research

The most prevalent malware behaviors and techniques

Don't miss, Elastic, malware analysis, malware detection, News, research, tips /

The most prevalent malware behaviors and techniques 2024-03-20 at 12:46 By Zeljka Zorz An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most often delivered […]

React to this headline:

Loading spinner

The most prevalent malware behaviors and techniques Read More »

Web-based PLC malware: A new potential threat to critical infrastructure

Don't miss, Hot stuff, ICS/SCADA, Malware, News, PLC, research, web application security /

Web-based PLC malware: A new potential threat to critical infrastructure 2024-03-07 at 13:47 By Zeljka Zorz A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets

React to this headline:

Loading spinner

Web-based PLC malware: A new potential threat to critical infrastructure Read More »

What makes ransomware victims less likely to pay up?

backup, cyber insurance, data theft, Don't miss, Hot stuff, Incident Response, News, Ransomware, research /

What makes ransomware victims less likely to pay up? 2024-01-26 at 08:34 By Zeljka Zorz There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente researcher Tom Meurs and his colleagues wanted to know which factors influence victims to pay the ransom

React to this headline:

Loading spinner

What makes ransomware victims less likely to pay up? Read More »

CloudFoxable: Open-source AWS penetration testing playground

AWS, Bishop Fox, cybersecurity, News, penetration testing, research, skill development, software /

CloudFoxable: Open-source AWS penetration testing playground 2024-01-22 at 07:02 By Mirko Zorz CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely. “What makes

React to this headline:

Loading spinner

CloudFoxable: Open-source AWS penetration testing playground Read More »

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

automotive security, Don't miss, Hot stuff, manufacturing sector, News, Nozomi Networks, Ransomware, research, vulnerability /

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production 2024-01-09 at 17:46 By Zeljka Zorz Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. “Depending on a manufacturer’s use

React to this headline:

Loading spinner

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production Read More »

Securing AI systems against evasion, poisoning, and abuse

AppOmni, Artificial Intelligence, Don't miss, how-to, machine learning, News, NIST, report, research, strategy, tips /

Securing AI systems against evasion, poisoning, and abuse 2024-01-09 at 06:32 By Mirko Zorz Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In their latest publication, NIST researchers and their partners highlight these AI and machine learning vulnerabilities. Taxonomy of

React to this headline:

Loading spinner

Securing AI systems against evasion, poisoning, and abuse Read More »

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

cryptojacking, Don't miss, exploit, Hot stuff, Imperva, Malware, News, Oracle WebLogic, research, vulnerability /

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers 20/12/2023 at 16:02 By Helga Labus The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners

React to this headline:

Loading spinner

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers Read More »

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

cryptographic attack, Don't miss, Hot stuff, News, OpenSSH, research, SSH, SUSE, vulnerability /

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) 19/12/2023 at 13:18 By Zeljka Zorz Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol.

React to this headline:

Loading spinner

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Read More »

“Pool Party” process injection techniques evade EDRs

CrowdStrike, Cybereason, Don't miss, Endpoint Security, Hot stuff, Microsoft, News, Palo Alto Networks, PoC, research, SafeBreach, SentinelOne, threat detection, XDR /

“Pool Party” process injection techniques evade EDRs 12/12/2023 at 14:01 By Zeljka Zorz SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the

React to this headline:

Loading spinner

“Pool Party” process injection techniques evade EDRs Read More »

Many popular websites still cling to password creation policies from 1985

authentication, Don't miss, Hot stuff, News, passwords, policy, research, trends /

Many popular websites still cling to password creation policies from 1985 12/12/2023 at 09:01 By Helga Labus A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automated account creation method

React to this headline:

Loading spinner

Many popular websites still cling to password creation policies from 1985 Read More »

Changpeng Zhao’s next move could involve decentralized science

Binance, Changpeng Zhao, Health, research, science, World Health Organization /

Changpeng Zhao’s next move could involve decentralized science 07/12/2023 at 17:02 By Cointelegraph by Robert D. Knight Decentralized science, or DeSci, aims to apply decentralized business models to medical research. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Changpeng Zhao’s next move could involve decentralized science Read More »

Researchers automated jailbreaking of LLMs with other LLMs

Artificial Intelligence, attack, Don't miss, Hot stuff, machine learning, News, research, Robust Intelligence, Yale University /

Researchers automated jailbreaking of LLMs with other LLMs 07/12/2023 at 13:47 By Zeljka Zorz AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be used

React to this headline:

Loading spinner

Researchers automated jailbreaking of LLMs with other LLMs Read More »

Open-source AV/EDR bypassing lab for training and learning

cybersecurity, GitHub, News, open source, research, skill development, software /

Open-source AV/EDR bypassing lab for training and learning 22/11/2023 at 07:31 By Mirko Zorz Best EDR Of The Market is a user-mode endpoint detection and response (EDR) project designed to serve as a testing ground for understanding and bypassing EDR’s user-mode detection methods. These techniques are mainly based on a dynamic analysis of the target

React to this headline:

Loading spinner

Open-source AV/EDR bypassing lab for training and learning Read More »

Turkish Lira becomes top crypto trading pair on Binance in Sept 2023

Binance, research, trading, Turkey /

Turkish Lira becomes top crypto trading pair on Binance in Sept 2023 10/11/2023 at 12:02 By Cointelegraph By Arijit Sarkar Turkish Lira accounted for 75% of all fiat volume in early September, which can be tied to the recent influx of crypto investors in the Turkish market. This article is an excerpt from Cointelegraph.com News

React to this headline:

Loading spinner

Turkish Lira becomes top crypto trading pair on Binance in Sept 2023 Read More »

Open-source vulnerability disclosure: Exploitable weak spots

Aqua Security, cybercriminals, Don't miss, Hot stuff, News, open source, research, vulnerability disclosure /

Open-source vulnerability disclosure: Exploitable weak spots 09/11/2023 at 15:17 By Zeljka Zorz Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day” vulnerabilities are known

React to this headline:

Loading spinner

Open-source vulnerability disclosure: Exploitable weak spots Read More »

UK to invest 300M pounds in 2 AI supercomputers; Harris presses for AI safety

research, Supercomputer, UK Government, United Kingdom /

UK to invest 300M pounds in 2 AI supercomputers; Harris presses for AI safety 02/11/2023 at 13:02 By Cointelegraph By Savannah Fortis The U.K. says the investments will help its local scientific talent have the tools they need to ensure that the most advanced AI models are up to safety standards. This article is an

React to this headline:

Loading spinner

UK to invest 300M pounds in 2 AI supercomputers; Harris presses for AI safety Read More »

Apple news: iLeakage attack, MAC address leakage bug

apple, attack, data theft, Don't miss, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, research, vulnerability /

Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to

React to this headline:

Loading spinner

Apple news: iLeakage attack, MAC address leakage bug Read More »

DeSci-focused DAO community funds cancer research

community, Consensus, dao, Medicine, research /

DeSci-focused DAO community funds cancer research 17/10/2023 at 14:02 By Cointelegraph By Arijit Sarkar VitaDAO community agreed to fund an early-stage cancer research through the launch of a biotech company named Matrix Biosciences. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

DeSci-focused DAO community funds cancer research Read More »

Network Flight Simulator: Open-source adversary simulation tool

AlphaSOC, cybersecurity, Don't miss, GitHub, News, research, software /

Network Flight Simulator: Open-source adversary simulation tool 27/09/2023 at 06:31 By Mirko Zorz Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic

React to this headline:

Loading spinner

Network Flight Simulator: Open-source adversary simulation tool Read More »

Water & Music’s Cherie Hu says Web3 and AI will revolutionize creativity: The Agenda

AI, blockchain, ChatGPT, Cointelegraph, concert ticketing, content creation, Crypto, Intellectual Property, Metaverse, Music, music industry, NFTs, research, Web3 /

Water & Music’s Cherie Hu says Web3 and AI will revolutionize creativity: The Agenda 20/09/2023 at 16:02 By Cointelegraph By Ray Salmond Water & Music founder Cherie Hu explains how technology is evolving the music industry — but is it to the benefit of musicians? This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

Loading spinner

Water & Music’s Cherie Hu says Web3 and AI will revolutionize creativity: The Agenda Read More »

Scroll to Top