Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 114

The Israeli spyware maker in the Pegasus surveillance scandal said Friday it was investigating reports the firm’s technology was used to target iPhones of some US diplomats in Africa.

Apple has begun alerting people whose phones were hacked by NSO’s spyware, which essentially turns handsets into pocket spying devices and sparked controversy this year after reportedly being used on activists, journalists and politicians.

“On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have,” the firm said in a statement.

Read more | >

Google’s cybersecurity team warns that this is neither the first nor the last time.

Cryptomining is a very energy-intensive process with analysis by the University of Cambridge showing that Bitcoin consumes more electricity than the entire country of Argentina. Now, Google has released a new report stating that malicious cryptocurrency miners are using hacked Google Cloud accounts for mining purposes.

The report is called “Threat Horizons” and it aims to help organizations keep their cloud environments secure.

“While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation. Most recently, our team has responded to cryptocurrency mining abuse, phishing campaigns, and ransomware,” wrote Google in an executive summary of the report.

“Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring, and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact.”

Continue reading “Rogue Miners Are Using Google Cloud Servers to Mine Cryptocurrencies” | >

To address the growing threat of cyberattacks on industrial control systems, a KAUST team including Fouzi Harrou, Wu Wang and led by Ying Sun has developed an improved method for detecting malicious intrusions.

Internet-based are widely used to monitor and operate factories and critical infrastructure. In the past, these systems relied on expensive dedicated networks; however, moving them online has made them cheaper and easier to access. But it has also made them more vulnerable to attack, a danger that is growing alongside the increasing adoption of internet of things (IoT) technology.

Conventional security solutions such as firewalls and are not appropriate for protecting industrial control systems because of their distinct specifications. Their sheer complexity also makes it hard for even the best algorithms to pick out abnormal occurrences that might spell invasion.

Read more | >

In this DNA factory, organism engineers are using robots and automation to build completely new forms of life.
»Subscribe to Seeker! http://bit.ly/subscribeseeker.
»Watch more Focal Point | https://bit.ly/2M3gmbK

Ginkgo Bioworks, a Boston company specializing in “engineering custom organisms,” aims to reinvent manufacturing, agriculture, biodesign, and more.

Biologists, software engineers, and automated robots are working side by side to accelerate the speed of nature by taking synthetic DNA, remixing it, and programming microbes, turning custom organisms into mini-factories that could one day pump out new foods, fuels, and medicines.

While there are possibly numerous positive and exciting outcomes from this research, like engineering gut bacteria to produce drugs inside the human body on demand or building self-fertilizing plants, the threat of potential DNA sequences harnessing a pathological function still exists.

Continue reading “This Synthetic DNA Factory Is Building New Forms of Life” | >

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails.

When threat actors conduct malicious email campaigns, the hardest part is to trick users into trusting the sender enough so that they open up linked to or included malware-distributing attachments.

TrendMicro researchers have discovered an interesting tactic used of distributing malicious email to a company’s internal users using the victim’s compromised Microsoft exchange servers.

Read more | >

Cher sang about manipulating it while Doctor Who dramatized it. This hacker went one better and did it. Here’s how time got hacked.

During a 1961 address to the National Association of Manufacturers in New York City, John F. Kennedy said that “we must use time as a tool, not as a couch.” Fast forward fifty years, and one hacker has demonstrated exactly how to do that: by hacking time.

What is time anyway? What is time? That’s not an easy question to answer definitively.

Just go and search for a definition, and you’ll see what I mean. However, from the broader technological perspective, time depends on how we measure it: it is what those measurements tell us. So, what if those measurements, even ones from the most accurate atomic clock sources around the planet, could be manipulated?

Welcome to the world of hacking time. Welcome to the world of Adam Laurie, the lead hardware hacker with the veteran hacking team that is IBM X-Force Red. It’s worth remembering at this point that hacking is not a crime, and this story serves well to illustrate the fact.

Continue reading “Can Time Be Hacked? Here’s How One Hacker Demonstrated It Can” | >

Researchers at ETH Zurich have discovered major vulnerabilities in DRAM memory devices, which are widely used in computers, tablets and smartphones. The vulnerabilities have now been published together with the National Cyber Security Centre, which for the first time has assigned an identification number for it.

When browsing the internet on a laptop computer or writing messages on a smartphone, we all like to think that we are reasonably safe from as long as we have installed the latest software updates and anti-virus software. But what if the problem lies not with the software, but with the hardware? A team of researchers led by Kaveh Razavi at ETH Zurich, together with colleagues at the Vrije Universiteit Amsterdam and Qualcomm Technologies, have recently discovered fundamental vulnerabilities affecting the memory component called DRAM at the heart of all modern computer systems.

The results of their research have now been accepted for publication at a flagship IT security conference, and the Swiss National Cyber Security Centre (NCSC) has issued a Common Vulnerabilities and Exposures (CVE) number. This is the first time that a CVE identification has been issued by the NCSC in Switzerland (see box below). On a scale of 0 to 10, the severity of the vulnerability has been rated as 9.

Read more | >