Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware
Latest offensive cyber group to switch to atypical programming for payloads
Research11 Dec 2023 | 10
Research
Two years on, 1 in 4 apps still vulnerable to Log4Shell
Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time
Research11 Dec 2023 | 11
Exposed Hugging Face API tokens offered full access to Meta's Llama 2
Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML
Research04 Dec 2023 | 6
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images
Exploits bypass most secure boot solutions from the biggest chip vendors
Research01 Dec 2023 | 33
Weak session keys let snoops take a byte out of your Bluetooth traffic
BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets
Research30 Nov 2023 | 12
How to give Windows Hello the finger and login as someone on their stolen laptop
Not that we're encouraging anyone to defeat this fingerprint authentication
Research22 Nov 2023 | 90
BlackCat plays with malvertising traps to lure corporate victims
Updated Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware
Research16 Nov 2023 | 1
Google Workspace weaknesses allow plaintext password theft
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here
Research15 Nov 2023 | 2
Ransomware more efficient than ever, and baddies are still after your logs
Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean
Research15 Nov 2023 | 3
AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling
Let's do the CacheWarp again
Research14 Nov 2023 | 7
Passive SSH server private key compromise is real ... for some vulnerable gear
OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out
Research14 Nov 2023 | 12
Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims
Billions of data-leaking processors sold despite warnings and patch just made them slower, punters complain
Research09 Nov 2023 | 29
Fresh find shines new light on North Korea’s latest macOS malware
Months of work reveals how this tricky malware family targets... the financial services sector
Research07 Nov 2023 | 4
Cybercrooks amp up attacks via macro-enabled XLL files
Neither Excel nor PowerPoint safe as baddies continue to find ways around protections
Research01 Nov 2023 | 6
Cryptojackers steal AWS credentials from GitHub in 5 minutes
Researchers just scratching surface of their understanding of campaign dating back to 2020
Research30 Oct 2023 | 3
F5 hurriedly squashes BIG-IP remote code execution bug
Fixes came earlier than scheduled as vulnerability became known to outsiders
Research27 Oct 2023 | 3
Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit
Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence
Research27 Oct 2023 | 1
Side channel attacks take bite out of Apple silicon with iLeakage exploit
Nearly six years on from Spectre and Meltdown, novel method steals passwords, emails, texts
Research26 Oct 2023 | 10
ServiceNow quietly addresses unauthenticated data exposure flaw from 2015
Researcher who publicized issue brands company’s communication 'appalling'
Research26 Oct 2023 | 3
British boffins say aircraft could fly on trash, cutting pollution debt by 80%
Domestic jets can use 'municipal solid waste' to fly the friendly skies
Research17 Oct 2023 | 115
BLOODALCHEMY provides backdoor to southeast Asian nations' secrets
Sophisticated malware devs believed to be behind latest addition to toolset of China-aligned attackers
Research16 Oct 2023 | 1
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit
Two years on and Microsoft refuses to address the issue
Research13 Oct 2023 | 11
Squid games: 35 security holes still unpatched in proxy after 2 years, now public
We'd like to say don't panic … but maybe?
Research13 Oct 2023 | 10
Everest cybercriminals offer corporate insiders cold, hard cash for remote access
The ransomware gang changes identities more than Jason Bourne
Research12 Oct 2023 | 9
Mirai reloads exploit arsenal as botnet embarks on another expansion drive
With 13 new payloads it's the biggest update to the botnet in months
Research10 Oct 2023 |
Researcher bags two-for-one deal on Linux bugs while probing GNOME component
One-click exploit could potentially affect most major distros
Research10 Oct 2023 | 12
Ransomware attacks register record speeds thanks to success of infosec industry
Dwell times drop to hours rather than days for the first time
Research10 Oct 2023 | 3
ROBOT crypto attack on RSA is back as Marvin arrives
More precise timing tests find many implementations vulnerable
Research26 Sep 2023 | 9
Marvell disputes claim Cavium backdoored chips for Uncle Sam
Allegations date back a decade to leaked Snowden docs
Research19 Sep 2023 | 8
Cryptojackers spread their nets to capture more than just EC2
AMBERSQUID operation takes AWS's paths less travelled in search of compute
Research18 Sep 2023 | 3
Probe reveals previously secret Israeli spyware that infects targets via ads
Oh s#!t, Sherlock
Research16 Sep 2023 | 73
Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop
Cut and shut is so last century, now it's copy and clone
Research13 Sep 2023 | 9
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)
Fun technique – but how practical is it?
Research13 Sep 2023 | 20
China caught – again – with its malware in another nation's power grid
'Obtaining a disruptive capability could be one possible motivation behind this surge in attacks'
Research12 Sep 2023 | 20
Microsoft: China stole secret key that unlocked US govt email from crash debug dump
Mistakes were made, lessons learned, stuff now fixed, says Windows maker
Research06 Sep 2023 | 54
Meatbag mishaps more menacing than malware? CISOs think so
Company boards, on the other hand, aren't letting cybersecurity disturb their sleep as much
Research06 Sep 2023 | 6
Kremlin-backed Sandworm strikes Android devices with data-stealing Infamous Chisel
Five Eyes nations warn of hit against Ukrainian military systems
Research31 Aug 2023 | 4
Apple's defense against apps vandalizing other apps still broken, developer claims
Updated Cupertino appears to be blasé about long-standing macOS bug, so coder has blabbed
Research22 Aug 2023 | 17
Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants'
What are these gadgets running, Windows? Ka-boom-tsch
Research11 Aug 2023 | 10
There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack
Especially on Apple gear, uni team says
Research10 Aug 2023 | 25
Stalkerware slinger LetMeSpy shuts down for good after database robbery
If you can't trust a spyware developer with your info, who can you trust?
Research07 Aug 2023 | 4
Old-school hacktivism is back because it never went away
Mysterious Team Bangladesh has carried out 846 attacks since June 2022, mostly DDoS
Research03 Aug 2023 | 7
Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical
Collide+Power vulnerability leaks secrets bit by bit - but could take months or years to learn a useful secret
Research01 Aug 2023 | 4
TETRA radio comms used by emergency heroes easily cracked, say experts
Updated If it looks like a backdoor, walks like a backdoor, maybe it's ... export control
Research24 Jul 2023 | 60
Microsoft puts out Outlook fire, says everything's fine with Teams malware flaw
Redmond's not fixing the latter because it 'relies on social engineering'
Research06 Jul 2023 | 28
RAM-ramming Rowhammer is back – to uniquely fingerprint devices
Just use it sparingly, as it may crash equipment or burn out memory
Black Hat and DEF CON05 Jul 2023 | 30
It's 2023 and memory overwrite bugs are not just a thing, they're still number one
Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list
Research29 Jun 2023 | 71
Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse
Failure to match metadata with packaged files is perfect for supply chain attacks
Research27 Jun 2023 | 12
Microsoft: Russia sent its B team to wipe Ukrainian hard drives
WhisperGate-spreading Cadet Blizzard painted as haphazard but dangerous crew
Research16 Jun 2023 | 10
These Microsoft Office security signatures are 'practically worthless'
Updated Turns out it's easy to forge documents relying on OOXML
Research13 Jun 2023 | 14
Qbot malware adapts to live another day … and another …
Operators stay ahead of defenders with new access methods and C2 infrastructure
Research05 Jun 2023 | 3
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs
Research01 Jun 2023 | 3
Alien versus Predator? No, this Android spyware works together
Phone-hugging code can record calls, read messages, track geolocation, access camera, other snooping
Research27 May 2023 | 8
Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids
Updated For simulation or for real, we don't like the vibes from this CosmicEnergy
Research25 May 2023 | 8
Upstart encryption app walks back privacy claims, pulls from stores after probe
Try not leaving a database full of user info, chats, keys exposed, eh?
Research17 May 2023 | 40
Let white-hat hackers stick a probe in those voting machines, say senators
HAVA go at breaking electronic ballot box security
Research11 May 2023 | 47
DEF CON to set thousands of hackers loose on LLMs
Can't wait to see how these AI models hold up against a weekend of red-teaming by infosec's village people
Research06 May 2023 | 27
How fiends abuse an out-of-date Microsoft Windows driver to infect victims
It's like those TV movies where a spy cuts a wire and the whole building's security goes out
Research24 Apr 2023 | 16
Firmware is on shaky ground – let's see what it's made of
Opinion Old architectures just don't stack up
Research17 Apr 2023 | 69
Another zero-click Apple spyware maker just popped up on the radar again
Pegasus, pssh, you so 2000-and-late
Research12 Apr 2023 | 8
Biting the hand that feeds IT
