Lifeboat Foundation

There are 40.3 million victims of human trafficking globally, according to the International Labor Organization. Marinus Analytics, a startup based in Pittsburgh, Pennsylvania, hopes to make a dent in that number. The company’s mission is to “serve those working on the frontlines of public safety by developing technology for them to disrupt human trafficking, child abuse, and cyber fraud.” For its achievements, Marinus won $500,000 as part of its third-place ranking in the 2021 IBM Watson AI XPRIZE competition. The startup is the brainchild of three co-founders: Cara Jones, Emily Kennedy, and Artur Dubrawski, who launched it out of the Robotics Institute at Carnegie Mellon University in 2014.

Marinus implements its mission primarily through its set of AI-based tools called Traffic Jam, whose goal is “to find missing persons, stop human trafficking and fight organized crime.”

Traditionally, finding a missing person would involve taping a picture of the person on the computer and then manually combing through thousands, if not millions, of online ads on adult services websites to see if any of the posted pictures match. Such a process is time-consuming and tiring. A human detective’s attention can start flagging after long hours at the computer doing the same task endlessly.

Autonomous machine expected to pick more than 25,000 raspberries a day, outpacing human workers.

Cloud-based content management provider Box has announced a new “deep scan” functionality that checks files as they are uploaded to identify sophisticated malware and avert attacks.

The new capabilities constitute part of Box Shield, which uses machine learning to prevent data leaks, detect threats, and spot any kind of abnormal behavior. In April of last year, Box added a slew of automated malware detection features to the mix, allowing Box Shield customers to spot malicious content that may already have been uploaded to a Box account. However, so far this has leaned heavily on “known” threats from external intelligence databases. Moving forward, Box said it will mesh deep learning technology with external threat intelligence capabilities to analyze files for malicious scripts, macros, and executables to protect companies from zero-day (unknown) vulnerabilities.

When a user uploads an infected file, Box will quarantine it for inspection but will still allow the user to view a preview of the file and continue working.

These attacks were perpetrated by a newly discovered Iranian state sponsored threat group — dubbed MalKamak — that has been operating under the radar since at least 2018.

This operation has been ongoing for years, continuously evolving its malware year after year, while successfully evading most security tools. The authors of ShellClient invested a lot of effort into making it stealthy to evade detection by antivirus and other security tools by leveraging multiple obfuscation techniques and recently implementing a Dropbox client for command and control (C2), making it very hard to detect. By studying the ShellClient development cycles, Cybereason researchers were able to observe how ShellClient has morphed over time from a rather simple reverse shell to a sophisticated RAT used to facilitate cyber espionage operations.

The most recent ShellClient versions observed in Operation GhostShell follow the trend of abusing cloud-based storage services — in this case, the popular Dropbox service. The ShellClient authors used Dropbox to exfiltrate the stolen data and send commands to the malware. Threat actors have increasingly adopted this tactic due to its simplicity and the ability to effectively blend in with legitimate network traffic. Ultimately, this discovery tells researchers a lot about the tactics that advanced attackers are using to defeat security solutions.

Amazon (AMZN) owned video game livestreaming service Twitch has confirmed on Twitter that a massive data breach has occurred. The leaked data, reportedly posted as a 125GB torrent link…

The cybersecurity world is evolving rapidly — perhaps more quickly than at any other time in its history. It would be easy to attribute the cyber hiccups that many businesses face to the fact that they are simply unable to keep up with bad actors.

The facts are more complicated. While it’s true that new threats are emerging every day, more often than not, breaches result from long-standing organizational issues, not a sudden upturn in the ingenuity of cybercriminals.

Full Story:

Researchers discover previously undocumented UEFI bootkit malware used by threat actors to backdoor Windows systems since 2012.

The transaction-based communications system ensures robot teams achieve their goal even if some robots are hacked.

Imagine a team of autonomous drones equipped with advanced sensing equipment, searching for smoke as they fly high above the Sierra Nevada mountains. Once they spot a wildfire, these leader robots relay directions to a swarm of firefighting drones that speed to the site of the blaze.

But what would happen if one or more leader robots was hacked by a malicious agent and began sending incorrect directions? As follower robots are led farther from the fire, how would they know they had been duped?

Continue reading “Blockchain technology could provide secure communications for robot teams” »

The researcher warns that there is a new APT hacker group that targets the fuel, electricity, and aviation industries.