Upset by their inability to access potentially vital evidence for criminal investigations, the federal government has, for years, pushed to convince tech companies to build backdoors that will, allegedly, only be used by law enforcement agencies. The problem, cybersecurity researchers say, is that those backdoors can easily be exploited by criminals.
Almost 10 years ago, privacy advocate Max Schrems and the European Union began separate efforts to change the way the world thinks about online privacy. Thanks to them, we now have GDPR.
The second quarter of 2017 left the security world wondering, “What the hell happened?” With leaks of government-created exploits being deployed against users in the wild, a continued sea of ransomware constantly threatening our ability to work online, and the lines between malware and potentially unwanted programs continuing to blur, every new incident was a wakeup call.In this report, we are going to discuss some of the most important trends, tactics, and attacks of Q2 2017, including an update on ransomware, what is going on with all these exploits, and a special look at all the breaches that happened this quarter.
Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).
ShadowBrokers shocked the security world again today by releasing another cache of exploits, files, and operational documents purportedly stolen from Equation Group last summer. As you may recall from our earlier publications, Equation Group is reportedly a clandestine hacking group that has been linked with NSA hacking tools.
ShadowBrokers finally made good on their promise to release the decryption key to unlock the stolen ‘auction’ file purportedly filled with NSA hacking tools.
Attribution is the practice of taking forensic artifacts of a cyber attack and matching them to known threats against targets with a profile matching your organization. If this seems overly complicated, that is intentional. There are degrees of attribution that map to very specific contexts and painting over that context with a simplistic reading accomplishes very little other than frightening decision makers into unnecessary expenditures.