Tax refund, or How to lose your remaining cash
Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given...
A Slice of 2017 Sofacy Activity
Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to...
Spam and phishing in 2017
Figures of the year
The share of spam in mail traffic came to 56.63%, down 1.68% against 2016.
The biggest source of spam remains the US...
A vulnerable driver: lesson almost learned
Recently, we started receiving suspicious events from our internal sandbox Exploit Checker plugin. Our heuristics for supervisor mode code execution in the user address...
Gas is too expensive? Let’s make it cheap!
A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be...
Every little bitcoin helps
It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is...
Cybercriminals target early IRS 2018 refunds now
On Monday, Jan 29th, IRS officially opened its 2018 season. Some taxpayers already filed their taxes and cybercriminals know it too. So, right after...
Denis and Co.
In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted...
Skygofree: Following in the footsteps of HackingTeam
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further...
Latest article
Why AI, Zero Trust, and modern security require deep visibility
AI. Automation. Zero Trust. They dominate every security strategy document. But there’s a truth sitting underneath all three: none of them...
Samsung MagicINFO Server Multiple Vulnerabilities
Samsung MagicINFO Server Multiple Vulnerabilities MagicINFO User Credential Disclosure (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)NOTE: Samsung mentioned this item may have been fixed with version 21.1090.1, but we were...
Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files
Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites.
The post Perplexity AI Browser Flaw...
Tycoon 2FA Phishing Kit Disrupted by Microsoft, Europol and Partners
Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated...
