BlackLotus Malware Hijacks Windows Secure Boot Process
Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are…
Security
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but…
2022 Year-End API ThreatStats™ Report
In 2022, the Wallarm Threat Research team went through almost 350,000 reports to find 650 API-specific vulnerabilities, and tracked 115…
FBI and CISA issue joint warning on Royal Ransomware
On March 6, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a…
Prompt Injection Attacks on Large Language Models
This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing…
CISA and FBI issue joint warning on Royal Ransomware
On March 6, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a…
VMware NSX Manager vulnerabilities being actively exploited in the wild
The Wallarm Detect team has found exploit attempts in the wild of CVE-2022-31678 and CVE-2021-39144. The original vulnerabilities were found…
New National Cybersecurity Strategy
Last week the Biden Administration released a new National Cybersecurity Strategy (summary >here. There is lots of good commentary out…
What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe
A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on…
Friday Squid Blogging: We’re Almost at Flying Squid Drones
Researchers are prototyping multi-segment shapeshifter drones, which are “the precursors to flying squid-bots.” As usual, you can also use this…