БЛОГ

Archive for the ‘cybercrime/malcode’ category: Page 62

Jun 7, 2022

Radio waves for the detection of hardware tampering

Posted by in category: cybercrime/malcode

As far as data security is concerned, there is an even greater danger than remote cyberattacks: namely tampering with hardware that can be used to read out information—such as credit card data from a card reader. Researchers in Bochum have developed a new method to detect such manipulations. They monitor the systems with radio waves that react to the slightest changes in the ambient conditions. Unlike conventional methods, they can thus protect entire systems, not just individual components—and they can do it at a lower cost. The RUB’s science magazine Rubin features a report by the team from Ruhr-Universität Bochum (RUB), the Max Planck Institute for Security and Privacy and the IT company PHYSEC.

Paul Staat and Johannes Tobisch presented their findings at the IEEE Symposium on Security and Privacy, which took place in the U.S. from 23 to 25 May 2022. Both researchers are doing their Ph.D.s at RUB and conducting research at the Max Planck Institute for Security and Privacy in Bochum in Professor Christof Paar’s team. For their research, they are cooperating with Dr. Christian Zenger from the RUB spin-off company PHYSEC.

Jun 7, 2022

Musk will drop Twitter deal if data on bots not provided

Posted by in categories: cybercrime/malcode, Elon Musk, law, robotics/AI

In a new letter, Elon Musk threatens to walk away from $44 Billion Twitter deal if the management doesn’t provide more data on total bot counts.

According to a letter sent by Elon Musk’s legal team to Twitter, “Twitter refused to provide the information that Mr. Musk has repeatedly requested since May 9, 2022 to facilitate his evaluation of spam and fake accounts on the company’s platform” and “It’s effort to characterize it otherwise is merely an attempt to obfuscate and confuse the issue”.

The letter also reminded that Musk does not believe the company’s lax testing methodologies are adequate so he must conduct his own analysis and “The data he has requested is necessary to do so”. The letter also said “Mr. Musk is entitled to seek, and Twitter is obligated to provide information and data”.

Jun 7, 2022

Automatic debugging of software

Posted by in categories: cybercrime/malcode, robotics/AI

Circa 2016


Computer programs often contain defects, or bugs, that need to be found and repaired. This manual “debugging” usually requires valuable time and resources. To help developers debug more efficiently, automated debugging solutions have been proposed. One approach goes through information available in bug reports. Another goes through information collected by running a set of test cases. Until now, explains David Lo from Singapore Management University’s (SMU) School of Information Systems, there has been a “missing link” that prevents these information gathering threads from being combined.

Dr Lo, together with colleagues from SMU, has developed an automated debugging approach called Adaptive Multimodal Bug Localisation (AML). AML gleans debugging hints from both bug reports and , and then performs a statistical analysis to pinpoint program elements that are likely to contain bugs.

Continue reading “Automatic debugging of software” »

Jun 4, 2022

Homebrew project adds continuous glucose monitoring to the Apple Watch

Posted by in categories: biotech/medical, cybercrime/malcode, wearables

An Apple Watch owner has created a complication and watchOS app that works with a glucose monitor, so they can keep track of their blood glucose level from their wrist.

Numerous rumors have claimed Apple is actively working on some form of glucose monitoring sensor for the Apple Watch, but has so far yet to add it to the wearable device. In the case of one Apple Watch owner, they managed to hack together their own solution.

The project, outlined by Harley Turan, effectively takes the data from a continuous glucose monitoring system and imports and interprets it in a way that it can be viewed on an Apple Watch. In doing so, the project creates a reasonably low-cost solution for the problem.

Jun 2, 2022

FBI seizes domains used to sell stolen data, DDoS services

Posted by in category: cybercrime/malcode

The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services.

WeLeakInfo.to was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.

The roughly 7 billion records contained various personally identifiable information (PII), including names, email addresses, usernames, phone numbers, and passwords for online accounts.

Jun 2, 2022

New Windows Search zero-day added to Microsoft protocol nightmare

Posted by in category: cybercrime/malcode

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.

While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.

Jun 1, 2022

SideWinder hackers plant fake Android VPN app in Google Play Store

Posted by in categories: cybercrime/malcode, mobile phones

Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting.

SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.

Security researchers at Kaspersky attributed close to 1,000 attacks to this group in the past two years. Among its primary targets are organizations in Pakistan, China, Nepal, and Afghanistan.

May 31, 2022

This WhatsApp Scam Lets Hackers Take Control of Your Account with One Phone Call!

Posted by in category: cybercrime/malcode

WhatsApp is one of the most popular messaging platforms in the world with over 2 billion users. Thanks to its massive user base, it has also become a breeding ground for scammers and hackers involved in malicious activities. Now, according to a recent report, a WhatsApp scam that enables an attacker to take control of a user’s WhatsApp account is currently in operation. Check out the details below right now!

According to a recent report by Gizchina, citing cybersecurity firm CloudSEK, a new scam currently targeting random WhatsApp users lets an attacker completely take control of their WhatsApp account with only a phone call. Once an attacker takes hold of a WhatsApp account, they can demand money from the user’s WhatsApp contacts.

The new scam was recently discovered by Rahul Sasi, who is the founder and CEO of CloudSEK. According to him, the primary objective of the hacker is to randomly call an unsuspecting WhatsApp user and try to convince them to call a specific number. If a user, unfortunately, dials the number as instructed by the attacker, they will be logged out of their WhatsApp account and the hacker will be able to take control of it.

May 31, 2022

Italy warns organizations to brace for incoming DDoS attacks

Posted by in category: cybercrime/malcode

The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday.

May 31, 2022

Hacker Stole Verizon Employee Data, Holds It For $250,000 Ransom

Posted by in category: cybercrime/malcode

Verizon has suffered a data breach. A hacker recently accessed the company’s employee database and stole personally identifiable information about hundreds of its employees. The stolen information includes the full name, phone number, email address, and corporate ID numbers.

According to a Motherboard report, the hacker got access to the Verizon database by tricking an employee to grant them remote access to their corporate computer. They posed as internal support and convinced the victim through social engineering. Once the hacker had access to the database, they launched a script to copy the information.

“These employees are idiots,” the hacker told Motherboard in an online chat. They shared the stolen data, perhaps part of it, with the publication. The report suggests the information is accurate but unclear how up to date. The publication called some of the phone numbers and four people confirmed their full names and email addresses. They also confirmed that they work at Verizon.

Page 62 of 195First5960616263646566Last