Archive for August, 2017


Not known if any malicious software was secreted onto EirGrid’s control systems

Continue reading

This year at Black Hat I’m presenting some short work on breaking electronic door locks. This talk focuses on one particular residential door lock. There was a bit of a flaw in the design, where the front panel/keypad can be removed from the outside. Continue reading

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.

Continue reading

Mamba was among the first samples of ransomware that encrypted hard drives rather than files that was detected in public attacks, primarily against organizations in Braziland in a high-profile incursion against the San Francisco Municipal Transportation Agency last November. Continue reading

Even though Deep Neural Networks (DNNs) have been
applied with great success in a variety of areas ranging
from speech processing [7] to medical diagnostics [4], recent
work has demonstrated that they are vulnerable to adversarial
perturbations [3], [6], [8], [10], [11], [17], [18], [21]. Such
maliciously crafted changes to the input of DNNs cause them
to misbehave in unexpected and potentially dangerous ways. Continue reading

Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on the infected host. Talos has named this malware KONNI.  Continue reading

Nissan car logo

A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models. Continue reading

fireeye logo

An anonymous post on Pastebin says more leaks are possible, tagging the incident operation #LeakTheAnalyst

Continue reading