Два криптографа поспорили на $5000: что сломается первым — старая защита интернета или новая. Ставки сделаны, выиграет лишь один
Квантовая эра рассудит.
Aggregator
Randall Munroe’s XKCD ‘Electric Vehicles’
1 week 5 days ago
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Electric Vehicles’ appeared first on Security Boulevard.
Marc Handelman
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
1 week 5 days ago
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.
Deeba Ahmed
阿根廷企鹅国度发现 PFAS
1 week 5 days ago
加州戴维斯的科学家在 2022-2024 年的企鹅繁殖季期间给生活在阿根廷 Patagonian 海岸的 54 只麦哲伦企鹅的脚套上硅胶被动取样器,收集企鹅在数天活动期间内接触的水、空气和表面化学物质的样本。采样器回收后送往纽约州立大学布法罗进行检测。检测结果显示,即使在偏远地区,逾九成样本都检测到了 PFAS,PFAS 代表全氟烷基和多氟烷基物质,因为不会自然分解它被称为“永久留存的化学品”。
MemPalace: Милла Йовович запустила открытый инструмент для долгосрочной памяти ИИ… и сообщество тут же его разнесло
1 week 5 days ago
Инструмент собрал 34 тысячи звезд за три дня. В чем подвох?
鸿蒙NEXT应用一键加固——AI Agent助力安全开发
1 week 5 days ago
三六零天御
The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks
1 week 5 days ago
Flashpoint analysts, working with partner financial institutions, have observed a growing number of PhaaS operations operating with a level of coordination and specialization more commonly associated with legitimate software platforms. These ecosystems bring together phishing kit developers, infrastructure providers, spam delivery services, and financially motivated actors into a single, scalable pipeline for fraud.
The post The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks appeared first on Flashpoint.
The post The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks appeared first on Security Boulevard.
Flashpoint Intel Team
Ким Чен Ын передаёт привет вашему криптокошельку. Краткий гид: как не спонсировать чужую ядерную программу
1 week 5 days ago
Изучаем ловушки, обманувшие даже самых бдительных специалистов.
SecWiki News 2026-04-10 Review
1 week 5 days ago
弥合内核回溯差距:针对欧盟 CRA 的自动 CVE 检测 by ourren
简评Mythos Preview对国家安全和中国网安产业的影响 by ourren
暗网情报技术能力框架及参考指标体系 by ourren
更多最新文章,请访问SecWiki
简评Mythos Preview对国家安全和中国网安产业的影响 by ourren
暗网情报技术能力框架及参考指标体系 by ourren
更多最新文章,请访问SecWiki
FBI 利用 iPhone 通知数据恢复已删除 Signal 消息
1 week 5 days ago
在最近一起涉及在德州 Alvarado ICE Prairieland Detention Facility 放烟花和破坏财产案件中,FBI 利用 iPhone 手机上储存的通知数据库数据恢复了已删除的 Signal 消息。Signal 采用端对端加密,除了接收双方,其他人本来无法查看消息,但 iPhone 的通知功能能提供消息的预览,相关信息还会储存在通知数据库中。要避免消息被预览和保存,Signal 用户可以启用禁止预览,或者修改 iPhone 的设置 > 通知 > 通知内容 > 显示:“仅名称”或“不显示名称或内容”。在本案中,被告没有修改相关设置,导致即使应用卸载之后其消息仍然能被恢复。
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
1 week 5 days ago
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]
Sergiu Gatlan
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
1 week 5 days ago
【资源】伊朗相关开源情报工具
1 week 5 days ago
伊朗相关开源情报工具网站。
Интернет больше нельзя отключить: кончился пакет — остаётся 400 кбит/с навсегда
1 week 5 days ago
Плюс 1 пункт в список базовых прав человека? Если вы в Южной Корее…
一个会规避美国执法监控的僵尸网络
1 week 5 days ago
Masjesu 僵尸网络是一种自 2023 年初开始运作并持续演进至 2026 年的复杂商业化物联网威胁。
该僵尸网络以隐秘性为核心,以DDoS 攻击租赁服务的形式,主要通过 Telegram 进行推广。
它针对路由器、网关等多种物联网设备,支持 i386、MIPS、ARM、AMD64 等多种架构。为实现持久化与低可见性,Masjesu 采用谨慎低调的传播策略,而非大规模感染,刻意避开美国国防部等列入黑名单的 IP 段,保障长期存活。
该僵尸网络使用基于异或(XOR)的加密混淆字符串、配置与载荷数据,大幅降低静态检测的有效性。传播时,恶意软件会随机扫描 IP,利用 D-Link、GPON、Netgear 等厂商设备的多个漏洞入侵。其命令与控制(C2)基础设施采用多域名 + 备用 IP 架构,支持 TCP、UDP、HTTP 洪水等多种 DDoS 攻击方式。
Masjesu 背后的攻击者仍以 Telegram 作为核心推广与获客平台。
有趣的是黑名单 IP 过滤机制
刻意避开以下网段,规避执法打击:
私有地址:0.0.0.0/8、10.0.0.0/8、127.0.0.0/8、172.16.0.0/12、192.168.0.0/16
美国国防部(DoD):26.0.0.0/8、132.1.0.0/16、150.1.0.0/16 等
美国联邦机构、军方承包商、政府骨干网相关网段
原文链接:
https://www.trellix.com/blogs/research/masjesu-rising-stealth-iot-botnet-ddos-evasion/
Weekly Threat Landscape Digest – Week 15
1 week 5 days ago
Week 15 highlighted a rapidly evolving cyber threat environment driven by actively exploited vulnerabilities in enterprise software, identity and access […]
The post Weekly Threat Landscape Digest – Week 15 appeared first on HawkEye.
Ben O
Bringing Rust to the Pixel Baseband
1 week 5 days ago
Edward Fernandez
Orange Business Reimagines Enterprise Voice Communications With Trust and AI
1 week 5 days ago
ClickFix finds a new way to infect Macs
1 week 5 days ago
ClickFix campaigns have found a way around macOS Tahoe's warnings against pasting commands in the Terminal. They're using Script Editor instead.
The post ClickFix finds a new way to infect Macs appeared first on Security Boulevard.
Malwarebytes
Тёмную материю искали везде. Нашли в Млечном Пути. В других галактиках — тишина. Учёные поняли: она не одна, их две
1 week 5 days ago
Почему самая загадочная субстанция во вселенной играет с нами в прятки?