Category: tech


Not known if any malicious software was secreted onto EirGrid’s control systems

Continue reading

This year at Black Hat I’m presenting some short work on breaking electronic door locks. This talk focuses on one particular residential door lock. There was a bit of a flaw in the design, where the front panel/keypad can be removed from the outside. Continue reading

Mamba was among the first samples of ransomware that encrypted hard drives rather than files that was detected in public attacks, primarily against organizations in Braziland in a high-profile incursion against the San Francisco Municipal Transportation Agency last November. Continue reading

Even though Deep Neural Networks (DNNs) have been
applied with great success in a variety of areas ranging
from speech processing [7] to medical diagnostics [4], recent
work has demonstrated that they are vulnerable to adversarial
perturbations [3], [6], [8], [10], [11], [17], [18], [21]. Such
maliciously crafted changes to the input of DNNs cause them
to misbehave in unexpected and potentially dangerous ways. Continue reading

Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on the infected host. Talos has named this malware KONNI.  Continue reading

Nissan car logo

A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models. Continue reading

fireeye logo

An anonymous post on Pastebin says more leaks are possible, tagging the incident operation #LeakTheAnalyst

Continue reading

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector. Continue reading

The Debian project is pleased to announce the first update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Continue reading

The Esile targeted attack campaign targeting various countries in the Southeast Asian region has been discussed in the media recently. This campaign – which was referred to by other researchers as Lotus Blossom – is believed to be the work of a nation-state actor due to the nature of the stolen information, which is more valuable to countries than either private companies or cybercriminals. Continue reading