Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 71

America is the undisputed world leader in quantum computing even though China spends 8x more on the technology–but an own goal could soon erode U.S. dominance

When it comes to quantum computing, that chilling effect on research and development would enormously jeopardize U.S. national security. Our projects received ample funding from defense and intelligence agencies for good reason. Quantum computing may soon become the https://www.cyberdefensemagazine.com/quantum-security-is-nat...at%20allow, codebreaking%20attacks%20against%20traditional%20encryption" rel="noopener" class="">gold standard technology for codebreaking and defending large computer networks against cyberattacks.

Adopting the proposed march-in framework would also have major implications for our future economic stability. While still a nascent technology today, quantum computing’s ability to rapidly process huge volumes of data is set to revolutionize business in the coming decades. It may be the only way to capture the complexity needed for future AI and machine learning in, say, self-driving vehicles. It may enable companies to hone their supply chains and other logistical operations, such as manufacturing, with unprecedented precision. It may also transform finance by allowing portfolio managers to create new, superior investment algorithms and strategies.

Given the technology’s immense potential, it’s no mystery why China committed what is believed to be more than https://www.mckinsey.com/featured-insights/sustainable-inclu…n-quantum” rel=“noopener” class=””>$15 billion in 2022 to develop its quantum computing capacity–more than double the budget for quantum computing of EU countries and eight times what the U.S. government plans to spend.

LightSpy Spyware’s macOS Variant Found with Advanced Surveillance Capabilities

Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.

The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS, Linux, and routers from NETGEAR, Linksys, and ASUS.

“The Threat actor group used two publicly available exploits (CVE-2018–4233, CVE-2018–4404) to deliver implants for macOS,” ThreatFabric said in a report published last week. “Part of the CVE-2018–4404 exploit is likely borrowed from the Metasploit framework. macOS version 10 was targeted using those exploits.”

Thousands of companies using Ray framework exposed to cyberattacks, researchers say

Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray.

This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing.

According to Ray’s developer, Anyscale, the framework is used by major tech companies such as Uber, Amazon and OpenAI.

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog.

Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds.

“The Hellhounds group compromises organizations they select and gain a foothold on their networks, remaining undetected for years,” security researchers Aleksandr Grigorian and Stanislav Pyzhov said. “In doing so, the group leverages primary compromise vectors, from vulnerable web services to trusted relationships.”

361 million stolen accounts leaked on Telegram added to HIBP

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised.

Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the stolen data is commonly leaked to the channel’s users to build reputation and subscribers.

The stolen data is usually leaked as username and password combinations (usually stolen via credential stuffing attacks or data breaches), username and passwords along with a URL associated with them (stolen via password-stealing malware), and raw cookies (stolen via password-stealing malware).

A Safer Future for AI with Stronger Algorithms

This post is also available in: עברית (Hebrew)

AI technology is spreading quickly throughout many different industries, and its integration depends on users’ trust and safety concerns. This matter becomes complicated when the algorithms powering AI-based tools are vulnerable to cyberattacks that could have detrimental results.

Dr. David P. Woodruff from Carnegie Mellon University and Dr. Samson Zhou from Texas A&M University are working to strengthen the algorithms used by big data AI models against attacks.

Hackers Targeting 1,500 Banks and Their Customers in Push To Drain Accounts Across 60 Countries: Report

Black hat hackers have reportedly unleashed malicious software targeting over 1,500 banks and their customers worldwide.

Security researchers at IBM say a revamped version of the Grandoreiro banking trojan has just rolled out, enabling attackers to perform banking fraud in 60 countries.

The malware allows attackers to send email notices that appear to be urgent government requests for payments.

/* */