New research from Palo Alto Networks’ Unit 42 has identified four emerging ransomware groups that have the potential to become bigger problems in the future. These are AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0. Emerging ransomware threat groups “With major ransomware groups such as REvil and Darkside lying low or rebranding to evade law enforcement…

While it’s true that threat hunting, incident response, and threat research all have their foundations in science (operating system theory and architecture, computer language and compilation, protocols, hardware and memory architecture, logic, etc.), throughout my entire career I have found it is also fundamentally true that the most successful threat hunters, incident responders, and threat…

The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories. Specifically, it provides information on the maximum bounty for each category and describes the mitigating factors that can result in a lower reward. Payment guidelines are currently available for page admin vulnerabilities, for which the top…

Research conducted by Alissa Knight, partner at marketing agency Knight Ink, on behalf of mobile API threat protection firm Approov showed that the applications are to API attacks that unauthorized parties could leverage to access protected health information (PHI) and personally identifiable information (PII). With people increasingly relying on mHealth apps during the COVID-19 pandemic,…

Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users’s surroundings. The vulnerabilities – in Signal, Google Duo, Facebook Messenger, JioChat, and Mocha – could be triggered by simply placing a call to the target’s device – no other action was needed. Searching for bugs in video chat apps In early…

A study of face recognition technology created after the onset of the COVID-19 pandemic shows that some software developers have made demonstrable progress at recognizing masked faces. The findings, produced by NIST, measure the performance of face recognition algorithms developed following the arrival of the pandemic. A previous report from July explored the effect of…

The largest collection of public internet censorship data ever compiled shows that even citizens of what are considered the world’s freest countries aren’t safe from internet censorship. A team from the University of Michigan used its own Censored Planet tool, an automated censorship tracking system launched in 2018, to collect more than 21 billion measurements…

As businesses grapple with the pandemic, millions of workers are no longer working in the traditional office behind the traditional perimeter. They are working from home, accessing data and network resources using unauthorized devices, unauthorized software and unsecured WiFi. Research has revealed that almost 50% of US businesses have been hit by a Covid-related attack…

Academics at UCL and other institutions have collaborated to develop a machine learning tool that identifies new domains created to promote false information so that they can be stopped before fake news can be spread through social media and online channels. To counter the proliferation of false information it is important to move fast, before…