Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.

Fraudsters who target LinkedIn users in sophisticated investment schemes pose a "significant threat" to the platform, the FBI tells CNBC.

Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine.

Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.

In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by a researcher known as m00nbsd and patched in

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

Gen. Paul Nakasone's remarks this month about offensive operations against Russia caused a stir. But have people misinterpreted his words?

It is rare that the identities of participants and ringleaders in criminal phishing schemes are uncovered. But in many cases, when untangling the web of a cyber criminal group (particularly with financially motivated e-crime actors), there are enough OSINT breadcrumbs left behind by a threat actor, on forums, in code, or elsewhere, to point investigators in the right direction.

MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.

Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to perform specific steps of a multiphase attack)

Attacker targets bugs in a popular web application graphical interface development tool.

We examined the password policies of 120 of the most popular English-language websites in the world.

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group,…

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.

Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication

Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it.

The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces.

SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.