A step that is surely hated in malware analysis is the repetitive task of creating a virtual machine (VM) and provisioning it with the required programs to do the job. With that in mind, Malboxes was first launched in 2017 to automate this process and therefore to save a lot of time for the malware analysts. This blog post will introduce a newly released feature of this tool that allows to run desktop versions of Windows in the Amazon Elastic Compute Cloud (EC2).
This week, our cybersecurity researcher presents the Spams meet Cryptocurrencies: Sextortion in the Bitcoin Ecosystem research results, at the Advances in Financial Technologies (AFT) academic conference in Zürich. This research, also covered by the MIT technology review, is extensive: it involves an analysis of over 4 million sextortion spams and their associated payments in the Bitcoin ecosystem, to estimate the lower-bound revenue of this new extortion scheme.
Over the years, Find Security Bugs – or FindSecBugs in short – has evolved from a limited static-analysis tool to one with solid coverage of bug patterns. In this post, we will present the latest milestone from the project: arrival in the OWASP family, some figures and details regarding its new release.
GoSecure is encouraging everyone to join Hacktoberfest. GoSecure has multiple projects open to external contributions. For this specific event, we have tagged issues that are accessible to newcomers with the official tag [hacktoberfest].
Butor Portal is affected by a Path Traversal vulnerability leading to pre-authentication arbitrary file downloads. Every file that can be read by the local user running the Butor Portal Web service could be exfiltrated by an anonymous attacker.