New joint TAG/Mandiant research on a hybrid Russian espionage/influence campaign (UNC5812) targeting potential Ukrainian military recruits with malware and spreading anti-mobilization narratives

🆕🚨 New analysis from @Google TAG on suspected APT29 waterholes against 🇲🇳 gov. n-day exploits targeting iOS and Android we first observed in use from commercial surveillance vendors🫢 more details in the blog! awesome work from @_clem1 and team🤝 https://t.co/mxodD8gk4d

"Where it is not possible to prevent the theft of credentials and cookies by malware, the next best thing is making the attack more observable by antivirus, endpoint detection agents, or enterprise administrators with basic log analysis tools" https://t.co/5Y1MnovKGY

Honoured to be presenting the keynote for @NorthSec_io this year. If you are in the neighbourhood May 16-17 come say hi, tickets are still available😺 Unpack all malware with a single breakpoint? Maybe? And I promise I won't mention anything about LLMs! https://t.co/iLkaAa9Y1J

So impressed by @j00ru's Project Zero journey looking for security issues in the important and complex Windows registry. Great writeup outlining his thought-process... good lessons for us all! https://t.co/qTJO4z2pfv

🪲And the 2023 Year in Review of Zero-Days Exploited In-the-Wild is out! This year I teamed up with @JaredSemrau & James from Mandiant to write a joint report combining our expertise and providing a more holistic view on in-the-wild 0-days in 2023 🔥🧐 https://t.co/6INizgzKwg

A review of zero-day in-the-wild exploits in 2023 @google

Launching today our new report "Tool of First Resort: Israel-Hamas War in Cyber" https://t.co/BPJZHa0uUB Cyber provides a lower-cost, lower-risk way for rivals to engage in conflict, gather information, disrupt daily life, and shape public perceptions. 🧵

Buying Spying: How the commercial surveillance industry works and what can be done about it @google

Spyware is used against high-risk users: journalists, human rights defenders, dissidents and political opponents. I'm particularly proud of our latest work, shedding light on Commercial Surveillance Vendors who make $$$ exploiting vulnerable systems and users. 🧵

We're announcing new support for Quebec's cybersecurity ecosystem by providing a $1.3M grant to the Multidisciplinary Institute for Cybersecurity and Cyber Resilience, a project by @polymtl, to support research that addresses the rising global cyber risks.

New malware from 🇷🇺 with ❤️, COLDRIVER deploying a custom tool, SPICA, in small number of targeted campaigns. Great write up from @wxs @auroracath and @Google TAG. actor to keep an 👁️ on moving into 2024! https://t.co/0rzO3EYRGF

💪🏼 Yesterday @_clem1 and @vladhiewsha discovered and reported a new ITW 0-day to the Chrome team. TODAY, 1 day later, Chrome has a fix out to protect users!!! Thank you, Chrome! CVE-2023-7024 https://t.co/2tkx0Zc9pf

🪲 New blog from me, @_clem1, and Kristen on the Zimbra in-the-wild 0-day, CVE-2023-37580, discovered by TAG in the summer. We discovered 4 different campaigns using the bug against organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan. https://t.co/m1vxz51QMC

Government-backed actors exploiting WinRAR vulnerability @google

Félicitations à toute l’équipe de l’Institut Multidisciplinaire en Cybersécurité et Cyberrésience (ou IMC2 - vive les acronymes!) @polymtl @HEC_Montreal @UMontreal. Le Québec est un véritable hub Cyber 🌐 qui mérite de rayonner et votre travail y contribuera grandement.

In the spirit of "this talk could've been a tweet", I just pushed a button: #BinDiff is now open source. - Snapshot release, no major new functionality - Release binaries later today or tomorrow - This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)

NEW @citizenlab report: Egyptian 🇪🇬 Presidential candidate hacked with #Predator spyware Working w/ @Google TAG, we discovered three #Apple zero days (hence emergency patches last night) Details 👇 https://t.co/ZyAluqT1Nm

Great post by @maddiestone, patch now! 0-days exploited by commercial surveillance vendor in Egypt @google https://t.co/7RyHhyRPXk.

Active North Korean campaign targeting security researchers @google