Clop ransomware gang is back, hits 21 victims in a single month
After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers. [...]
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers. [...]
Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. [...]
Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper
Voltage glitch here, glitch there, now you can fiddle with location disc's firmware At the Workshop on Offensive Technologies 2022 (WOOT) on Thursday, security researchers demonstrated how to meddle with AirTags, Apple's coin-sized tracking devices.…
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today
Researchers discover three-year-old critical firmware vulnerability running in popular cloud servers used to power hyperscalers and cloud providers alike.
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns
New research shows companies are falling behind when it comes to developing strategies to protect themselves against cyber-attacks
Occasional gaping hole and overprivileged users still blight the Beast of Redmond Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust.…
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended. [...]
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
Malicious actors can gain unauthorized access to users' online accounts via a new technique called "account pre-hijacking," new research has found
New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...]
Paper authors warn Elon Musk's 2,400 machines could be used offensively A researcher from the Beijing Institute of Tracking and Telecommunications advocated for Chinese military capability to take out Starlink satellites on the grounds of national security in a peer-reviewed domestic journal.…
An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022
In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start Two security researchers have identified five related techniques for hijacking internet accounts by preparing them to be commandeered in advance.…
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report.
Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. [...]
Facebook builds FORT to protect against onslaught of regulation, investigation Meta's ad transparency tools will soon reveal another treasure trove of data: advertiser targeting choices for political, election-related, and social issue spots.…