mac OS X versions 10.7 through 10.10.2 inclusive are vulnerable […]

Are Rogue Code Signing Keys in Your Environment?

Although this specific example has been exposed as part of a joke, the threat is real – code signing keys are often targeted by advanced attackers.  Keys stolen during other breach operations have been used to sign malicious software. Perhaps this was inevitable – it appears the attackers behind the Sony breach are using stolen code signing keys […]

Detecting CVE-2014-1776: Internet Explorer Zero-Day

Red Canary is actively detecting CVE-2014-1776, the latest “Internet Explorer zero-day,” on the endpoint by leveraging our global network of managed Bit9+Carbon Black sensors. This post provides some insight into how you can do the same. We know this exploit targets Internet Explorer (iexplore.exe), requires VGX.dll be loaded by the targeted iexplore.exe process, and is […]