Recorded Future

PoC exploit for critical Apache Struts flaw found online

August 27, 2018

The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged …

Dragos to integrate ICS-specific threat intelligence with cyber intelligence partners

August 10, 2018

Dragos announced that its industrial control system (ICS) threat intelligence product, WorldView, will integrate with partner companies, ThreatConnect, Recorded Future, …

Counterfeit digital certificates for sale on underground forums

February 23, 2018

Signing malicious code with valid digital certificates is a helpful trick used by attackers to maximize the odds that malware won’t be flagged by antivirus solutions and …

Telegram-based Katyusha SQL injection scanner sold on hacker forums

July 12, 2017

Despite regularly achieving one of the top spots on the OWASP Top 10 list of the most critical web application security risks, injection vulnerabilities continue to plague …

For timely vulnerability information, unofficial sources are a better bet

June 7, 2017

From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST’s centralized …

Malware Hunter: Find C&C servers for botnets

May 3, 2017

Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan …

Hacker breached 60+ unis, govt agencies via SQL injection

February 16, 2017

A hacker tied to the November 2016 penetration of the US Election Assistance Commission and subsequent database sale has successfully targeted 60+ government agencies and …