Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 121

THE personal records of 38million people were accidentally leaked on the open internet due to a flaw in more than a thousand Microsoft web apps, according to reports.

American Airlines, Ford, J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools were among the companies and organizations affected by the mistake.

The data mistakenly shared online included information from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases, according to Wired.

Read more | >

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.

Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards.

When plugging in a Razer device into Windows 10 or Windows 11 the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons.

Read more | >

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

ProxyShell is the name of an attack consisting of three chained Microsoft Exchange vulnerabilities that result in unauthenticated, remote code execution.

The three vulnerabilities were discovered by Devcore Principal Security Researcher Orange Tsai, who chained them together to take over a Microsoft Exchange server in April’s Pwn2Own2021hacking contest.

Read more | >

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date.

The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. “Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests,” the company noted, at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks.

Read more | >

Uptycs Threat Research Team has discovered malware that not only hijacks vulnerable *nix-based servers and uses them to mine cryptocurrency but actually modifies their CPU configurations in a bid to increase mining performance at the cost of performance in other applications.

Perpetrators use a Golang-based worm to exploit known vulnerabilities like CVE-2020–14882 (Oracle WebLogic) and CVE-2017–11610 (Supervisord) to gain access to Linux systems, reports The Record. Once they hijack a machine, they use model-specific registers (MSR) to disable the hardware prefetcher, a unit that fetches data and instructions from the memory into the L2 cache before they are needed.

Read more | >

The covid-19 pandemic has reinforced humanity’s dependence on modern tech, but the same tools that enable remote working are also being used to spread disinformation and perpetuate cybercrime. Ambivalence towards technology is nothing new.

Read more of our coverage of Science & technology: https://econ.st/3CdkVa5

See our Technology Quarterlies: https://econ.st/3jldAN6

Why is pessimism about the impact of technology nothing new? https://econ.st/3Cfme8B

Continue reading “Should we be worried about technology? | The Economist” | >

The goal is to pre-empt the fall of traditional cryptography likely to follow the quantum revolution.

A research team with the Technical University of Munich (TUM) have designed a quantum cryptography chip aimed at the security demands of the quantum computing revolution. The RISC-V chip, which was already sent to manufacturing according to the researchers’ design, aims to be a working proof of concept for protecting systems against quantum computing-based attacks, which are generally considered to be one of the most important security frontiers of the future. Alongside the RISC-V based hardware implementation (which includes ASIC and FPGA structures), the researchers also developed 29 additional instructions for the architecture that enable the required workloads to be correctly processed on-chip.

Traditional cryptography is generally based on both the sender and receiver holding the same “unlock” key for any given encrypted data. These keys (which may include letters, digits, and special characters) have increased in length as time passes, accompanying increases in hardware performance available in the general computing sphere. The idea is to thwart brute-force attacks that would simply try out enough character combinations that would allow them to eventually reach the correct answer that unlocks the encrypted messages’ contents. Given a big enough size of the security key (and also depending on the encryption protocol used), it’s virtually impossible for current hardware — even with the extreme parallelization enabled by the most recent GPUs — to try out enough combinations in a short enough timeframe to make the effort worthwhile.

Read more | >