Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 25

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.

The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to compromise several devices over the air,” NCC Group security researchers Alex Plaskett and Robert Herrera said.

Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They impact all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023.

Read more | >

By Chuck Brooks

AI agents represent a great leap forward in technology, offering exponential benefits to society. From enhancing scientific research, healthcare, transportation, education, and cybersecurity. There are a lot of different applications that AI agents could help enable in our new digital world, including, foremost, for humans.

Follow me on Twitter or LinkedIn. Check out my website.

Read more | >

It’s easy to think of bacteria as one of the greatest scourges on Earth for the diseases and deaths they cause, and how they repeatedly thwart our best antibiotics, evolving into drug-resistant superbugs.

But really, bacteria are just doing what they’ve always done – finding new ways to survive.

While the search for new antibiotics continues, combination therapies are increasingly being tested to try to clamp down on multiple bacterial escape pathways at once, and limit the chances of microbes developing resistance with successive biological hacks.

Read more | >

Australian businesses are paying untold amounts of ransom to hackers, but the government is hoping to claw back some visibility with a landmark cybersecurity law.

While major ransomware attacks on companies such as MediSecure, Optus and Latitude have grabbed headlines for breaching the privacy of millions, the practice of quietly paying off cybercriminals has flourished in the dark.

The situation has deteriorated to the point that the government’s original ambition for an outright ban on ransom payments has been nixed, for now, and the focus has shifted to mapping the scale of the problem.

Read more | >

Local decentralized energy systems, known as microgrids, can make urban infrastructures more resilient and reduce risks for the population, for example, in large-scale power outages due to natural hazards or cyberattacks.

In Nature Sustainability researchers from Karlsruhe Institute of Technology (KIT) present design criteria for microgrids that allow for fair treatment of different social groups alongside technical factors. The study shows how cities can shape the transformation towards a secure and more sustainable and equitable energy supply.

Climate change increases the probability of extreme events, as we have seen during the massive flooding of large parts of southern Germany in June. The question of how cities and municipalities can make more resilient and more secure in the face of such crises is bringing so-called microgrids into focus.

Read more | >

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform’s Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.

Tenable has given the vulnerability the name ConfusedFunction.

“An attacker could escalate their privileges to the Default Cloud Build Service Account and access numerous services such as Cloud Build, storage (including the source code of other functions), artifact registry and container registry,” the exposure management company said in a statement.

Read more | >

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files.

These new, more detailed warning messages help users quickly learn the nature of the danger presented by each file downloaded from the Internet.

For this, Google introduced a two-tier download warning system that uses AI-powered malware verdicts sourced from its Safe Browsing service to help evaluate the actual risk quickly.

Read more | >