Lifeboat Foundation

Researchers at Rice University have shown how they can hack the brains of fruit flies to make them remote controlled. The flies performed a specific action within a second of a command being sent to certain neurons in their brain.

The team started by genetically engineering the flies so that they expressed a certain heat-sensitive ion channel in some of their neurons. When this channel sensed heat, it would activate the neuron – in this case, that neuron caused the fly to spread its wings, which is a gesture they often use during mating.

Continue reading “Scientists hack fly brains to make them remote controlled” »

Flipkart-owned Cleartrip, a flight booking platform, said that it suffered a major data breach in its internal systems.

In an email to customers, the company stated, “This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems.”

However, the travel company assured them that no sensitive information pertaining to a user’s account had been compromised due to this incident, apart from a few personal details.

Researchers have raised the alarm about a “sudden” spike in cyberattacks attempting to exploit an unpatched vulnerability in WordPress Plugin.

Pegasus spy software was used to hack into the devices of dozens of Thai pro-democracy activists as part of an extensive espionage operation.

Pegasus spy software was used to hack into the devices of dozens of Thai pro-democracy activists as part of an extensive espionage operation.

An innovative new collaboration between EPFL’s HexHive Laboratory and Oracle has developed automated, far-reaching technology in the ongoing battle between IT security managers and attackers, hoping to find bugs before the hackers do.

On the 9th of December 2021 the world of IT security went into a state of shock. Before its developers even knew it, the log4j application—part of the Apache suite used on most web servers—was being exploited by hackers, allowing them to take control of servers and data centers all over the world.

The Wall Street Journal reported news that nobody wanted to hear: “U.S. officials say hundreds of millions of devices are at risk. Hackers could use the bug to steal data, install malware or take control.”

The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, according to a report from the cybersecurity firm Sophos. More than two-thirds of healthcare organizations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.

Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021.

“The current outlook is terrible,” said Israel Barak, CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.”

Check Point Research, the Threat Intelligence division of the company, a leading global cybersecurity specialist provider, has released its Global Threat Index for the month of June 2022. Researchers have found that Emotet continues to be the number one malware and has also increased its global incidence by around 6%. Continuing with its climb of the last month, Snake Keylogger sneaks into the top three positions, taking the Formbook position, both still far from Emotet.

Emotet, has affected 14% of organizations around the world in June, an increase that is almost double compared to the previous month. This malware is highly profitable thanks to its ability to go unnoticed. Its persistence also makes it difficult to remove once a device is infected, making it the perfect tool in a cybercriminal’s arsenal. Conceived as a banking Trojan, it is often distributed via phishing emails and has the ability to embed other malware, increasing its ability to cause widespread damage.

Continue reading “The most dangerous keylogger malware of 2022: Snake Keylogger” »

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple’s operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware.

“An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a write-up.

Tracked as CVE-2022–26706 (CVSS score: 5.5), the security vulnerability impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022.

Security experts from paluno, the Ruhr Institute for Software Technology at the University of Duisburg-Essen (UDE) have developed a new technique that, for the first time, enables fuzz testing of protected memory areas in modern processors. Their method revealed many vulnerabilities in security-critical software.

Intel’s “Software Guard Extension” (SGX) is a widely used technology to protect sensitive data from misuse. It helps developers in shielding a certain memory area from the rest of a computer. A password manager, for example, can be executed safely in such an enclave, even if the rest of the system is corrupted by malware.

However, it is not uncommon for errors to creep in during the programming of the enclaves. Already in 2020, the paluno team from Prof. Dr. Lucas Davi discovered and published several vulnerabilities in SGX enclaves. Now, together with partners form the CASA cluster of excellence, the researchers have achieved another breakthrough in the analysis techniques: Their latest development enables the fuzz testing of enclaves, which is much more effective than the previously used symbolic execution. The idea behind fuzz testing is to feed a large number of inputs into a program in order to gain insights into the structure of the code.