As I'm sure many of you know, x86 architecture has been around for quite some time. It has its roots in Intel's early 8086 processor, the first in the family. Indeed, even the original 8086 inherits a...
Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read
Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.
It is trivially possible to disable the Cortex EDR as a non-admin user by triggering a repair function. This is only working, if the Tamper Protection is not enforced! TL;DR; Trigger the repair via GUID Disrupt it when EDR is deactivated Done
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations.
#APT31 #China #Computer #Critical #InfoSec #Infrastructure #Sanctions #Security #USA
In April 2021 I participated in Pwn2Own Vancouvver competition as a single player, and successfully demonstrated a 0-day virtual machine escape exploit with code execution on Parallels hypervisor. Today I am finally releasing the exploit source code together with a technical walkthrough video talk that I gave on Zero Day Engineering livestream in November 2021.
Supply chain attack targeted GitHub community of Top.gg Discord server
A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.
APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties.
China has introduced guidelines to phase out U.S. microprocessors from Intel (INTC.O), opens new tab and AMD (AMD.O), opens new tab from government personal computers and servers, the Financial Times reported on Sunday.
The procurement guidance also seeks to sideline Microsoft's (MSFT.O), opens new tab Windows operating system and foreign-made database software in favour of domestic options, the report said.
Deux premiers guichets d’aide du programme de renforcement de la sécurité informatique CaRe viennent d’être ouverts pour les établissements de santé.
Spanish airline Air Europa (ICAG.L), opens new tab said on Friday personal data of its customers may have been compromised in a security incident that was detected in October last year.
The company's investigation showed that name, ID card or passport details, date of birth, telephone number, email address and nationality details could have been leaked, Air Europa told its customers in an email that was seen by Reuters.
A rare case in Danish court shows how automated clicks and fake accounts can earn hundreds of thousands of dollars on Apple Music and Spotify. Experts say it’s the tip of the iceberg.
#apple #bots #music #spotify #streaming
The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024.
The reports keep coming in from across the country on how the Change Healthcare ransomware attack that first came to light on Feb. 21 has been impacting the healthcare sector.
The case has been called the most severe cyberattack on the healthcare sector in history and has had a great impact since Change Healthcare, owned by UnitedHealth Group, processes 15 billion healthcare transactions annually, affecting 1 in 3 patient records.
The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation.
We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript.
#2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks
Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our 600+ researchers based in 68 countries.
Une quarantaine d’établissements scolaires, notamment de région parisienne et de l’académie de Rennes, ont reçu des menaces d’attentat terroriste sur leurs espaces numériques de travail (ENT), mercredi 20 mars. La région Île-de-France a déposé plainte, ce jeudi 21 mars, au cyber-parquet de Paris. Une enquête est ouverte, une brigade spécialisée de la police judiciaire est saisie.
Bishop Fox examines the iSoon data disclosure from an offensive security perspective and an analysis of the platform's capabilities, design, features.
