Il calcolo è dell'Agenzia comunitaria per la sicurezza informatica. Gli effetti sono moderati ma attenzione sempre più alta sulla supply chain. Al via un indice sulle difese cibernetiche degli Stati dell'Unione

Symbiote is a new Linux malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.

Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system

Critics say the government isn’t doing enough to inform the public about such secretive surveillance.

With the "Follina" / CVE-2022-30190 0day still hot, i.e., still waiting for an official fix while apparently already getting exploited by nation-backed attackers, another related unfixed vulnerability in Microsoft's Diagnostic Tool (MSDT) bubbled to the surface. In January 2020, security researcher Imre Rad published an article titled "The trouble with Microsoft’s Troubleshooters," describing a method for having a malicious executable file being saved to user's Startup folder, where it would subsequently get executed upon user's next login. What the user has to do for this to happen is open a "diagcab" file...

The Justice Department, IRS and FBI seized and shut down a popular marketplace used by cybercriminals to buy stolen Social Security numbers and other sensitive personal information. The SSNDOB Marketplace – which the DOJ said generated more than $19 million in sales revenue – was shut down in coordination with law enforcement agencies in Cyprus and Latvia. Seizure orders were executed against several domains associated with SSNDOB including ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz.

The broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine on Sunday was interrupted in Ukraine by a cyberattack that targeted OLL.TV...

Don’t let cyber threats get the best of you. Read our post, SVCReady: A New Loader Gets Ready, to learn more about cyber threats and cyber security.

Deepfakes will make financial fraud easier.

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.

In Ukraine, civilians are valiantly assisting the army via apps—and challenging a tenet of international law in the process.

German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies.

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

XVigil discovered a financially motivated threat actor group, dubbed Eternity group, actively operating on the internet, selling worms, stealers, DDoS tools, and ransomware builders.

Anonymous has struck Russia again by leaking 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law).

At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.

KYIV, Ukraine (AP) — On Ukraine’s battlefields , the simple act of powering up a cellphone can beckon a rain of deathly skyfall. Artillery radar and remote controls for unmanned aerial vehicles may also invite fiery shrapnel showers.

Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk

Les autorités russes vont relâcher les membres du gang de cybercriminels Revil, et même les embaucher pour leur propre compte. Stéphane Duguin, directeur du CyberPeace Institute de Genève, commente ce rebondissement

We recently began scanning for middlebox devices that are vulnerable to Middlebox TCP reflection, which can be abused for DDoS amplification attacks.  Our results are now shared daily, filtered for your network or constituency in the new Vulnerable DDoS Middlebox report. We uncover over 18,800,000 IPv4 addresses responding to our Middlebox probes. In some cases the amplification rates can exceed 10,000!

We have recently began scanning for  accessible MySQL server instances on port 3306/TCP.  These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide.

In an exclusive interview with Sky News, General Paul Nakasone confirmed for the first time that the US had "conducted a series of operations" in response to Russia's invasion of Ukraine.

FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advan…

This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3).  The investigation is ongoing to identify the individuals behind this global malware campaign.  Here is how FluBot worked  First spotted...

In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how XLoader emerged in the Darknet community to fill the empty niche after Formbook sales were abruptly stopped by its author. We did a deep technical analysis followed by a description of XLoader for macOS along with common points and differences in how both malware families conceal the heart of the whole operation, the Command-and-Control (C&C) infrastructure. However, the world does not stand still, and this applies to the malware cyber-world as well.

Premier, politici d’opposizione, giornalisti europei sono stati presi di mira da spyware governativi. Uno scandalo senza precedenti su cui ora indaga una commissione d’inchiesta. Ma non avrà vita facile.

The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition. The ICO has also issued an enforcement notice, ordering the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet, and to delete the data of UK residents from its systems.

Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...

May 2022 Investigative Report Release: Nisos analysts determined that Fronton is a system developed for coordinated inauthentic behavior on a massive scale. Read more. [document](https://6068438.fs1.hubspotusercontent-na1.net/hubfs/6068438/fronton-report.pdf)

Des chercheurs se sont penchés sur ce qui se cachait sous le capot des AirTags et ont voulu voir ce qu'il était possible de faire en bidouillant la petite balise connectée. Ils ont découvert quelques grosses faiblesses qu'Apple aura bien du mal à corriger, sauf en revoyant en profondeur son appareil. Leur compte rendu révèle que l'accessoire est sensible à une attaque par