Lifeboat Foundation

As far as data security is concerned, there is an even greater danger than remote cyberattacks: namely tampering with hardware that can be used to read out information—such as credit card data from a card reader. Researchers in Bochum have developed a new method to detect such manipulations. They monitor the systems with radio waves that react to the slightest changes in the ambient conditions. Unlike conventional methods, they can thus protect entire systems, not just individual components—and they can do it at a lower cost. The RUB’s science magazine Rubin features a report by the team from Ruhr-Universität Bochum (RUB), the Max Planck Institute for Security and Privacy and the IT company PHYSEC.

Paul Staat and Johannes Tobisch presented their findings at the IEEE Symposium on Security and Privacy, which took place in the U.S. from 23 to 25 May 2022. Both researchers are doing their Ph.D.s at RUB and conducting research at the Max Planck Institute for Security and Privacy in Bochum in Professor Christof Paar’s team. For their research, they are cooperating with Dr. Christian Zenger from the RUB spin-off company PHYSEC.

In a new letter, Elon Musk threatens to walk away from $44 Billion Twitter deal if the management doesn’t provide more data on total bot counts.

According to a letter sent by Elon Musk’s legal team to Twitter, “Twitter refused to provide the information that Mr. Musk has repeatedly requested since May 9, 2022 to facilitate his evaluation of spam and fake accounts on the company’s platform” and “It’s effort to characterize it otherwise is merely an attempt to obfuscate and confuse the issue”.

The letter also reminded that Musk does not believe the company’s lax testing methodologies are adequate so he must conduct his own analysis and “The data he has requested is necessary to do so”. The letter also said “Mr. Musk is entitled to seek, and Twitter is obligated to provide information and data”.

Circa 2016

Computer programs often contain defects, or bugs, that need to be found and repaired. This manual “debugging” usually requires valuable time and resources. To help developers debug more efficiently, automated debugging solutions have been proposed. One approach goes through information available in bug reports. Another goes through information collected by running a set of test cases. Until now, explains David Lo from Singapore Management University’s (SMU) School of Information Systems, there has been a “missing link” that prevents these information gathering threads from being combined.

Dr Lo, together with colleagues from SMU, has developed an automated debugging approach called Adaptive Multimodal Bug Localisation (AML). AML gleans debugging hints from both bug reports and test cases, and then performs a statistical analysis to pinpoint program elements that are likely to contain bugs.

Continue reading “Automatic debugging of software” »

An Apple Watch owner has created a complication and watchOS app that works with a glucose monitor, so they can keep track of their blood glucose level from their wrist.

Numerous rumors have claimed Apple is actively working on some form of glucose monitoring sensor for the Apple Watch, but has so far yet to add it to the wearable device. In the case of one Apple Watch owner, they managed to hack together their own solution.

The project, outlined by Harley Turan, effectively takes the data from a continuous glucose monitoring system and imports and interprets it in a way that it can be viewed on an Apple Watch. In doing so, the project creates a reasonably low-cost solution for the problem.

The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services.

WeLeakInfo.to was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.

The roughly 7 billion records contained various personally identifiable information (PII), including names, email addresses, usernames, phone numbers, and passwords for online accounts.

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.

While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.

Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting.

SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.

Security researchers at Kaspersky attributed close to 1,000 attacks to this group in the past two years. Among its primary targets are organizations in Pakistan, China, Nepal, and Afghanistan.

WhatsApp is one of the most popular messaging platforms in the world with over 2 billion users. Thanks to its massive user base, it has also become a breeding ground for scammers and hackers involved in malicious activities. Now, according to a recent report, a WhatsApp scam that enables an attacker to take control of a user’s WhatsApp account is currently in operation. Check out the details below right now!

According to a recent report by Gizchina, citing cybersecurity firm CloudSEK, a new scam currently targeting random WhatsApp users lets an attacker completely take control of their WhatsApp account with only a phone call. Once an attacker takes hold of a WhatsApp account, they can demand money from the user’s WhatsApp contacts.

The new scam was recently discovered by Rahul Sasi, who is the founder and CEO of CloudSEK. According to him, the primary objective of the hacker is to randomly call an unsuspecting WhatsApp user and try to convince them to call a specific number. If a user, unfortunately, dials the number as instructed by the attacker, they will be logged out of their WhatsApp account and the hacker will be able to take control of it.

The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday.