Google rolled out patches for the flaws in a December security update, so Android users should make sure they’ve updated their mobile OSes.
Category: cybercrime/malcode – Page 106
This could lead to a truly random number generator making things much more secure.
Random numbers are crucial for computing, but our current algorithms aren’t truly random. Researchers at Brown University have now found a way to tap into the fluctuations of quasiparticles to generate millions of truly random numbers per second.
Random number generators are key parts of computer software, but technically they don’t quite live up to their name. Algorithms that generate these numbers are still deterministic, meaning that anyone with enough information about how it works could potentially find patterns and predict the numbers produced. These pseudo-random numbers suffice for low stakes uses like gaming, but for scientific simulations or cybersecurity, truly random numbers are important.
In recent years scientists have turned to the strange world of quantum physics for true randomization, using photons to generate strings of random ones and zeroes or tapping into the quantum vibrations of diamond. And for the new study, the Brown scientists tried something similar.
Researchers in Beijing have set a new quantum secure direct communication (QSDC) world record of 102.2 km (64 miles), smashing the previous mark of 18 km (11 miles), The Eurasian Times reported. Transmission speeds were extremely slow at 0.54 bits per second, but still good enough for text message and phone call encryption over a distance of 30 km (19 miles), wrote research lead Long Guilu in Nature. The work could eventually lead to hack-proof communication, as any eavesdropping attempt on a quantum line can be instantly detected.
QSDC uses the principal of entanglement to secure networks. Quantum physics dictates that entangled particles are linked, so that if you change the property of one by measuring it, the other will instantly change, too — effectively making hacking impossible. In theory, the particles stay linked even if they’re light-years apart, so such systems should work over great distances.
The same research team set the previous fiber record, and devised a “novel design of physical system with a new protocol” to achieve the longer distance. They simplified it by eliminating the “complicated active compensation subsystem” used in the previous model. “This enables an ultra-low quantum bit error rate (QBER) and the long-term stability against environmental noises.”
The US government has detailed how North Korean state-sponsored attackers have been hacking cryptocurrency firms using phishing, malware and exploits to steal funds and initiate fraudulent blockchain transactions.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) have issued a joint cybersecurity advisory to warn all businesses in cryptocurrency to watch out for attacks from North Korean state-sponsored hackers.
Phishing attacks are cyber-attacks through which criminals trick users into sending them money and sensitive information, or into installing malware on their computer, by sending them deceptive emails or messages. As these attacks have become increasingly widespread, developers have been trying to develop more advanced tools to detect them and protect potential victims.
Researchers at Monash University and CSIRO’s Data61 in Australia have recently developed a machine learning-based approach that could help users to identify phishing emails, so that they don’t inadvertently install malware or send sensitive data to cyber-criminals. This model was introduced in a paper pre-published on arXiv and set to be presented at AsiaCCS 2022, a cyber-security conference.
“We have identified a gap in current phishing research, namely realizing that existing literature focuses on rigorous ‘black and white’ methods to classify whether something is a phishing email or not,” Tingmin (Tina) Wu, one of the researchers who carried out the study, told TechXplore.
A shadow war is a war that, officially, does not exist. As mercenaries, hackers and drones take over the role armies once played, shadow wars are on the rise.
States are evading their responsibilities and driving the privatization of violence. War in the grey-zone is a booming business: Mercenaries and digital weaponry regularly carry out attacks, while those giving orders remain in the shadows.
Despite its superior army, the U.S. exhausted its military resources in two seemingly endless wars. Now, the superpower is finally bringing its soldiers home. But while the U.S.’s high-tech army may have failed in Afghanistan, it continues to operate outside of official war zones. U.S. Special Forces conduct targeted killings, using drones, hacks and surveillance technologies. All of this is blurring the lines between war and peace.
The documentary also shows viewers how Russian mercenaries and hackers destabilized Ukraine. Indeed, the last decade has seen the rise of cyberspace armament. Hacking, sometimes subsidized by states, has grown into a thriving business. Digital mercenaries sell spy software to authoritarian regimes. Criminal hackers attack any target that can turn a profit for their clients.
But the classic mercenary business is also taking off, because states no longer want their official armies to go into battle. Former mercenary Sean McFate outlines how privatizing warfare creates an even greater demand for it. He warns that a world of mercenaries is a world dominated by war.
#documentary #dwdocumentary.
The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.
The VMware vulnerability (CVE-2022–22960) was patched on April 6th, and it allows attackers to escalate privileges to root on vulnerable servers due to improper permissions in support scripts.
A Chrome zero-day was also included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, a bug tracked as CVE-2022–1364 and allowing remote code execution due to a V8 type confusion weakness.