Latest news

Max Groot & Ruud van Luijk TL;DR A recently uncovered malware sample dubbed ‘Saitama’ was uncovered by security firm Malwarebytes in a weaponized document, possibly targeted towards the Jordan government. This Saitama implant uses DNS as its sole Command and Control channel and utilizes long sleep times and (sub)domain randomization to evade detection. As no … Continue reading Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study  →

Introduction Last weekend (July 30th) a truly incredible piece of mathematical/cryptanalysis research was put onto eprint. Wouter Castryck and Thomas Decru of KU Leuven published a paper “An efficient key recovery attack on SIDH (preliminary version)” describing a new attack on the Supersingular Isogeny Diffie-Hellman (SIDH) protocol together with a corresponding proof-of-concept implementation. SIDH is … Continue reading Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath →

RT @NCCGroupInfosec: NCC Group Research at Black Hat USA 2022 and DEF CON 30 - RCE-as-a-Service - MacAttack - framework with macro payload…

by Michael Mathews Ransomware has been a concern for everyone over the past several years because of its impact to organisations with the added pressure of extortion and regulatory involvement. However, the question always arises as to how we prevent it. Prevention is better than cure and hindsight is a virtue. This blog post aims … Continue reading Top of the Pops: Three common ransomware entry techniques →

This year, NCC Group researchers will be presenting at least five presentations at Black Hat USA and DEF CON 30. A guide to these presentations (abstracts, dates, and links) is included below. We will also update this post with any additional presentations as they are accepted and announced. Virtually or in-person, we hope you will … Continue reading NCC Group Research at Black Hat USA 2022 and DEF CON 30 →

Happy #NationalInternDay! https://t.co/orrLIcX2ej

The following vulnerabilities were found as part of a research project looking at the state of security of the different Nuki (smart lock) products. The main goal was to look for vulnerabilities which could affect to the availability, integrity or confidentiality of the different devices, from hardware to software. Eleven vulnerabilities were discovered. Below are … Continue reading Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) →

Our latest monthly Threat Pulse from our Strategic Threat Intelligence Practice includes a rundown of the key highlights and trends seen in June, including the most targeted sectors, regions and most active threat actors. https://t.co/oVzqw6GnY3

RT @enjenneer: Check out @NCCGroupInfosec researcher Sultan Qasim Khan on @donutmedia today, demonstrating how his link-layer relay attack…

RT @NCCGroupCareers: Join our mission in making the world safer & more secure as our Senior Security Analyst in the U.S. https://t.co/bkmzv…

Last week, NIST announced some algorithms selected for standardization as part of their Post-Quantum Cryptography project. This is a good opportunity to recall the history of this process, observe its current state, and comment on the selected algorithms. It is important to remember that the process is not finished: round 4 has started, and should … Continue reading NIST Selects Post-Quantum Algorithms for Standardization →