Hello, Its developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families.
also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with...

A decryptor has been released for the Maze, Sekhmet, and Egregor ransomware after someone published the master decryption keys in a BleepingComputer forum post.

Reputation firms like Eliminalia use legal threats and copyright notices to have material taken down around the world.

Nombreux sont ceux qui utilisent les mêmes mots de passe faibles, encore et encore. Découvrez les 200 mots de passe les plus utilisés dans le monde en 2021.

Cet article contient des listes des mots de passe les plus courants, selon différentes sources.

This is a list of the most common passwords, discovered in various data breaches. Common passwords generally are not recommended on account of low password strength

I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?

Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities....

We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

Google Analytics est une fonctionnalité qui peut être intégrée par les gestionnaires de sites web tels que des sites de vente en ligne afin d’en mesurer la fréquentation par les internautes. Dans ce cadre, un identifiant unique est attribué à chaque visiteur. Cet identifiant (qui constitue une donnée personnelle) et les données qui lui sont associées sont transférés par Google aux États-Unis.

Changing Default Behavior

We’re introducing a default change for five Office apps that run macros:
VBA macros obtained from the internet will now be blocked by default.

Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.

• In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago.
• In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.
• Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.
• This data aggregation and analysis is relatively new for Project Zero, but we hope to do it more in the future. We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general.

UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.

FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

Apple a publié iOS 15.3.1 pour corriger la vulnérabilité CVE-2022-22620 de WebKit, qui serait activement exploitée par les cybercriminels.

version EN

"Sorti hier, macOS 12.2.1 règle un problème de sécurité dans WebKit, le moteur de Safari, qui aurait pu permettre à une personne malintentionnée d'exécuter du code arbitraire en faisant simplement visiter à l'utilisateur une page web malveillante (CVE-2022-22620). Si votre Mac n'est pas compatible avec macOS Monterey, une mise à jour individuelle de Safari est disponible."