securityXspace: a blog about cyber-philosophy.

It would probably be the first time ever in Google’s history that the company has revealed details of the tenacity and success of malware dubbed as Triada. Triada malware was discovered in 2017 and came pre-installed on Android devices. It was believed back then that the malware was added to the devices at any stage of the supply…

Flaw “can take down a Windows fleet pretty quickly”. Google’s Project Zero security team has decided to reveal the details of a denial of service (DoS) bug in Windows, after Microsoft said it would provide a patch outside the 90-day disclosure deadline. Project Zero lifted the veil on the flaw, 91 days after it was disclosed to Microsoft.…

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. Microsoft Patch Tuesday security updates for June 2019 address 88 vulnerabilities in Windows OS and other products of the tech giant (Internet Explorer, Microsoft Edge browser, Microsoft Office and Services, ChakraCore, Skype for Business, Microsoft Lync, Microsoft…

For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants, Yoroi-Cybaze ZLab detailed its evolution. Introduction For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants. Yoroi-Cybaze ZLab closely observed these campaigns and analyzed them to track the evolution of the techniques and the underlined…

It’s Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary…

Discover the remarkable world of codebreaking, ciphers and secret communications in our upcoming must-see, free exhibition. From the trenches of the First World War to the latest in cyber security, Top Secret explores over a century’s worth of communications intelligence through hand-written documents, declassified files and previously unseen artefacts from the Science Museum Group’s and…

Applying unsupervised machine learning to find ‘randomly generated domains. Authors: Ruud van Luijk and Anne Postma At Fox-IT we perform a variety of research and investigation projects to detect malicious activity to improve the service of our Security Operations Center. One of these areas is applying data science techniques to real-world data in real-world production…

GDPR One Year On: What Have We Learned? Businesses are comprised of different departments and professionals, with data flowing across the organisation. When there’s a data breach, it’s usually the data protection officers (DPOs), CIOs, and CISOs who take the brunt of the blame; however, since the introduction of the General Data Protection Regulation (GDPR),…

Treadstone 71, the leading cyber and threat intelligence tradecraft company, today announced the availability of a new offering: Cyber Intelligence Lifecycle. The new module will enable teams to organize their cyber threat intelligence program, publish their strategic plans, build stakeholder models, establish collection plans, rate and verify data and sources, use structured techniques, and prepare…

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. Source: New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions