You may want to think twice before giving the parking attendant your Tesla-issued NFC card.
Category: cybercrime/malcode – Page 110
According to multiple news reports, Twitter plans to give Elon Musk access to its “firehose” of raw data on hundreds of millions of daily tweets in an effort to speed up the Tesla billionaire’s $44 billion acquisition of the social media platform. The data-sharing agreement was not confirmed by the lawyers involved in the deal. Musk was silent on Twitter, despite having previously expressed his displeasure with various aspects of the deal.
Twitter declined to comment on the reports, pointing to a statement released on Monday in which the company stated that it is continuing to “cooperate” and share information with Musk, who in April entered into a legally binding agreement to purchase Twitter, claims that the transaction cannot go forward until the firm discloses more information on the frequency of bogus accounts on its network. He claims, without providing evidence, that Twitter has grossly underestimated the number of “spam bots” on its platform, which are automated accounts that typically promote scams and misinformation.
On Monday, the Attorney General of the State of Texas, Ken Paxton, said that his office will be investigating “possible false reporting” of bot activity on Twitter as part of an inquiry against Twitter for allegedly failing to disclose the scale of its spam bot and fake account activity. According to a source familiar with the situation, Twitter’s plan to give Musk full access to the firehose was first reported by the Washington Post. According to other reports, the billionaire may only have limited access.
As far as data security is concerned, there is an even greater danger than remote cyberattacks: namely tampering with hardware that can be used to read out information—such as credit card data from a card reader. Researchers in Bochum have developed a new method to detect such manipulations. They monitor the systems with radio waves that react to the slightest changes in the ambient conditions. Unlike conventional methods, they can thus protect entire systems, not just individual components—and they can do it at a lower cost. The RUB’s science magazine Rubin features a report by the team from Ruhr-Universität Bochum (RUB), the Max Planck Institute for Security and Privacy and the IT company PHYSEC.
Paul Staat and Johannes Tobisch presented their findings at the IEEE Symposium on Security and Privacy, which took place in the U.S. from 23 to 25 May 2022. Both researchers are doing their Ph.D.s at RUB and conducting research at the Max Planck Institute for Security and Privacy in Bochum in Professor Christof Paar’s team. For their research, they are cooperating with Dr. Christian Zenger from the RUB spin-off company PHYSEC.
In a new letter, Elon Musk threatens to walk away from $44 Billion Twitter deal if the management doesn’t provide more data on total bot counts.
According to a letter sent by Elon Musk’s legal team to Twitter, “Twitter refused to provide the information that Mr. Musk has repeatedly requested since May 9, 2022 to facilitate his evaluation of spam and fake accounts on the company’s platform” and “It’s effort to characterize it otherwise is merely an attempt to obfuscate and confuse the issue”.
The letter also reminded that Musk does not believe the company’s lax testing methodologies are adequate so he must conduct his own analysis and “The data he has requested is necessary to do so”. The letter also said “Mr. Musk is entitled to seek, and Twitter is obligated to provide information and data”.
Circa 2016
Computer programs often contain defects, or bugs, that need to be found and repaired. This manual “debugging” usually requires valuable time and resources. To help developers debug more efficiently, automated debugging solutions have been proposed. One approach goes through information available in bug reports. Another goes through information collected by running a set of test cases. Until now, explains David Lo from Singapore Management University’s (SMU) School of Information Systems, there has been a “missing link” that prevents these information gathering threads from being combined.
Dr Lo, together with colleagues from SMU, has developed an automated debugging approach called Adaptive Multimodal Bug Localisation (AML). AML gleans debugging hints from both bug reports and test cases, and then performs a statistical analysis to pinpoint program elements that are likely to contain bugs.
“While most past studies only demonstrate the applicability of similar solutions for small programs and ‘artificial bugs’ [bugs that are intentionally inserted into a program for testing purposes], our approach can automate the debugging process for many real bugs that impact large programs,” Dr Lo explains. AML has been successfully evaluated on programs with more than 300,000 lines of code. By automatically identifying buggy code, developers can save time and redirect their debugging effort to designing new software features for clients.
An Apple Watch owner has created a complication and watchOS app that works with a glucose monitor, so they can keep track of their blood glucose level from their wrist.
Numerous rumors have claimed Apple is actively working on some form of glucose monitoring sensor for the Apple Watch, but has so far yet to add it to the wearable device. In the case of one Apple Watch owner, they managed to hack together their own solution.
The project, outlined by Harley Turan, effectively takes the data from a continuous glucose monitoring system and imports and interprets it in a way that it can be viewed on an Apple Watch. In doing so, the project creates a reasonably low-cost solution for the problem.
The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services.
WeLeakInfo.to was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.
The roughly 7 billion records contained various personally identifiable information (PII), including names, email addresses, usernames, phone numbers, and passwords for online accounts.
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.
The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.
While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.
Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting.
SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.
Security researchers at Kaspersky attributed close to 1,000 attacks to this group in the past two years. Among its primary targets are organizations in Pakistan, China, Nepal, and Afghanistan.
WhatsApp is one of the most popular messaging platforms in the world with over 2 billion users. Thanks to its massive user base, it has also become a breeding ground for scammers and hackers involved in malicious activities. Now, according to a recent report, a WhatsApp scam that enables an attacker to take control of a user’s WhatsApp account is currently in operation. Check out the details below right now!
According to a recent report by Gizchina, citing cybersecurity firm CloudSEK, a new scam currently targeting random WhatsApp users lets an attacker completely take control of their WhatsApp account with only a phone call. Once an attacker takes hold of a WhatsApp account, they can demand money from the user’s WhatsApp contacts.
The new scam was recently discovered by Rahul Sasi, who is the founder and CEO of CloudSEK. According to him, the primary objective of the hacker is to randomly call an unsuspecting WhatsApp user and try to convince them to call a specific number. If a user, unfortunately, dials the number as instructed by the attacker, they will be logged out of their WhatsApp account and the hacker will be able to take control of it.