Research Blog
Insights and research from our global cybersecurity team.
Sifting through the spines: identifying (potential) Cactus ransomware victims
Authored by Willem Zeeman and Yun Zheng Hu This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. To view all of them please check the central blog by Dutch…
Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis
During the spring of 2024, Google engaged NCC Group to conduct a design review of Confidential Mode for Hyperdisk (CHD) architecture in order to analyze how the Data Encryption Key (DEK) that encrypts data-at-rest is protected. The project was 10 person days and the goal is to validate that the…
Non-Deterministic Nature of Prompt Injection
As we explained in a previous blogpost, exploiting a prompt injection attack is conceptually easy to understand: There are previous instructions in the prompt, and we include additional instructions within the user input, which is merged together with the legitimate instructions in a way that the underlying model cannot distinguish…
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
Ollama is an open-source system for running and managing large language models (LLMs). NCC Group identified a DNS rebinding vulnerability in Ollama that permits attackers to access its API without authorization, and perform various malicious activities, such as exfiltrating sensitive file data from vulnerable systems.
Public Report – Google Privacy Sandbox Aggregation Service and Coordinator
During the winter of 2022, Google engaged NCC Group to conduct an in-depth security review of the Aggregation Service, part of Google’s Privacy Sandbox initiative. Google describes the Aggregation Service as follows: The Privacy Sandbox initiative aims to create technologies that both protect people’s privacy online and give companies and…
Android Malware Vultur Expands Its Wingspan
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using…
LTair: The LTE Air Interface Tool
In this blog post, we introduce LTair, a tool that allows NCC Group to perform different attacks on the LTE Control Plane via the air interface. It gives NCC the capability to assess the correct implementation of the LTE standard in operators’ systems and user equipment. LTair The LTair tool…
The Development of a Telco Attack Testing Tool
This blog details the requirement for testing Telecom networks and one of the tools developed in house to facilitate this testing. Why? Telecoms security has always been an afterthought when the first mobile networks were developed and deployed into the wild. Telecoms security has faced numerous challenges, leading to concerns…
Public Report – AWS Nitro System API & Security Claims Italian
In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in Italian this review may be downloaded…
Public Report – AWS Nitro System API & Security Claims French
In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in French this review may be downloaded…
No Results Found :(
View articles by category
Most popular posts
Most recent posts
- Sifting through the spines: identifying (potential) Cactus ransomware victims
- Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis
- Non-Deterministic Nature of Prompt Injection
- Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
- Public Report – Google Privacy Sandbox Aggregation Service and Coordinator