The lone Nigerian guy is responsible for an attack against at least 4000 gas, oil, banking, infrastructure organizations using phishing and NetWire trojan for remote access.
Alert Logic published report about the cloud security. Public cloud is generally more secure than private and on-premises networks. Attack vectors are the same as for most online applications - mostly SQL injection, remote code execution against the web applications.
Oxford University researchers published so called intra-library collusion (ILC) attack against the Android devices. From the research paper: "(intra-library collusion attack) occurs when a single library embedded in more than one app on a device leverages the combined set of permissions available to it to pilfer sensitive user data".
Four remotely exploitable vulnerabilities were identified in Siemens’ Molecular Imaging products running Microsoft Windows 7 operating system.
A recent phishing campaign that is distributing Trickbot is using extremely plausible imitations of financial institutions and government sites.
WikiLeaks has published CIA tool CouchPotato that allows operators to remotely spy on video streams in real-time.
A new version of the Svpeng Android banking trojan is able to record everything users type on their devices. Crazy stuff.
Great blog by Kaspersky Lab about the steganography techniques used by malware for data exfiltration, covert communication.
Software researcher from Trail of Bits put Windows Defender to the sandbox.
Proofpoint researchers found a spear phishing campaign delivering Carbanak malware to the U.S. restaurant chains.
How to completely take over the ones online identity? This guy demonstrated that practically.
Airbnb released the open-source serverless framework for detecting malicious files called BinaryAlert. It uses YARA rules, and takes advantage of AWS Lambda functions for analysis instead of a traditional server architecture. Also uses Terraform to manage underlying infrastructure. Interesting project.
TrickBot malware added worm-like SMB spreading module popularized by WannaCry, Petya samples.
Analysis of the Juniper ScreenOS randomness subsystem backdoor Dual EC backdoor. Complex, Fascinating stuff.
From the research paper: "The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator"
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
Cisco CSIRT has released GOSINT, open source threat intelligence gathering and processing framework.
A generic unpacker for packed Android applications released by the Check Point researchers.
NSA's XKeyscore spying tool is used to fish Microsoft Windows crash reports out of the Internet traffic. They have used it against the Mexico's Secretariat of Public Security.
Researchers from the Exodus Intelligence wrote remote exploit against the Android and iOS operating system, using Broadcom’s Wi-Fi chipset bug.
"Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit."
Great blog about chaining 4 vulnerabilities on the GitHub Enterprise in order to achieve remote code execution!
Trend Micro researchers analyzed infection chain used by JS_POWMET fileless malware.
Researchers used antivirus cloud-based sandbox to exfiltrate data from the endpoint.
The Google team has blocked a new "Lipizzan" Android spyware family from the Google Play.
Microsoft won't patch a 20 years old SMBv1 SMBloris memory handling bug, that could be exploited by attackers to execute a Denial of Service attack on a web servers.
Private notes application Standard Notes got a cryptography audit.
Framework for Testing WAFs (FTW) is a project created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF.
Microsoft has analyzed EnglishmansDentist exploit used against the Exchange 2003 mail servers on the out-dated Windows Server 2003 OS. Exploit was released by ShadowBrokers back in April 2017.
ESET researchers have analyzed a Stantinko botnet consisting of almost half a million machines used for ad-related fraud. It uses malicious Chrome extensions, but also creating and managing Facebook profiles and brute-forcing Joomla and WordPress websites.
A buffer overflow in the Source SDK in Valve's Source SDK allows an attacker to remotely execute code on a user's computer machine.
Secure messaging application Wire is now supporting end-to-end encrypted chats, file sharing and calls to businesses. But it's paid feature.
Briar, a secure messaging app for Android, was released for a public beta testing. It's using Tor, or P2P direct messaging over Wifi, Bluetooth. Very interesting project.
D. J. Bernstein has published blog about the secure key material erasure: "2017.07.23: Fast-key-erasure random-number generators"
Google Project Zero analyzed the security properties of the two major Trusted Execution Environment present on Android devices - Qualcomm’s QSEE and Trustonic’s Kinibi.
Prowler is a tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark.
Hardentools is a utility that disables a number of risky Windows "features" exposed by Windows operating system.
Porn spam botnet consisting of more than 80,000 automated female Twitter accounts has been prompting millions of clicks from Twitter users to the various affiliate dating schemes (known as "partnerka").
Two malware families, NemucodAES ransomware and Kovter trojan are being distributed via email, pretending to be a delivery notice from the United Parcel Service.
Reyptson ransomware is using victim’s configured Thunderbird email account to execute spam distribution campaign against its contacts.
Android spyware targeting Iranians is using Telegram bot API to exfiltrate data to the remote server.
Trustwave SpiderLabs researchers discovered a zero-day vulnerability in Humax HG-100R WiFi Router, that could be exploited by attackers to compromise the WiFi credentials and obtain the router console administrative password.
Proofpoint analyzed Ovidiy Stealer, undocumented credential stealer, which is sold on the Russian-speaking forums.
Guido Vranken fuzzed FreeRADIUS source code and found 15 issues, four exploitable, and one of which is a remote code execution bug (RCE). Compile and upgrade now.
Humble Bundle is selling for next 12 days a lots of DRM-free cybersecurity books very cheaply.
WireGuard, fast, modern, secure VPN tunnel is now formally verified with the Tamarin equational theorem prover. Really powerful software.
Interesting USENIX paper on the security (and analysis) of bootloaders in mobile devices:
BootStomp: On the Security of Bootloaders in Mobile Devices
PyREBox is a Python scriptable Reverse Engineering sandbox developed by Cisco Talos. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.
WikiLeaks has published documents detailing two alleged CIA implants, BothanSpy and Gyrfalcon, designed to steal SSH credentials from Windows and Linux.
Popular article about the background of iPhone Jailbreaking. Really interesting.
Domains for an authoritative name servers of .io domain was free, so guy registered one, and published blog about the possibility of .io domains takeover.
The author of the original variant of the Petya ransomware has published the master key via Twitter.
Security researcher Nitay Artenstein has discovered a serious Broadcom Wi-Fi chip bug CVE-2017-9417.
Chinese researchers published an attack on a satellite phone encryption that enable them to decrypt communication encrypted by GMR-2 cipher in real-time.
API Security Checklist is the checklist of the most important security countermeasures when designing, testing, and releasing an online API.
Horcrux: A Password Manager for Paranoids is an research project and experimental implementation of a highly secure password manager. Credentials are secretshared over multiple servers, the passwords are filled by modifying outgoing POST requests.
The ExPetr/Petya ransomware which hits the Ukraine last week is actually a disk wiper. Victims are not able to decrypt their data, as the encryption key is not stored anywhere.
Blog with details about the remotely triggerable stack-based buffer overflow found in Avast Antivirus software last year.
Linux Systemd gives root privileges to usernames started with number.
WikiLeaks published a manual describing "OutlawCountry" Linux malware which redirects outgoing Internet traffic using netfilter, iptables. The second published is ELSA, a geo-location malware for WiFi-enabled devices running the Microsoft Windows operating system.
Security researcher Benjamin Kunz-Mejri discovered a Skype (7.2, 7.35, and 7.36) zero-day remote buffer overflow vulnerability CVE-2017-9948.
Great blog post about the problems of a certificate revocation, alternative solutions and how to do it better.
Blog about the novel reflective DLL injection technique called ThreadContinue which uses SetThreadContext() and NtContinue() API calls.
Ukrainian critical infrastructure, including banks, Kyiv’s metro system, the airport and the Chernobyl's radiation monitoring system, was hit by the worldwide malware campaign.
The attack is believed to be a new campaign by the group behind Petya ransomware. It takes advantage of the known SMB exploit (EternalBlue), and is spreading fast to the other countries.
Indian ATMs running outdated Windows XP are suffering jackpotting attack by the Rufus ATM malware.
Analysis of a new Marcher Android banking trojan variant which is posing as Adobe Flash Player Update.
The Russian government is threatening to ban Telegram messenger because it refused to be compliant with the data protection laws.
Bug hunter from Google, Tavis Ormandy, has found yet another serious vulnerability in the Microsoft's Malware Protection Engine.
The Hardware Forensic Database (HFDB) is a project of CERT-UBIK aiming at providing a collaborative knowledge base related to IoT Forensic methodologies and tools.
Good summary of the most common memory based attacker techniques such as shellcode injection, reflective DLL injection or process hollowing.
Erebus ransomware distributed by the malicious advertisement campaign is using Rig exploit kit to infect Linux servers across the world.
Some companies had to pay already.
FireEye published anatomy of a cyber extortion scheme executed by FIN10 group. They infiltrate company networks, steal valuable data, then attempt to extort executives and board members of a company.
Researchers changed e-cigarette USB compatible charger for a keyboard emulator, so it can issue commands when connected to the PC.
Wired has published an article about the malware behind the Ukraine power grid blackout.
A lottery computer programmer designed his code so that on three days of the year, he could predict winning numbers in some games.
Part of the Wikileaks Vault 7 release, Cherry Blossom, exposes CIA wireless hacking toolkit.
Cisco Talos has published BASS - Automated Signature Synthesizer for malware detection.
Some (AVG, Avast, Avira, CheckPoint, K7) antivirus software‘s kernel vulnerabilities found by the bee13oy security researcher.
Turla malware is communicating with the C&C infrastructure by leaving comments in Britney Spears's Instagram account.
The gang behind Platinum threat is using Intel Active Management technology Serial-over-LAN channel to bypass the software firewall when transferring files, due to operating system independence of this low level technology.
Montenegro is continuously targeted by cyber attacks attributed to the APT28 group as a part of a broader influence campaign.
MacSpy malware-as-a-service is a feature rich RAT targeting OS X operating system.
IBM researchers analyzed QakBot banking trojan responsible for "lock out" of the hundreds of Active Directory users.
A Linux malware is installing cryptocurrency mining software on Raspberry Pi via SSH. It's using only default SSH user & passphrase.
The GNU Privacy Guard (GnuPG) developers start new fundraising effort for the continued development of this well known encryption software.
If you want to know more about the capabilities of GnuPG, check the linked "An Advanced Intro to GnuPG" presentation from the last year.