What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
F-Secure.webp 2019-07-11 06:53:02 (Déjà vu) Mitigations Against Adversarial Attacks (lien direct) This is the fourth and final article in a series of four articles on the work we've been doing for the European Union's Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, […]
F-Secure.webp 2019-07-11 06:52:02 (Déjà vu) Adversarial Attacks Against AI (lien direct) This article is the third in a series of four articles on the work we've been doing for the European Union's Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]
F-Secure.webp 2019-07-11 06:50:03 (Déjà vu) Malicious Use Of AI (lien direct) This article is the second in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]
F-Secure.webp 2019-07-11 06:49:01 Bad AI (lien direct) This article is the first in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]
F-Secure.webp 2019-07-08 09:19:03 Security Issues, Dangers, And Implications of Smart Information Systems (lien direct) F-Secure is participating in an EU-funded Horizon 2020 project codenamed SHERPA (as mentioned in a previous blog post). F-Secure is one of eleven partners in the consortium. The project aims to develop an understanding of how machine learning will be used in society in the future, what ethical issues may arise, and how those issues […]
F-Secure.webp 2019-07-01 08:14:01 Sockpuppies! (lien direct) Yesterday, a colleague of mine, Eero Kurimo, told me about something odd he’d seen on Twitter. Over the past few days, a number of pictures of cute puppies had shown up on his timeline as promoted tweets. Here’s an example: “Mainostettu” is the Finnish word Twitter uses to denote that a tweet has been promoted. […]
F-Secure.webp 2019-05-24 17:10:00 Live Coverage Of A Disinformation Operation Against The 2019 EU Parliamentary Elections (lien direct) I recently worked with investigative journalists from Yle, attempting to uncover disinformation on social media around the May 2019 European elections. This work was also part of F-Secure’s participation in the SHERPA project, which involves developing an understanding of adversarial attacks against machine learning systems – in this case, recommendation systems on social networks. My […]
F-Secure.webp 2019-05-08 12:41:03 Spam Trends: Top attachments and campaigns (lien direct) Malware authors tend to prefer specific types of file attachments in their campaigns to distribute malicious content.  During our routine threat landscape monitoring in the last three months, we observed some interesting patterns about the attachment types that are being used in various campaigns. In February and March, we saw huge spam campaigns using ZIP […] Spam Malware Threat
F-Secure.webp 2019-04-03 15:39:01 Discovering Hidden Twitter Amplification (lien direct) As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Social networks fall into this category – they’re powered by recommendation algorithms (often based on machine learning techniques) that process large amounts of data in order to […]
F-Secure.webp 2019-04-01 14:19:03 Mira Ransomware Decryptor (lien direct) We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it’s feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the […] Ransomware
F-Secure.webp 2019-03-29 14:12:03 A Hammer Lurking In The Shadows (lien direct) And then there was ShadowHammer, the supply chain attack on the ASUS Live Update Utility between June and November 2018, which was discovered by Kaspersky earlier this year, and made public a few days ago. In short, this is how the trojanized Setup.exe works: An executable embedded in the Resources section has been overwritten by […]
F-Secure.webp 2019-03-27 17:19:00 Analysis of LockerGoga Ransomware (lien direct) We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […] Ransomware
F-Secure.webp 2019-03-12 07:56:03 Analysis Of Brexit-Centric Twitter Activity (lien direct) This is a rather long blog post, so we’ve created a PDF for you to download, if you’d like to read it offline. You can download that from here. Executive Summary This report explores Brexit-related Twitter activity occurring between December 4, 2018 and February 13, 2019. Using the standard Twitter API, researchers collected approximately 24 […]
F-Secure.webp 2019-02-21 13:20:01 Why Social Network Analysis Is Important (lien direct) I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do simple things with just a few lines of code. I started off with toy tasks, (like mapping the time of […]
F-Secure.webp 2019-01-03 05:04:00 NRSMiner updates to newer version (lien direct) More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, […] Malware Wannacry
F-Secure.webp 2018-11-26 13:16:05 Phishing Campaign targeting French Industry (lien direct) We have recently observed an ongoing phishing campaign targeting the French industry. Among these targets are organizations involved in chemical manufacturing, aviation, automotive, banking, industry software providers, and IT service providers. Beginning October 2018, we have seen multiple phishing emails which follow a similar pattern, similar indicators, and obfuscation with quick evolution over the course […]
F-Secure.webp 2018-11-22 08:25:00 Ethics In Artificial Intelligence: Introducing The SHERPA Consortium (lien direct) In May of this year, Horizon 2020 SHERPA project activities kicked off with a meeting in Brussels. F-Secure is a partner in the SHERPA consortium – a group consisting of 11 members from six European countries – whose mission is to understand how the combination of artificial intelligence and big data analytics will impact ethics […]
F-Secure.webp 2018-11-02 17:56:04 Spam campaign targets Exodus Mac Users (lien direct) We've seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-1.64.1-update.zip” and the sender domain was “update-exodus[.]io”, suggesting that it wanted to associate itself to the organization. It was trying to deliver a fake Exodus […] Spam
F-Secure.webp 2018-08-31 13:20:02 Value-Driven Cybersecurity (lien direct) Constructing an Alliance for Value-driven Cybersecurity (CANVAS) launched ~two years ago with F-Secure as a member. The goal of the EU project is “to unify technology developers with legal and ethical scholars and social scientists to approach the challenge of how cybersecurity can be aligned with European values and fundamental rights.” (That’s a mouthful, right?) […]
F-Secure.webp 2018-08-14 11:58:01 Taking Pwnie Out On The Town (lien direct) Black Hat 2018 is now over, and the winners of the Pwnie Awards have been published. The Best Client-Side Bug was awarded to Georgi Geshev and Rob Miller for their work called “The 12 Logic Bug Gifts of Christmas.” Georgi and Rob work for MWR Infosecurity, which (as some of you might remember) was acquired by F-Secure […]
F-Secure.webp 2018-07-30 17:17:05 How To Locate Domains Spoofing Campaigns (Using Google Dorks) #Midterms2018 (lien direct) The government accounts of US Senator Claire McCaskill (and her staff) were targeted in 2017 by APT28 A.K.A. “Fancy Bear” according to an article published by The Daily Beast on July 26th. Senator McCaskill has since confirmed the details. And many of the subsequent (non-technical) articles that have been published has focused almost exclusively on […] APT 28
F-Secure.webp 2018-05-24 07:50:00 Video: Creating Graph Visualizations With Gephi (lien direct) I wanted to create a how-to blog post about creating gephi visualizations, but I realized it’d probably need to include, like, a thousand embedded screenshots. So I made a video instead.
F-Secure.webp 2018-05-04 10:03:01 Pr0nbots2: Revenge Of The Pr0nbots (lien direct) A month and a half ago I posted an article in which I uncovered a series of Twitter accounts advertising adult dating (read: scam) websites. If you haven’t read it yet, I recommend taking a look at it before reading this article, since I’ll refer back to it occasionally. To start with, let’s recap. In my […]
F-Secure.webp 2018-03-16 09:49:04 Marketing “Dirty Tinder” On Twitter (lien direct) About a week ago, a Tweet I was mentioned in received a dozen or so “likes” over a very short time period (about two minutes). I happened to be on my computer at the time, and quickly took a look at the accounts that generated those likes. They all followed a similar pattern. Here’s an […]
F-Secure.webp 2018-02-27 12:07:01 How To Get Twitter Follower Data Using Python And Tweepy (lien direct) In January 2018, I wrote a couple of blog posts outlining some analysis I’d performed on followers of popular Finnish Twitter profiles. A few people asked that I share the tools used to perform that research. Today, I’ll share a tool similar to the one I used to conduct that research, and at the same […]
F-Secure.webp 2018-02-26 08:11:01 Improving Caching Strategies With SSICLOPS (lien direct) F-Secure development teams participate in a variety of academic and industrial collaboration projects. Recently, we’ve been actively involved in a project codenamed SSICLOPS. This project has been running for three years, and has been a joint collaboration between ten industry partners and academic entities. Here’s the official description of the project. “The Scalable and Secure […]
F-Secure.webp 2018-02-16 14:33:01 Searching Twitter With Twarc (lien direct) Twarc makes it really easy to search Twitter via the API. Simply create a twarc object using your own API keys and then pass your search query into twarc’s search() function to get a stream of Tweet objects. Remember that, by default, the Twitter API will only return results from the last 7 days. However, […]
F-Secure.webp 2018-01-30 12:37:35 NLP Analysis Of Tweets Using Word2Vec And T-SNE (lien direct) In the context of some of the Twitter research I’ve been doing, I decided to try out a few natural language processing (NLP) techniques. So far, word2vec has produced perhaps the most meaningful results. Wikipedia describes word2vec very precisely: “Word2vec takes as its input a large corpus of text and produces a vector space, typically of several […]
F-Secure.webp 2018-01-30 12:35:36 NLP Analysis And Visualizations Of #presidentinvaalit2018 (lien direct) During the lead-up to the January 2018 Finnish presidential elections, I collected a dataset consisting of raw Tweets gathered from search words related to the election. I then performed a series of natural language processing experiments on this raw data. The methodology, including all the code used, can be found in an accompanying blog post. […] Guideline
F-Secure.webp 2018-01-26 08:35:43 How To Get Tweets From A Twitter Account Using Python And Tweepy (lien direct) In this blog post, I’ll explain how to obtain data from a specified Twitter account using tweepy and Python. Let’s jump straight into the code! As usual, we’ll start off by importing dependencies. I’ll use the datetime and Counter modules later on to do some simple analysis tasks. from tweepy import OAuthHandler from tweepy import […]
F-Secure.webp 2018-01-17 12:50:21 How To Get Streaming Data From Twitter (lien direct) I occasionally receive requests to share my Twitter analysis tools. After a few recent requests, it finally occurred to me that it would make sense to create a series of articles that describe how to use Python and the Twitter API to perform basic analytical tasks. Teach a man to fish, and all that. In […]
F-Secure.webp 2018-01-12 13:52:31 Further Analysis Of The Finnish Themed Twitter Botnet (lien direct) In a blog post I published yesterday, I detailed the methodology I have been using to discover “Finnish themed” Twitter accounts that are most likely being programmatically created. In my previous post, I called them “bots”, but for the sake of clarity, let’s refer to them as “suspicious accounts”. These suspicious accounts all follow a […]
F-Secure.webp 2018-01-11 15:27:01 Someone Is Building A Finnish-Themed Twitter Botnet (lien direct) Finland will hold a presidential election on the 28th January 2018. Campaigning just started, and candidates are being regularly interviewed by the press and on the TV. In a recent interview, one of the presidential candidates, Pekka Haavisto, mentioned that both his Twitter account, and the account of the current Finnish president, Sauli Niinistö had […]
F-Secure.webp 2018-01-09 14:46:52 Some Notes On Meltdown And Spectre (lien direct) The recently disclosed Meltdown and Spectre vulnerabilities can be viewed as privilege escalation attacks that allow an attacker to read data from memory locations that aren’t meant to be accessible. Neither of these vulnerabilities allow for code execution. However, exploits based on these vulnerabilities could allow an adversary to obtain sensitive information from memory (such […]
F-Secure.webp 2017-12-18 15:48:43 Don\'t Let An Auto-Elevating Bot Spoil Your Christmas (lien direct) Ho ho ho! Christmas is coming, and for many people it’s time to do some online shopping. Authors of banking Trojans are well aware of this yearly phenomenon, so it shouldn’t come as a surprise that some of them have been hard at work preparing some nasty surprises for this shopping season. And that’s exactly […]
F-Secure.webp 2017-11-23 14:16:52 Necurs\' Business Is Booming In A New Partnership With Scarab Ransomware (lien direct) Necurs’ spam botnet business is doing well as it is seemingly acquiring new customers. The Necurs botnet is the biggest deliverer of spam with 5 to 6 million infected hosts online monthly, and is responsible for the biggest single malware spam campaigns. Its service model provides the whole infection chain: from spam emails with malicious […]
F-Secure.webp 2017-11-03 12:39:20 RickRolled by none other than IoTReaper (lien direct) IoT_Reaper overview IoT_Reaper, or the Reaper in short, is a Linux bot targeting embedded devices like webcams and home router boxes. Reaper is somewhat loosely based on the Mirai source code, but instead of using a set of admin credentials, the Reaper tries to exploit device HTTP control interfaces. It uses a range of vulnerabilities […] Cloud APT 37
F-Secure.webp 2017-10-30 18:19:40 Facebook Phishing Targeted iOS and Android Users from Germany, Sweden and Finland (lien direct) Two weeks ago, a co-worker received a message in Facebook Messenger from his friend. Based on the message, it seemed that the sender was telling the recipient that he was part of a video in order to lure him into clicking it. The shortened link was initially redirecting to Youtube.com, but was later on changed […]
F-Secure.webp 2017-10-27 06:41:00 The big difference with Bad Rabbit (lien direct) Bad Rabbit is the new bunny on the ransomware scene. While the security community has concentrated mainly on the similarities between Bad Rabbit and EternalPetya, there’s one notable difference which has not yet gotten too much attention. The difference is that Bad Rabbit’s disk encryption works. EternalPetya re-used the custom disk encryption method from the […]
F-Secure.webp 2017-10-26 14:43:41 Following The Bad Rabbit (lien direct) On October 24th, media outlets reported on an outbreak of ransomware affecting various organizations in Eastern Europe, mainly in Russia and Ukraine. Identified as “Bad Rabbit”, initial reports about the ransomware drew comparisons with the WannaCry and NotPetya (EternalPetya) attacks from earlier this year. Though F-Secure hasn’t yet received any reports of infections from our […] NotPetya Wannacry
F-Secure.webp 2017-09-25 14:59:55 Twitter Forensics From The 2017 German Election (lien direct) Over the past month, I’ve pointed Twitter analytics scripts at a set of search terms relevant to the German elections in order to study trends and look for interference. Germans aren’t all that into Twitter. During European waking hours Tweets in German make up less than 0.5% of all Tweets published. Over the last month, […]
F-Secure.webp 2017-09-14 13:01:36 TrickBot In The Nordics, Episode II (lien direct) The banking trojan TrickBot is not retired yet. Not in the least. In a seemingly never ending series of spam campaigns – not via the Necurs botnet this time – we’ve spotted mails written in Norwegian that appear to be sent by DNB, Norway’s largest bank. The mail wants the recipient to believe that they […]
F-Secure.webp 2017-08-31 11:45:05 Working Around Twitter API Restrictions To Identify Bots (lien direct) Twitter is by far the easiest social media platform to work with programmatically. The Twitter API provides developers with a clean and simple interface to query Twitter’s objects (Tweets, users, timelines, etc.) and bindings to this API exist for many languages. As an example, I’ve been using Tweepy to write Python scripts that work with Twitter data. […]
F-Secure.webp 2017-08-24 15:39:01 Trump Hating South Americans Hacked HBO (lien direct) Last week – I read the message “Mr. Smith” reportedly sent to HBO… and it brought up a few questions. And also, it offered some “answers” to questions that I’m often asked. Questions such as “how much money do cyber criminals make?” Here’s the start of the message. First, let’s examine Mr. Smith and his […]
F-Secure.webp 2017-07-19 14:49:12 Break your own product, and break it hard (lien direct) Hello readers, I am Andrea Barisani, founder of Inverse Path, which is now part of F-Secure. I lead the Hardware Security consulting team within F-Secure's Cyber Security Services. You may have heard of our USB armory product, an innovative compact computer for security applications that is 100% open hardware, open source and Made in Italy. […] Guideline
F-Secure.webp 2017-07-14 14:03:59 Retefe Banking Trojan Targets Both Windows And Mac Users (lien direct) Based on our telemetry, customers (mainly in the region of Switzerland and Germany) are being targeted by a Retefe banking trojan campaign which uses both Windows and macOS-based attachments. Its massive spam run started earlier this week and peaked yesterday afternoon (Helsinki time). TrendMicro did a nice writeup on this threat earlier this week. The […]
F-Secure.webp 2017-07-04 11:26:36 How EternalPetya Encrypts Files In User Mode (lien direct) On Thursday of last week (June 29th 2017), just after writing about EternalPetya, we discovered that the user-mode file encryption-decryption mechanism would be functional, provided a victim could obtain the correct key from the malware’s author. Here’s a description of how that mechanism works. EternalPetya malware uses the standard Win32 crypto API to encrypt data. […]
F-Secure.webp 2017-06-30 12:09:24 What Good Is A Not For Profit (Eternal) Petya? (lien direct) Following up on our post from yesterday, as an intellectual thought experiment, let’s take the position that there’s something to the idea of (Eternal) Petya not being motivated by money/profit. Let’s also just go ahead and imagine that it’s been developed by a nation state. In my mind, it raises the following question: WTF WHY? […]
F-Secure.webp 2017-06-30 10:29:38 (Eternal) Petya From A Developer\'s Perspective (lien direct) In our previous post about Petya, we speculated that the short-cuts, design flaws, and non-functional mechanisms observed in the  malware could have arisen due to it being developed under a tight deadline. I’d now like to elaborate a little on what we meant by that. As a recap, this is what the latest version of Petya […]
F-Secure.webp 2017-06-29 16:21:30 Petya: “I Want To Believe” (lien direct) There’s been a lot of speculation and conjecture around this “Petya” outbreak. A great deal of it seems to have been fueled by confirmation bias (to us, at least). Many things about this malware don’t add up (at first glance). But it wouldn’t be the first time that’s happened. And yet everyone seems to have […]
Last update at: 2024-03-29 09:09:49
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter