For years, activists and academics have been raising concerns that facial analysis software that claims to be able to identify a person’s age, gender and emotional state can be biased, unreliable or invasive — and shouldn’t be sold.

Big Tech, Western intelligence and a homegrown army of Ukrainian hackers pull off one of the biggest surprises of the war.

RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.

Since the last quarter of 2020 MuddyWater has mantained a “long-term” infection campaign targeting Middle East countries. We have gathered samples from November 2020 to January 2022, and due to the recent samples found, it seems that this campaign might still be currently active. The latest campaigns of the Muddy Water threat group, allegedly sponsored by the Iranian government and linked to the Iranian revolutionary guard (the main armed forces of the Iranian government), could be framed within the dynamics of maintaining Iran’s regional sovereignty.

Domain names geared to offer illicit goods and services – from illegally purchased guns to opioids to Covid vaccine cards – remain easy to...

Fraudsters who target LinkedIn users in sophisticated investment schemes pose a "significant threat" to the platform, the FBI tells CNBC.

Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine.

Emotet is back in business and it’s revealing some new tricks. Not long ago, Emotet introduced a new module, the Google Chrome’s credit card grabber. More recently, the SMB spreader module has been brought back and is now, once again, part of the infection chain.

Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.

In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by a researcher known as m00nbsd and patched in

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

Lookout Les chercheurs de Threat Lab ont découvert un logiciel de surveillance Android de niveau entreprise utilisé par le gouvernement du Kazakhstan à l'intérieur de ses frontières. D'après notre analyse, le logiciel espion est probablement développé par le fournisseur italien de logiciels espions RCS Lab S.p.A.

Gen. Paul Nakasone's remarks this month about offensive operations against Russia caused a stir. But have people misinterpreted his words?

It is rare that the identities of participants and ringleaders in criminal phishing schemes are uncovered. But in many cases, when untangling the web of a cyber criminal group (particularly with financially motivated e-crime actors), there are enough OSINT breadcrumbs left behind by a threat actor, on forums, in code, or elsewhere, to point investigators in the right direction.

MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.

Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to perform specific steps of a multiphase attack)

Attacker targets bugs in a popular web application graphical interface development tool.

We examined the password policies of 120 of the most popular English-language websites in the world.

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

La nuova funzione implementata ieri da BlackCat, esporrà le vittime colpite anche su Internet, con una diffusione più massiccia e pubblica dei dati rubati, con nome di dominio autentico intestato alla vittima stessa

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group,…

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.

Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication

A group of academic researchers from the University of Hamburg in Germany has discovered that mobile devices leak identifying information about their owners via Wi-Fi probe requests.

Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.

The IRAY A8Z3 thermal camera for industrial application, manufactured by Infiray/IRay Technologies is affected by multiple vulnerabilities.

The Lyceum APT group is targeting Middle East organizations with DNS hijacking attack using a new .NET-based malware.