Codex Exposed: Task Automation and Response Consistency

Credit to Author: Forward-Looking Threat Research Team| Date: Fri, 21 Jan 2022 00:00:00 +0000

Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage, so we wondered if a tool like Codex was reliable enough to be scripted and left to run unsupervised, generating the required code.

Read more

Cybersecurity for Industrial Control Systems: Part 2

Credit to Author: Ericka Pingol| Date: Thu, 20 Jan 2022 00:00:00 +0000

To cap off the series, we’ll discuss malware detection and distribution in various countries. Our team also rounds up several insights to help strengthen ICS cybersecurity and mitigate malware attacks.

Read more

Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques

Credit to Author: Joseph C Chen| Date: Mon, 17 Jan 2022 00:00:00 +0000

Our technical brief provides an in-depth look at Earth Lusca’s activities, the tools it employs in attacks, and the infrastructure it uses.

Read more

Cybersecurity for Industrial Control Systems: Part 1

Credit to Author: Trend Micro Research| Date: Sat, 15 Jan 2022 00:00:00 +0000

In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats.

Read more

Codex Exposed: How Low Is Too Low When We Generate Code?

Credit to Author: Forward-Looking Threat Research Team| Date: Fri, 14 Jan 2022 00:00:00 +0000

In a series of blog posts, we explore different aspects of Codex and assess its capabilities with a focus on the security aspects that affect not only regular developers but also malicious users. This is the second part of the series.

Read more

Analyzing an Old Bug and Discovering CVE-2021-30995

Credit to Author: Mickey Jin| Date: Fri, 14 Jan 2022 00:00:00 +0000

A vulnerability found in 2021 has been patched and re-patched in the months since it was reported. We analyze the bug and outline the process that led to the discovery of CVE-2021-30995.

Read more

LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk

Credit to Author: Sébastien Dudek| Date: Tue, 11 Jan 2022 00:00:00 +0000

This report is the fourth part of our LoRaWAN security series, and highlights an attack vector that, so far, has not attracted much attention: the LoRaWAN stack. The stack is the root of LoRaWAN implementation and security. We hope to help users secure it and make LoRaWAN communication resistant to critical bugs.

Read more