TFL: Targeted Bit-Flip Attack on Large Language Model

Large language models LLMs are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks BFAs, which exploit computer main memory i.e., DRAM vulnerabilitie...

When You’re Always Under #DDoS Attack

We recently mitigated a 1.55 terabit per second Tbps, DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service DNS provider. I’ve personally used them for over a decade to register domains for all the projects I will never complete or, tbh, start. But...

Potential cybersecurity impacts of Russia’s invasion of Ukraine

On Thursday night, Russia launched a military invasion of its neighbor and former Soviet Union member Ukraine, drawing a broad rebuke from international leaders, along with significant protest from the Russian public. The toll of human life from this war is unknown, and, like the many internation...

BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained

SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...

China Chip Hack Shines Spotlight on Hardware and Supply-Chain Risk

Recent revelations in the press regarding hardware implants and supply-chain compromise are troubling and should be seen as an opportunity to assess our current threat model and security approach. This recently revealed situation is the hardware analogue to the software supply chain compromises w...

China Chip Hack Shines Spotlight on Hardware and Supply-Chain Risk

Recent revelations in the press regarding hardware implants and supply-chain compromise are troubling and should be seen as an opportunity to assess our current threat model and security approach. This recently revealed situation is the hardware analogue to the software supply chain compromises w...

Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World

Introduction Of all the forms of attack against financial institutions around the world, the one that brings traditional crime and cybercrime together the most is the malicious ecosystem that exists around ATM malware. Criminals from different backgrounds work together with a single goal in mind:...

Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare

Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks. Download: digitalunderground128.mp3...

Hollywood wants Right to use Malware to hack the computers of Pirates

In the constant battle between illegal file sharers Pirates and the entertainment industry Hollywood supplying the protected digital materials, the pirates have been staying one step ahead, although the industry may soon have a powerful new weapon in their arsenal. A new report released by the...

Spamhaus DDoS Attacks Triple Size of Attacks on US Banks

So you thought the 100 Gbps distributed denial-of-service attacks against U.S. banks were big? Ongoing attacks against Spamhaus have three times the fury and have affected unrelated online services as collateral damage. Attackers from Dutch webhost Cyberbunker are turning on a firehose of bad...

Cyberwar Name Game a Dangerous Play

SAN JUAN, Puerto Rico – The term “cyberwar” is the “zero day” of security jargon; it’s getting so that every bug is a zero day and every attack is hash-tagged cyberwar. This serves only to distract smart people from making smart decisions. Too much brainpower and bandwidth is being wasted on...