Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices. Read Full Article
For a long time we´ve been interested in operational security (OPSEC), and although you can find tons of cool technical tips about protecting digital information, we always felt that something was missing. Read Full Article
Perfect OPSec is almost impossible. However implementing basic OPSec practices should become second nature for every researcher. You will be more careful and hopefully, avoid rookie mistakes like talking too much and bragging about your research. Read Full Article
It was five years ago when a group of computer security enthusiasts decided to gather together and organize a security conference mainly for a Spanish-speaking audience. Last week RootedCon celebrated its fifth birthday, gathering more than 1000 attendees. It is… Read Full Article
One of the systems I have been running collects all our web malware detections for .ES domains. I usually check it out every morning, just in case I see something especially interesting or relevant. And when I find something, I… Read Full Article
While I was investigating the Trojan.JS.Iframe.aeq case one of the files dropped by the Exploit Kit was an Applet exploiting a vulnerability. Read Full Article
Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update! We regularly collect data regarding infected web sites based in our detections… Read Full Article
What a week for being in Boston! I was heading to Source Conference the very same day the blast happened. It-s hard to describe all the intense emotions when I arrived. As president Obama said today to the city of… Read Full Article
Phishing is not exactly a ground-breaking technique. Quite the opposite, it seems like it has been around forever. This is an indicator of its effectiveness: we might think that it is unlikely that people would give away their banking credentials just because they are asked for them, but still there is a percentage who continue to become victims of one of the simplest fraud methods.
However both user awareness and anti-phishing tools are making harder for fraudsters to succeed in their attempts to get our money. We see this changing in the decrease in the percentage of spam. That is not the only reason: users are switching to new platforms such as social networks for direct communication.
Today I want to show you an example of the creativeness in avoiding spam and phishing filters.Read Full Article
One of the things I don’t like from conferences is when there are two talks you want to attend scheduled at the same time. And this is what happened to me in VB2012. Fortunatelly David was on the stage for a whole hour, so I attended his first half and then I switched to Fabio’s talk. Read Full Article