Latest Entries »

Check Point’s mobile threat research team identified a new variant of an Android malware that sends fraudulent premium SMS messages and charges users’ accounts for fake services without their knowledge. According to Google Play data, the malware infected at least 50 apps and was downloaded between 1 million and 4.2 million times before the affected apps were removed. View full article »

List of unsecured devices lived in obscurity since June. Now, it’s going mainstream.

View full article »

Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver. View full article »

Yesterday some Internet users would have seen issues with their Internet connectivity, experiencing slowness or parts of the Internet as unreachable. This incident hit users in Japan particularly hard and it caused the Internal Affairs and Communications Ministry of Japan to start an investigation into what caused the large-scale internet disruption that slowed or blocked access to websites and online services for dozens of Japanese companies. View full article »

Proofpoint recently observed a targeted email campaign attempting a spearphishing attack using a Game of Thrones lure. The malicious attachment, which offered salacious spoilers and video clips, attempted to install a “9002” remote access Trojan (RAT) historically used by state-sponsored actors. Previous attacks involving the 9002 RAT include: View full article »

SARAHAH, A NEW APP that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google’s online stores, making it the No. 3 most downloaded free software title for iPhones and iPads. View full article »

Not known if any malicious software was secreted onto EirGrid’s control systems

View full article »

This year at Black Hat I’m presenting some short work on breaking electronic door locks. This talk focuses on one particular residential door lock. There was a bit of a flaw in the design, where the front panel/keypad can be removed from the outside. View full article »

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.

View full article »

Mamba was among the first samples of ransomware that encrypted hard drives rather than files that was detected in public attacks, primarily against organizations in Braziland in a high-profile incursion against the San Francisco Municipal Transportation Agency last November. View full article »