Latest Entries »

Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already- placed malware. View full article »

The year 2017 was an inflection point in the vulnerability landscape. The number of new vulnerabilities reported that year was around 14,000, which is over twice the number from the year before (see table below). The probable reason for this is the increased popularity of automatic vulnerability finding tools, also known as “fuzzers”. View full article »

This document provides a quick overview of the guts of American Fuzzy Lop. See README for the general instruction manual; and for a discussion of motivations and design goals behind AFL, see historical_notes.txt. View full article »

Our Persistent Advanced Monitoring system    identified, on 12 and 12/12, publications by Brazilian hacker  Ergo Hacker  ( Pryzraky )  and by the ASG Team , releasing, respectively, data leakage from Faculdade Favani (ES) and the municipality of Casinha / PE . View full article »

Our Persistent Advanced Monitoring system has   identified a sequence of publications by Israeli hacker ZHacker , disclosing evidence of invasion and data leakage of the EuroPalestine NGO . View full article »

Our Persistent Advanced Monitoring system   identified a new publication (12/13) on the Ghostbin text-sharing site containing data from the Military Police of Piauí(PM / PI). View full article »

Magellan is a remote code execution vulnerability discovered by Tencent Blade Team that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing Chromium was also affected by this vulnerability, Google has confirmed and fixed this vulnerability. We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible.

View full article »

I wanted to rebind a button on my logitech mouse on Windows, apparently that requires installing 149MB application called “Logitech Options”: View full article »

Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos. We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018. View full article »

As alluded to in our previous blog regarding the Cannon tool, the Sofacy group (AKA Fancy Bear, APT28, STRONTIUM, Pawn Storm, Sednit) has persistently attacked various government and private organizations around the world from mid-October 2018 through mid-November 2018. The majority of targets were NATO-aligned nation states, although several former USSR nation states were also targeted. The attacks primarily deployed variants of the Zebrocy tool, which we have previously analyzed. View full article »