SecurityTrails Blog

7 Popular Attacks That Can Be Detected Using Historical DNS Records
In recent years, cybersecurity has witnessed a remarkable surge in complexity due to the rapidly shifting and perpetually evolving nature of cyber attacks.

Malware Analysis Made Easy: A Review of Recorded Future's Triage Sandbox Platform
In recent years, malware developers have been working diligently to push through the echelons of cybercrime, posing an existential threat to many organizations with every code iteration and novel technique employed.

Safeguarding Your Domain Reputation: Prevent Domain Shadowing Using the SecurityTrails API
In today's ever-evolving digital landscape, cybersecurity is more important than ever. To keep your organization's reputation, network and data safe, staying on top of the latest threats and tools is vital.

How to Perform Threat Hunting Using Passive DNS
Threat hunting is possibly the most complex piece of the cybersecurity puzzle every organization endures, often performed via a bespoke approach with an emphasis on scanning to discover assets and gaps within an organization's security policies.

CVE-2022-42475: Fortinet Pre-authentication Code-execution Vulnerability
Fortinet continues to garner and release information to address a recently-discovered heap-based buffer overflow vulnerability impacting several versions of FortiOS (FOS), the operating system behind an entire series of FortiGate next-generation firewalls and security appliances.

High Severity OpenSSL 3.0.x Vulnerabilities Discovered (CVE-2022-3786 and CVE-2022-3602)
The OpenSSL project team has just announced a security fix targeting two distinct buffer overflow (CVE-2022-3786 and CVE-2022-3602) vulnerabilities impacting versions 3.0.0 to 3.0.6 of the popular open-source cryptographic platform.

October Product Updates: New Rule Reasons, ‘End-of-Life Software’ Risk Rule, and more.
October’s here and with it so many updates from our Attack Surface Intelligence platform. This time around, we’re releasing our new Rules Reasons, New End-of-life Risk Rule, and improvements to Static Assets. Keep reading to learn more.

A Blast from the Past: Revisiting the IIS Tilde Vulnerability
As Internet Information Services (IIS)—the underlying server technology behind scores of Windows-based web applications worldwide—continues to gain market share over rivaling platforms, its security vulnerabilities have not been in short supply.

New Microsoft Exchange Vulnerabilities Discovered: CVE-2022-41082 (RCE) & CVE-2022-41040 (SSRF)
Microsoft is investigating the potential exploitation of not one, but two distinct vulnerabilities impacting the Exchange Server 2013, 2016, and 2019 family of products.

Managing WordPress and WooCommerce Threats With Attack Surface Intelligence
With its theme ability, websites powered by WordPress can be made to look unique—and often can’t be identified as WordPress-powered at first glance. Combined with the ability to use various plugins to extend its usability, it’s become common for WordPress site owners to use it not only for blogging but for other use cases as well, such as eCommerce.