Latest Entries »

Not known if any malicious software was secreted onto EirGrid’s control systems

View full article »

This year at Black Hat I’m presenting some short work on breaking electronic door locks. This talk focuses on one particular residential door lock. There was a bit of a flaw in the design, where the front panel/keypad can be removed from the outside. View full article »

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.

View full article »

Mamba was among the first samples of ransomware that encrypted hard drives rather than files that was detected in public attacks, primarily against organizations in Braziland in a high-profile incursion against the San Francisco Municipal Transportation Agency last November. View full article »

Even though Deep Neural Networks (DNNs) have been
applied with great success in a variety of areas ranging
from speech processing [7] to medical diagnostics [4], recent
work has demonstrated that they are vulnerable to adversarial
perturbations [3], [6], [8], [10], [11], [17], [18], [21]. Such
maliciously crafted changes to the input of DNNs cause them
to misbehave in unexpected and potentially dangerous ways. View full article »

Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on the infected host. Talos has named this malware KONNI.  View full article »

Nissan car logo

A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models. View full article »

fireeye logo

An anonymous post on Pastebin says more leaks are possible, tagging the incident operation #LeakTheAnalyst

View full article »

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector. View full article »

The Debian project is pleased to announce the first update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. View full article »