Trick Bot – Dyreza’s successor
2016-10-26
Recently, our analyst Jérôme Segura captured an interesting payload in the wild. It turned out to be a new bot, that, at the moment of the analysis, hadn’t been described yet.Read More →
Cellebrite digital forensics tools leaked online by a reseller
2016-10-26
The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions. Do you know Cellebrite? It is an IsraeliRead More →
Middle Eastern hackers are using this phishing technique to infect political targets with Trojan malware
2016-10-26
‘Moonlight’ group is likely to be involved in cyberespionage, warns Vectra Networks. A hacking group is conducting cyberespionage against targets in the Middle East by duping politicians, activists and staffRead More →
Joomla! readies patch for core vulnerability so critical it isn’t talking
2016-10-26
Patch to drop 1400 UTC, Tuesday. And the haste of its release suggests this is scary. The world’s second-favourite content management system, Joomla!, is warning of a critical security holeRead More →
Nuclear plants leak critical alerts in unencrypted pager messages
2016-10-26
A surprising number of critical infrastructure participants do, too, study finds. A surprisingly large number of critical infrastructure participants—including chemical manufacturers, nuclear and electric plants, defense contractors, building operators andRead More →
Hacking Mac With EmPyre
2016-10-25
I am the stereotypical Apple fan boy that other bloggers write about. We have MacBook Pro’s, Air’s, Apple TV’s, iPhone’s and iPad’s and even subscribe to Apple Music. You literally couldn’tRead More →
Capturing Packets in Linux at a Speed of Millions of Packets per Second without Using Third Party Libraries
2016-10-25
My article will tell you how to accept 10 million packets per second without using such libraries as Netmap, PF_RING, DPDK and other. We are going to do this withRead More →
It’s nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad
2016-10-25
Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV. Miscreants who exploit theseRead More →
Android phones rooted by “most serious” Linux escalation bug ever
2016-10-25
New rooting technique is believed to work against every version. There’s a new method for rooting Android devices that’s believed to work reliably on every version of the mobile operating systemRead More →
Locky Ransomware’s new .SHIT Extension shows that you can’t Polish a Turd
2016-10-25
To further show how ransomware is such a pile of crap, a new version of Locky has been released that appends the .shit extension on encrypted files. Like previous variants, this ransomware is installed usingRead More →
Chinese tech giant recalls webcams used in Dyn cyberattack
2016-10-24
A number of the company’s US-sold products were used in the attack, which prevented millions of users from accessing dozens of high-profile websites. A Chinese manufacturer of internet-connected surveillance camerasRead More →
Cracking of Sphinx Trojan DGA Opens the Door for Botnet Takedown
2016-10-24
This post takes a quick look at Sphinx’s domain generation algorithm (DGA). Sphinx,another Zeus-based banking trojan variant, has been around circa August 2015. The DGA domains are used as aRead More →
24 hours in the life of my home router by Francisco J. Rodriguez
2016-10-24
Recently a massive DDoS attack has disconnected a large portion of users from the Internet, hackers exploited IoT devices. Is your router secure? “Are we ready to live in a worldRead More →
Using Rowhammer bitflips to root Android phones is now a thing
2016-10-24
Permission-less apps take only seconds to root phones from LG, Samsung and Motorola. Researchers have devised an attack that gains unfettered “root” access to a large number of Android phones, exploitingRead More →
InTheCyber discovered a serious flaw in messaging systems
2016-10-24
Researchers at InTheCyber firm have discovered a new easy exploitable and dangerous vulnerability affecting messaging systems. InTheCyber – Intelligence & Defense Advisors (www.inthecyber.com), a leader in offensive & Defensive Cyber Security,Read More →
DDoS attack Friday hits Twitter, Reddit, Spotify and others
2016-10-22
The East Coast was under siege on Friday morning from a large-scale distributed denial of service (DDoS) attack that brought down more than a dozen prominent websites, including Twitter, Spotify,Read More →
Chinese hackers targeted US aircraft carrier
2016-10-22
Cyber security group says attack launched against visitors to vessel in South China Sea. Chinese hackers targeted foreign government personnel who visited a US aircraft carrier the day before aRead More →
DYN CONFIRMS DDOS ATTACK AFFECTING TWITTER, GITHUB, MANY OTHERS
2016-10-22
Update DNS provider Dyn has confirmed two massive distributed denial of service attacks against its servers Friday impacting many of its customers including Twitter, Spotify and GitHub. The attacks came inRead More →
FakeFile Trojan Opens Backdoors on Linux Computers, Except openSUSE
2016-10-22
Trojan targets desktops, not servers or IoT devices. Malware authors are taking aim at Linux computers, more precisely desktops and not servers, with a new trojan named FakeFile, currently distributed inRead More →
Hack This: An Overdue Python Primer
2016-10-21
In writing the most recent Hack This (“Scrape the Web with Beautiful Soup”) I again found myself trapped between the competing causes of blog-brevity and making sure everything is totallyRead More →
