Cyber Security Informer

Rust/C++ interop in the Android Platform

Google Security

JUNE 8, 2021

Posted by Joel Galenson and Matthew Maurer, Android Team One of the main challenges of evaluating Rust for use within the Android platform was ensuring we could provide sufficient interoperability with our existing codebase. This post will cover the analysis we did more than a year ago while we evaluated Rust for use in Android.

Engineering

Android is slowly mastering memory management vulnerabilities

Malwarebytes

DECEMBER 4, 2022

I’ve always been a stickler for statistics, but you have to consider the source, the population, and the boundaries for each category, before you know what they are telling you. The result was impressive: To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code. The numbers.

Software

Software Risk Cybersecurity

Scaling security with AI: from detection to solution

Google Security

JANUARY 31, 2024

The potential of this technology should apply to most or all categories throughout the software development process. We also hope to encourage research collaborations and to continue seeing other work inspired by our approach , such as Rust fuzz target generation.

Engineering

Engineering Software Technology

Taking the next step: OSS-Fuzz in 2023

Google Security

FEBRUARY 1, 2023

In addition, we’ve also established two new reward categories that reward wider improvements across all OSS-Fuzz projects, with up to $11,337 available per category. For more details, see the fully updated rules for our dedicated OSS-Fuzz Reward Program.

Software

ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web

Security Affairs

JUNE 16, 2022

The ALPHA/BlackCat is the first professional ransomware strain that was written in the Rust programming language. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. BlackCat can target Windows, Linux, and VMWare ESXi systems, but at this time the number of victims is limited.

Ransomware

Ransomware Cybercrime Malware Advertising

Bad Luck: BlackCat Ransomware Bulletin

Security Boulevard

MAY 9, 2022

Some elements of the ransomware are more concerning than others in the same category, but overall, this ransomware offers no more significant concerns to companies that can avoid it before a true infection takes hold. One of the defining traits of Blackcat over other ransomware-for-hire is the fact that it is written in Rust.

Ransomware

Ransomware Antivirus Backups Passwords

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

Security Affairs

JUNE 16, 2022

The ALPHA/BlackCat is the first professional ransomware strain that was written in the Rust programming language. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. BlackCat can target Windows, Linux, and VMWare ESXi systems, but at this time the number of victims is limited.

Ransomware

Ransomware Cybercrime Malware Advertising

Demystifying the 18 Checks for Secure Scorecards

Security Boulevard

AUGUST 4, 2021

The criteria are grouped into six categories: Basics. The Core Infrastructure Initiative (CII) Best Practices Badge Program is a free, self-certification program that developers can use to assess whether projects are following best practices. Change control. The CII Best Practices check only indicates that a project has self-certified.

Software

Software Risk Government Technology

Gaming-related cyberthreats in 2020 and 2021

SecureList

AUGUST 23, 2021

TOP 10 types of threats that went under the disguise of gaming-related categories, by the number of files, July 2020 – June 2021. TOP 10 types of threats that went under the disguise of gaming-related categories, by the number of attacked users, July 2020 – June 2021. Counter-Strike Global Offensive. 6. FIFA 21. 7. Fortnite.

Adware

Adware Mobile Phishing Malware

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

Tools used by Tomiris fall into three categories: Downloaders, rudimentary malicious programs whose role is to deploy a backdoor or required additional legitimate tools. JLORAT Backdoor Rust Various traces of Russian language in this family. JLOGRAB File stealer Rust Based on JLORAT’s source code.

Malware

Malware DNS Government Software

IT threat evolution in Q1 2023. Non-mobile statistics

SecureList

JUNE 7, 2023

In Q1 2023, we discovered builds from several ransomware families intended for running on Linux and VMWare ESXi servers, namely: ESXiArgs (new family), Nevada (a rebranding of Nokoyawa, which is written in Rust), Royal, IceFire. The second most-exploited category were browser vulnerabilities (7.07%), their share growing by 1 p.p.

Mobile

Mobile Ransomware Malware Adware

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

In late December, several dozen top streamers planned to celebrate the end of 2020 playing through Rust all on the same server. The shares of very short attacks (71.63%) and very long attacks (0.14%) decreased in Q4, while the shares of all intermediate categories increased. We are actively working to mitigate this issue #BlizzCS.

DDOS

DDOS Cryptocurrency Marketing Internet

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

The sample above was submitted by Corelight and investigation confirmed multiple downloads in the training class Windows Reverse Engineering (+Rust) from Scratch (Zero Kernel & All Things In-between) , an authorized activity. Take away those two high volume categories, and the numbers track much better.

Wireless

Wireless DNS Mobile Technology

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Amn Pardaz also released a report about a malicious program called iLOBleed , which affects a management module present on HP servers and should be counted in the same category. The implants of this tool are written in the Rust language for Windows and Linux.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Rust/C++ interop in the Android Platform

Android is slowly mastering memory management vulnerabilities

Trending Sources

Scaling security with AI: from detection to solution

Taking the next step: OSS-Fuzz in 2023

ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web

Bad Luck: BlackCat Ransomware Bulletin

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

Demystifying the 18 Checks for Secure Scorecards

Gaming-related cyberthreats in 2020 and 2021

Tomiris called, they want their Turla malware back

IT threat evolution in Q1 2023. Non-mobile statistics

DDoS attacks in Q4 2020

Black Hat USA 2023 NOC: Network Assurance

Advanced threat predictions for 2023

Stay Connected