Lifeboat Foundation

Engineers have designed a computer processor that thwarts hackers by randomly changing its microarchitecture every few milliseconds. Known as Morpheus, the puzzling processor has now aced its first major tests, repelling hundreds of professional hackers in a DARPA security challenge.

In 2017, DARPA backed the University of Michigan’s Morpheus project with US$3.6 million in funding, and now the novel processor has been put to the test. Over four months in 2020, DARPA ran a bug bounty program called Finding Exploits to Thwart Tampering (FETT), pitting 525 professional security researchers against Morpheus and a range of other processors.

The goal of the program was to test new hardware-based security systems, which could protect data no matter how vulnerable the underlying software was. Morpheus was mocked up to resemble a medical database, complete with software vulnerabilities – and yet, not a single attack made it through its defenses.

Android malware known as FluBot is continuing to cause mayhem across some European countries, and there is speculation that the threat actors behind it may decide to target other geographies, including the United States. Here’s why you should be vigilant, how FluBot operates, and how you can remove this Android nasty from your device.

It’s also worth noting that this advice will help you stay safe from other Android malware strains. In recent days, cybercriminals have begun to target Europeans with TeaBot (also known as Anatsa or Toddler), an Android malware family that uses exactly the same technique as FluBot to spread and to lure users into giving up their sensitive data. FluBot and TeaBot are detected by ESET products as variants of the Android/TrojanDropper. Agent family.

I could probably be described as a SpaceX enthusiast. I catch their launches when I can, and I’ve watched the development of Starship with great interest. But the side-effect of SpaceX’s reusable launch system is that getting to space has become a lot cheaper. Having excess launch capacity means that space projects that were previously infeasible become suddenly at least plausible. One of those is Starlink.

Starlink is SpaceX’s satellite Internet service. Wireless and cellular internet have helped in some places, but if you really live out in the sticks, satellite internet is your only option. And while satellite Internet isn’t exactly new, Starlink is a bit different. Hughesnet, another provider, has a handful of satellites in geostationary orbit, which is about 22000 miles above the earth. To quote Grace Hopper, holding a nearly foot-long length of wire representing a nanosecond, “Between here and the satellite, there are a very large number nanoseconds.”

Continue reading “Starlink: A Review And Some Hacks” »

The agency’s Digital Forensics Unit wants to “tame the cybersecurity research into measured, repeatable, consistent digital forensics processes.”

We have developed and tested a secure new computer processor that thwarts hackers by randomly changing its underlying structure, thus making it virtually impossible to hack.

Last summer, 525 security researchers spent three months trying to hack our Morpheus processor as well as others. All attempts against Morpheus failed.

This study was part of a program sponsored by the U.S. Defense Advanced Research Program Agency to design a secure processor that could protect vulnerable software. DARPA released the results on the program to the public for the first time in January 2021.

Network defenders face the constant challenge of effectively preventing, detecting, and responding to cyber incidents.

Our new Scalable Warning and Resilience Model (SWARM) can help enable defenders to proactively protect their systems.

Today’s evolving cyber threats require a tailored and targeted approach to cybersecurity. Current defenses focus on managing threats after a network has been breached. RAND’s Scalable Warning and Resilience Model (SWARM) can help defenders proactively protect their systems through early warning of cyber incidents before they occur.

The need for more web watchmen spans from private businesses to government agencies, experts say, and most of the job openings are in California, Florida, Texas and Virginia. That means for anyone looking to switch careers and considering a job in cybersecurity, there’s no greater time than now to find work, the job trackers said.

“You don’t have to be a graduate of MIT to work in cybersecurity,” said Tim Herbert, executive vice president for research at CompTIA. “It just requires someone who has the proper training, proper certification and is certainly committed to the work.”

A group of “ethical hackers” has obtained access to sensitive systems and proprietary online data hosted by the Fermi National Accelerator Laboratory in the US after accessing multiple unsecured entry points in late April and early May. The group – Sakura Samurai – discovered configuration data for the lab’s NoVa experiment and more than 4500 “tickets” for tracking internal projects.

The Sakura Samurai team has previous experience probing the vulnerabilities of scientific and educational organizations, which hold critical information that if leaked could put those institutions at risk. “Fermilab was no different,” Sakura Samurai leader Robert Willis told Physics World. “Oversharing can be very dangerous, especially when it’s sharing credentials that could enable a malicious actor to take over a server with the potential to move across their network to access items that the organization wouldn’t even think of being vulnerable.”

Splunk today announced it plans to acquire security software company TruStar for an undisclosed amount. The acquisition will add TruStar’s cloud-native, cyber intelligence-sharing capabilities and automated processes to Splunk’s growing cybersecurity portfolio.

“TruStar will help us get even better at predictive threat assessments by strengthening our threat intelligence framework. This acquisition will allow customers to autonomously and seamlessly enrich their (security operation center) workflows with threat intelligence data feeds from heterogeneous sources,” Splunk president and CEO Doug Merritt told VentureBeat in an exclusive interview.

The pending deal is in line with Splunk’s philosophy that “security is a data problem,” he said. The announcement marks a return to M&A activity for Splunk and the massive $1.05 billion deal for SignalFX in 2019. The company also made four cloud-related acquisitions in 2020.