Lifeboat Foundation

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks.

“Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” Microsoft said in an update to the original advisory.

“Microsoft recommends installing the updates as soon as possible,” the company further urged customers in a post on the Microsoft Security Response Center.

Online platforms like Twitter 0, Facebook and Tiktok will be required to register and open offices in Nigeria and appoint contact persons with the government, draft regulations from the information technology development agency show. The code of practice for “interactive computer service platforms/internet intermediaries” was meant to curb online abuse, including disinformation and misinformation, the National Information Technology Development Agency (NITDA) said in the regulations posted on its website.

A statement from the agency’s spokesperson dated June 13 said the regulations were developed with input from Twitter, Facebook, WhatsApp, Instagram, Google and TikTok, among others. The platforms are popular in Nigeria, Africa’s most populous nation with more than 200 million people.

NIDTA said the platforms would be required to provide to users or authorised government agencies relevant information, including for purposing of preserving security and public order. They would also have to file annual reports to NITDA with the number of registered users in Nigeria, number of complaints received and content taken down due to disinformation and misinformation.

Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services.

The malicious activity has been identified earlier this year in March. Researchers at Confiant named this activity cluster SeaFlower and describe it as “the most technically sophisticated threat targeting web3 users, right after the infamous Lazarus Group.”

In a recent report, Confiant notes that the malicious cryptocurrency apps are identical to the real ones but they come with a backdoor that can steal the users’ security phrase for accessing the digital assets.

The Windows 11 22H2 (Sun Valley 2) RTM build 22,621 has resurrected an old bug whereupon a system gets a “hardware security not supported” message even on PCs that meet the necessary requirements.

The will help you find new opportunities to use and further develop your machine learning skills.

Machine learning has proven to be a tool that performs well in a variety of application fields. From educational and training companies to security systems like facial recognition and online transaction prevention, it is used to improve the quality and accuracy of existing techniques.

Choosing the best tools for machine learning and navigating the space of tools for machine learning isn’t as simple as Google searching “machine learning tools”.

Continue reading “10 Best Tools for Machine Learning” »

NASA said it was interested in UAPs from a security and safety perspective. There was no evidence UAPs are extraterrestrial in origin, NASA added. The study will begin this fall and is expected to take nine months.

The team will gather data on “events in the sky that cannot be identified as aircraft or known natural phenomena — from a scientific perspective,” the agency said.

Voltage Enterprises is an Abu Dhabi-based company founded a year ago. It describes itself as a disruptive energy innovator. It claims to have invented a zero-carbon emissions fuel that is cheaper than natural gas. It calls the fuel Kinetic 7 ™. The information I received states:

“The clean gas, which is carbon neutral with net-zero emissions, will give global economies access to a cheap, endless supply of clean energy. Importantly, it will allow countries to maintain the security of their gas and energy supplies whilst also meeting their carbon-neutral net-zero targets. This discovery could play a major role in reversing the global energy crisis, significantly reducing energy costs to the consumer and businesses sectors at a time when the cost-of-living crisis is worsening, and inflation has reached a 40-year high.”

If that doesn’t sound fantastic to you then I am surprised. Kinetic 7 is purportedly manna from heaven for the energy industry or represents disruptive change on a global scale. So which is it and what is it?

“After public knowledge of the exploit grew, we began seeing an immediate response from a variety of attackers beginning to use it,” says Tom Hegel, senior threat researcher at security firm SentinelOne. He adds that while attackers have primarily been observed exploiting the flaw through malicious documents thus far, researchers have discovered other methods as well, including the manipulation of HTML content in network traffic.

“While the malicious document approach is highly concerning, the less documented methods by which the exploit can be triggered are troubling until patched,” Hegel says. “I would expect opportunistic and targeted threat actors to use this vulnerability in a variety of ways when the option is available—it’s just too easy.”

The vulnerability is present in all supported versions of Windows and can be exploited through Microsoft Office 365, Office 2013 through 2019, Office 2021, and Office ProPlus. Microsoft’s main proposed mitigation involves disabling a specific protocol within Support Diagnostic Tool and using Microsoft Defender Antivirus to monitor for and block exploitation.