vyagers

On March 25, Kim Zetter published an astonishing story describing a supply-chain attack against ASUS which was run between June and November 2018. The ASUS Live Update software was backdoored in order to attack a very specific group of targets. The campaign, named ShadowHammer, was discovered and investigated by Kaspersky Lab, which will present the full details during SAS2019. Continue reading →

Reverse engineer and document the Operation ShadowHammer malware and its shellcode in-depth as it was originally discovered and reported by Kaspersky Labs. Continue reading →

And then there was ShadowHammer, the supply chain attack on the ASUS Live Update Utility between June and November 2018, which was discovered by Kaspersky earlier this year, and made public a few days ago. Continue reading →

During the last weeks, Yoroi’s monitoring operation intercepted some malicious emails required further attention: they were sent to a very few organizations and the contents was specifically tailored for Italian speaking targets. This messages warned the users about imminent summons against them, inviting them to read the attached lawsuit, a not so innocent looking file named “Avviso del tribunale.jar”. Continue reading →

Magento Commerce and Open Source 2.3.1, 2.2.8 and 2.1.17 contain multiple security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities. Continue reading →

NAGOYA – Toyota Motor Corp. said Friday that data on roughly 3 million customers was stolen from its sales companies’ computer systems in Tokyo following a hacking attack. Continue reading →

After a security incident in February at its Australian subsidiary, Toyota Motor Corp. has suffered its second security breach in the last five weeks, with today’s breach announced by the company’s main offices in Japan. Continue reading →

For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you’d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn’t exist. As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Continue reading →

The Internet Crime Complaint Center (IC3) has received multiple complaints from victims who were contacted via phone, text or other chat application by individuals speaking a Chinese dialect and claiming to be from the Chinese embassy or consulate. Other victims reported being contacted by individuals claiming to be from a shipping company stating there is a package waiting for the victim at the Chinese embassy. The phone calls are frequently spoofed¹ in order to appear from a legitimate source. Continue reading →

Continue reading →