The Straight-Edge Neo-Nazi Group that Attacked a Ukrainian Roma Camp

According to Ukraine’s Zaxid.net, the recent lethal attack on a Roma camp in Ukraine has been linked by the law enforcement to a popular VKontakte (VK) community called “Sober and Angry Youth” (Твереза та зла молодь Ukrainian, or Трезвая и Злая Молодежь in Russian). The largest page linked to this straight-edge, neo-Nazi group has over 85,000 followers, while there are numerous local “chapters” of the organization across Ukraine, Russia, and other Slavic countries.

Attacking Machine Learning Detectors: the state of the art review

Machine learning (ML) is a great approach to detect Malware. It is widely used among technical community and scientific community with two different perspectives: Performance V.S Robustness. The technical community tries to improve ML performances in order to increase the usability on large scale while scientific community is focusing on robustness by meaning how easy it would be to attack a ML detector engine. Today I’d like to focus our attention a little bit on the second perspective pointing up how to attack ML detector engines.

We might start by classifying machine learning attacks in three main sets:

WTB: Malware Analysis Report: A New Variant of Ursnif Banking Trojan Served by the Necurs Botnet Hits Italy

The intelligence in this week’s iteration discuss the following threats: Botnet, Banking trojan, Credential theft, Cyberespionage, Data leak, Malicious applications, Phishing, Ransomware, RAT, Spear phishing, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

The Myth of the Intrapreneur

Executive Summary

The Post-It note. Facebook’s “like” button. The Sony PlayStation. These products are all held up as legendary examples of the power of intrapreneurship — entrepreneurial creativity and innovation within large, established organizations. Since the term was coined in the 1980s, intrapreneurship has been sold to companies as a catch-all solution for fostering innovation. Intrapreneurs are supposed to be rebels, breaking the rules and swimming against the corporate tide. While this vision of the intrapreneurial maverick is certainly alluring, in truth it’s an ineffective way to drive innovation. In fact, organizations need a company-wide innovation management system, not a handful of creative rebels. It may not sound as exciting, but it’s how real innovations are born.

Bypassing Passcodes in iOS

Bypassing Passcodes in iOS

Last week, a story was going around explaining how to brute-force an iOS password. Basically, the trick was to plug the phone into an external keyboard and trying every PIN at once:

Why Your Teen Should Develop Hacking Skills This Summer

My father always liked to tell me about how he and his friends used to hack cars in the 1960s to get more power and speed out of stock motors. They took apart the motors, learned all they could, tried to improve them — and sometimes broke them altogether. Occasionally, however, they pulled off amazing improvements with their hacking skills. (In fact, the engineers from Ford and Chevrolet actively followed automobile clubs in various cities to learn from them.)

Check Yo Privilege

Many of our customers follow the best practice of creating separate accounts for day-to-day tasks and administrative ones. In the event of an attack, using separate accounts is often a great way to slow things down and give security teams a little extra time for discovery and identification of an attack. Because many attacks happen in the user context, this creates an extra step for an attacker, who must escalate the privileges to administrative permissions.

Last Year’s ICOs Had Five Security Vulnerabilities On Average, Say Researchers

An anonymous reader quotes a report from Bleeping Computer: Security researchers have found, on average, five security flaws in each cryptocurrency ICO held last year. Only one ICO held in 2017 did not contain any critical flaws. According to Positive.com, a security firm specialized in ICO security audits, most of the vulnerabilities they found, they discovered in the smart contracts at the base of the ICO itself.

“71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO,” the company said. “Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, these would consist of non compliance with the ERC20 standard (the token interface for digital wallets and cryptocurrency exchanges), incorrect random number generation and incorrect scoping amongst others,” Positive.com experts say. “Generally, these vulnerabilities occur due to lack of programmer expertise and insufficient source code testing.”

RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families

Throughout 2017 and 2018 Unit 42 has been tracking and observing a series of highly targeted attacks focused in South East Asia, building on our research into the KHRAT Trojan. Based on the evidence, these attacks appear to be conducted by the same set of attackers using previously unknown malware families. In addition, these attacks appear to be highly targeted in their distribution of the malware used, as well as the targets chosen. Based on these factors, Unit 42 believes the attackers behind these attacks are conducting their campaigns for espionage purposes.

DDoS attacks on the rise; China and Russia behind most credential abuse attacks, report

Cyber defenders need to stay on their toes as DDoS attacks are still on the rise, a 16 percent increase in the number of attacks recorded since last year, as well as attackers devising new and advanced DDoS methods. Since last year, there has been a 4 percent increase in reflection-based DDoS attacks, a 38 percent increase in application-layer attacks like SQL injection or cross-site scripting and 1.35 terabyte per second memcached reflector attack – the largest DDoS attack to hit the internet yet.

Aclima sucks in $24M to scale its air quality mapping platform

Aclima, a San Francisco-based company which builds Internet-connected air quality sensors and runs a software platform to analyze the extracted intel, has closed a $24 million Series A to grow the business including by expanding its headcount and securing more fleet partnerships to build out the reach and depth of its pollution maps.