Talos have observed a large uptick in the Zepto ransomware and have identified a method of distribution for the Zepto ransomware, Spam Email. Locky/Zepto continue to be well known ransomwareRead More →
It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam traps with a suspicious document file attachment. Notice how poor theRead More →
Is it a bug or is it a backdoor? Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If theRead More →
The Federal Investigation Agency in Pakistan is investigating a Chinese organization that is specialized in attacking ATM machines by using skimmer devices. A few days ago I reported the storyRead More →
Threat actors are known to switch targeted geographies from time to time, and it appears that a number have set their sights on Canada within a short time-frame. In theRead More →
Company also doesn’t support encryption backdoors. Via a statement from Steve Grobman, Chief Technology Officer for Intel Security, Intel has denied claims made by hardware security expert Damien Zammit, who detailedRead More →
When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the trafficRead More →
Before discovering my latest Magento RCE, I’ve found two different vulnerabilities, both resulting in the complete compromise of customer data and/or the server. As they are far less complicated, I’mRead More →
Unlike Apple’s iOS, Android is vulnerable to several key-extraction techniques. Privacy advocates take note: Android’s full-disk encryption just got dramatically easier to defeat on devices that use chips from semiconductor makerRead More →
The two zero-days were fixed in the summer of 2015.Project Zero researchers revealed this week that they helped Microsoft patch 16 security issues relating to how font processing operations areRead More →
