RECALLS the relevant conclusions of the European Council1 and the Council2, ACKNOWLEDGES that state and non-state actors are increasingly using hybrid tactics, posing a growing threat to the security of the EU, its Member States and its partners3. RECOGNISES that, for some actors applying such tactics, peacetime is a period for covert malign activities, when a conflict can continue or be prepared for in a less open form. EMPHASISES that state actors and non-state actors also use information manipulation and other tactics to interfere in democratic processes and to mislead and deceive citizens. NOTES that Russia’s armed aggression against Ukraine is showing the readiness to use the highest level of military force, regardless of legal or humanitarian considerations, combined with hybrid tactics, cyberattacks, foreign information manipulation and interference, economic and energy coercion and an aggressive nuclear rhetoric, and ACKNOWLEDGES the related risks of potential spillover effects in EU neighbourhoods that could harm the interests of the EU.

Since the last quarter of 2020 MuddyWater has mantained a “long-term” infection campaign targeting Middle East countries. We have gathered samples from November 2020 to January 2022, and due to the recent samples found, it seems that this campaign might still be currently active. The latest campaigns of the Muddy Water threat group, allegedly sponsored by the Iranian government and linked to the Iranian revolutionary guard (the main armed forces of the Iranian government), could be framed within the dynamics of maintaining Iran’s regional sovereignty.

Domain names geared to offer illicit goods and services – from illegally purchased guns to opioids to Covid vaccine cards – remain easy to...

Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.

Fraudsters who target LinkedIn users in sophisticated investment schemes pose a "significant threat" to the platform, the FBI tells CNBC.

Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine.

Emotet is back in business and it’s revealing some new tricks. Not long ago, Emotet introduced a new module, the Google Chrome’s credit card grabber. More recently, the SMB spreader module has been brought back and is now, once again, part of the infection chain.

Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.

In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by a researcher known as m00nbsd and patched in

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

Lookout Les chercheurs de Threat Lab ont découvert un logiciel de surveillance Android de niveau entreprise utilisé par le gouvernement du Kazakhstan à l'intérieur de ses frontières. D'après notre analyse, le logiciel espion est probablement développé par le fournisseur italien de logiciels espions RCS Lab S.p.A.

Gen. Paul Nakasone's remarks this month about offensive operations against Russia caused a stir. But have people misinterpreted his words?

It is rare that the identities of participants and ringleaders in criminal phishing schemes are uncovered. But in many cases, when untangling the web of a cyber criminal group (particularly with financially motivated e-crime actors), there are enough OSINT breadcrumbs left behind by a threat actor, on forums, in code, or elsewhere, to point investigators in the right direction.

MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.

Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to perform specific steps of a multiphase attack)

Attacker targets bugs in a popular web application graphical interface development tool.

We examined the password policies of 120 of the most popular English-language websites in the world.

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

La nuova funzione implementata ieri da BlackCat, esporrà le vittime colpite anche su Internet, con una diffusione più massiccia e pubblica dei dati rubati, con nome di dominio autentico intestato alla vittima stessa