Port 22

Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
June 18, 2019

If you use the Firefox web browser, you need to update it right now.

Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.

Discovered and reported by Samuel Gro, a cybersecurity researcher at Google Project Zero, the vulnerability could allow

Mobile Cyberespionage Campaign Bouncing Golf Affects Middle East
June 18, 2019

We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign Bouncing Golf based on the malwares code in the package named golf. The malware involved, which Trend Micro detects as AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are embedded in apps that the operators repackaged from legitimate applications. Monitoring the command and control (C&C) servers used by Bouncing Golf, weve so far observed more than 660 Android devices infected with GolfSpy. Much of the information being stolen appear to be military-related.

The campaigns attack vector is also interesting. These repackaged, malware-laden apps are neither on Google Play nor popular third-party app marketplaces, and we only saw the website hosting the malicious apps being promoted on social media when we followed GolfSpys trail. We were also able to analyze some GolfSpy samples sourced from the Trend Micro mobile app reputation service.

The post Mobile Cyberespionage Campaign Bouncing Golf Affects Middle East appeared first on .

Plurox: Modular backdoor
June 18, 2019

The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. Whats more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins.

5 Keys to Improve Your Cybersecurity
June 18, 2019

Cybersecurity isn’t easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy.

However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to

GandCrab Ransomware Decryption Tool [All Versions] Recover Files for Free
June 18, 2019

Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.

GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018.

Created by

Data, Surveillance, and the AI Arms Race
June 17, 2019

According to foreign policy experts and the defense establishment, the United States is caught in an artificial intelligence arms race with China – one with serious implications for national security. The conventional version of this story suggests that the United States is at a disadvantage because of self-imposed restraints on the collection of data and the privacy of its citizens,…

Friday Squid Blogging: Climate Change Could be Good for Squid
June 14, 2019

Basically, they thrive in a high CO2 environment, because it doesn’t bother them and makes their prey weaker. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here….

Upcoming Speaking Engagements
June 14, 2019

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at Oxford University on Monday, June 17, 2019. The list is maintained on this page….

Computers and Video Surveillance
June 14, 2019

It used to be that surveillance cameras were passive. Maybe they just recorded, and no one looked at the video unless they needed to. Maybe a bored guard watched a dozen different screens, scanning for something interesting. In either case, the video was only stored for a few days because storage was expensive. Increasingly, none of that is true. Recent…

AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
June 14, 2019

By David Fiser, Jakub Urbanec and Jaromir Horejsi Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API…

The post AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs appeared first on .

Video Surveillance by Computer
June 14, 2019

The ACLU’s Jay Stanley has just published a fantastic report: “The Dawn of Robot Surveillance” (blog post here) Basically, it lays out a future of ubiquitous video cameras watched by increasingly sophisticated video analytics software, and discusses the potential harms to society. I’m not going to excerpt a piece, because you really need to read the whole thing….

Page 1 of 82 Older Posts →