Latest News

2019/10/14

Sophisticated Spy Kit Targets Russians with Rare GSM Plugin

The Attor malware targets government and diplomatic victims with unusual tactics.

A sophisticated cyberespionage platform called Attor has come to light, sporting an unusual capability for fingerprinting mobile devices as part of its attacks on government and diplomatic victims.

According to researchers at ESET, Attor, which has flown under the radar since at least 2013, also sports a complex modular architecture and elaborate network communications utilizing Tor, making it a highly evolved threat.
2019/10/14

Iran-Linked ‘Charming Kitten’ Touts New Spearphishing Tactics

A campaign first observed last year has ramped up its attack methods and appears to be linked to activity targeting President Trump’s 2020 re-election campaign.

An Iran-linked advanced persistent threat (APT) group tied to attacks on President Trump’s 2020 re-election campaign has added new spearphishing techniques to its arsenal in an apparent ramp-up in operations.
2019/10/09

[Nice Read] I Could Crash Your Instagram Remotely. But I Chose to Report It.

"On April 2019, I had the foolish idea of testing Facebook security (and more specifically Instagram security), after I got informed that the company enabled a new setting on their assets (called Whitehat Settings), making easier for researchers to discover new vulnerabilities (pinning was not a problem, I am just a bit lazy sometimes :P)."
2019/10/09

APT Groups Exploiting Flaws in Unpatched VPNs

U.S. and U.K. agencies warn consumers to update VPN technologies from Fortinet, Pulse Secure and Palo Alto Networks.

State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.

The National Security Agency (NSA) issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–CVE-2019-11539, CVE-2019-11510 and CVE-2018-13379–to gain access to vulnerable VPN devices. The first two affect Pulse Secure VPNs while the third affects Fortinet technology.
2019/10/08

U.S. Department of Justice Asks Facebook Not to Implement End-to-End Encryption

The Department of Justice published an open letter to Facebook from international law enforcement partners from the United States, United Kingdom and Australia in response to the company’s publicly announced plans to implement end-to-end-encryption across its messaging services.

The letter is signed by Attorney General William P. Barr, United Kingdom Home Secretary Priti Patel, Australia’s Minister for Home Affairs Peter Dutton and Acting Homeland Security Secretary Kevin K. McAleenan.