In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign. The post Zimperium’s Zero-Day Protection Against Water Makara Spear-Phishing Campaign...
In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign. The post Zimperium’s Zero-Day Protection Against Water Makara Spear-Phishing Campaign...
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.
Asset visibility is a critical component of operational technology (OT) cybersecurity. But what exactly is asset visibility, and why is... The post What Is Asset Visibility and Why Does It Matter?...
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers
This article is the result of a collaboration with Josimar. You can find Josimar’s corresponding piece here. One of the world’s most controversial bookmakers takes bets on thousands of amateur...
Learn how Recorded Future improves internal security practices. Phishing simulations, educational campaigns, and interactive training keep employees vigilant and protected.
Attackers are exploiting exposed Docker Remote API servers to deploy a new malware strain named "perfctl." This malware is designed to mine cryptocurrency and can evade detection by disabling...
This blog post provides a chronological overview of the observed ClickFix campaigns. We further share technical details about a ClickFix cluster that uses fake Google Meet video conference pages...
All untrusted code in Chrome, especially JavaScript on websites and within browser extensions, runs in a Sandbox. Practically, this means that the code is limited to the set of APIs instead of...
The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year
Zimperium researchers analyze Necro.N and focuses on the differences and elements. The post The Mobile Malware Chronicles: Necro.N – Volume 101 appeared first on Zimperium.
On 2024-10-18, a research was reported, involving , gaining initial access via API vulnerability, to achieve Resp. disclosure.
The Cosmos blockchain is a popular AppChain SDK used by various blockchains like Osmosis. The main feature developer for the SDK is the Interchain Foundation. In the past 3 years, the Liquid...
On Thursday, the Israel Defense Forces (IDF) announced the death of Hamas leader Yahya Sinwar during an operation in southern Gaza. As part of its announcement, the IDF’s media channel on Telegram...
I have a strange, unique, and fascinating job at Dragos. For the last 6 years, I have served as a... The post The Shifting Landscape of OT Incident Response first appeared on Dragos.
New tools aim at phone snatchers, snooping kids or partners, and cell hijackers.
A lot of emphasis and focus is put on the investigative part of SOC work, with the documentation and less glamorous side of things brushed under the rug. One such […] The post Clear, Concise, and...
This technical research analyzes Cronus Ransomware. We examine how the ransomware encrypts files, establishes persistence, and deviates from other ransom notes.
This blog post is based on “IcePeony with the ‘996’ work culture” that we presented at VB2024. We are grateful to Virus Bulletin for giving us the opportunity to present....
We are now at a point where numerous cyberattacks have been carried out using compromised Infostealer data. Major companies such as AT&T, Ticketmaster, Orange, Airbus, Uber, and EA Sports have all...
“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship
Google Maps is a treasure trove of information for open source researchers. Bellingcat frequently uses the platform’s satellite imagery and street view in investigations, and user-written reviews...
Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details
How Complexity Influences Security Outcomes in a Volatile World
Zendesk is a customer service tool. To setup, you link it to your company's customer support email, such as [email protected]. Now, Zendesk will manage all incoming emails and create tickets for...
The Nintendo Entertainment System (NES) was built in an era of CRT TVs, where rendering it entirely different than LEDs. Most graphical changes happen during a blanking period; so, there is an...
Arc is a new browser focused on security and privacy. They recently added cloud functionality for storing CSS and JavaScript browser customization's called boosts. Firebase is a...
In the Cosmos SDK, a vesting account is a type of account whose coins are locked for some vesting schedule. A periodic vesting account will give out funds at defined intervals. A clawback account...
SAML is a common protocol for exchanging authentication and authorization data between IdPs and Service Providers (SPs). SAML is written in the markup language XML. In SAML, the core element is...