Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 11

When humans kick swim through water, vortices form around their legs, generating the force that propels them forward. However, the mechanisms underlying variations in the structure of these vortices with swimming speed remain unclear.

In a new study published in Experiments in Fluids, researchers analyzed swimmer movement using an optical motion capture system and investigated vortex structure changes with varying speeds. They employed to visualize water flow dynamics.

Their results revealed that during underwater undulatory swimming, the vortex structure in the down-kick-to-up-kick transition phase changed as swimming speed increased. Specifically, with rising swimming speed, the direction of the jet flow between the two around the foot shifted to a more vertically downward orientation, a shift hypothesized to enhance forward propulsion during up-kicking.

Read more | >

A new study reveals that short-term exposure to particulate matter (PM) air pollution can reduce a person’s ability to focus and interpret emotions, potentially making everyday tasks — like grocery shopping — more difficult.

Scientists found that even brief exposure to high levels of PM can impair concentration, increase distractibility, and affect social behavior.

Read more | >

In the incident analyzed by the Canadian cybersecurity company, the initial access was gained to a targeted endpoint via a vulnerable SimpleHelp RMM instance (“194.76.227[.]171”) located in Estonia.

Upon establishing a remote connection, the threat actor has been observed performing a series of post-exploitation actions, including reconnaissance and discovery operations, as well as creating an administrator account named “sqladmin” to facilitate the deployment of the open-source Sliver framework.

The persistence offered by Sliver was subsequently abused to move laterally across the network, establishing a connection between the domain controller (DC) and the vulnerable SimpleHelp RMM client and ultimately installing a Cloudflare tunnel to stealthily route traffic to servers under the attacker’s control through the web infrastructure company’s infrastructure.

Read more | >

Morphisec CTO Michael Gorelik told The Hacker News that there is evidence connecting the two activity clusters, and that the deceptive Chrome installer site was previously leveraged to download the Gh0st RAT payload.

“This campaign specifically targeted Chinese-speaking users, as indicated by the use of Chinese-language web lures and applications aimed at data theft and evasion of defenses by the malware,” Gorelik said.

“The links to the fake Chrome sites are primarily distributed through drive-by download schemes. Users searching for the Chrome browser are directed to these malicious sites, where they inadvertently download the fake installer. This method exploits the users’ trust in legitimate software downloads, making them susceptible to infection.”

Read more | >

A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024.

According to Trend Micro researchers, the flaw was used in SmokeLoader malware campaigns targeting the Ukrainian government and private organizations in the country.

The Mark of the Web is a Windows security feature designed to warn users that the file they’re about to execute comes from untrusted sources, requesting a confirmation step via an additional prompt. Bypassing MoTW allows malicious files to run on the victim’s machine without a warning.

Read more | >

AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices.

The security flaw (CVE-2024–56161) is caused by an improper signature verification weakness in AMD’s CPU ROM microcode patch loader.

Attackers with local administrator privileges can exploit this weakness, resulting in the loss of confidentiality and integrity of a confidential guest running under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).

Read more | >

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online.

As Microsoft Threat Intelligence experts recently discovered, some developers use ASP.NET validationKey and decryptionKey keys (designed to protect ViewState from tampering and information disclosure) found on code documentation and repository platforms in their own software.

ViewState enables ASP.NET Web Forms to control state and preserve user inputs across page reloads. However, if attackers get the machine key designed to protect it from tampering and information disclosure, they can use it in code injection attacks to craft malicious payloads by attaching crafted message authentication code (MAC).

Read more | >

The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC “Fraud Prevention Team,” by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations.

The individuals behind these calls registered Telnyx accounts using the “Christian Mitchell” and “Henry Walker” names with the same address in Toronto, Canada, but IP addresses from Scotland and England. They are known as the “MarioCop” accounts because they both used email addresses on the same mariocop123.com domain.

Between February 6 and February 7, 2024, they made 1,797 imposter calls before Telnyx terminated their accounts. Ironically, their calls also reached over a dozen FCC staff and family members on their personal and work phone numbers one year ago.

Read more | >

What types of new plastics can be developed with enhanced recycling capabilities? This is what a recent study published in Nature hopes to address as a team of researchers at Cornell University have developed an enhanced type of thermoset, which is built from a type of polymer that is often difficult to recycle, resulting in it being put back into the atmosphere from burning it or into landfills, which destroy marine ecosystems. This study has the potential to help scientists, engineers, policymakers, and the public better understand new recycling methods that can be used to both help the environment and mitigate the impacts of climate change.

For the study, the researchers used a bio-sourced material known as dihydrofuran (DHF) to design and build a new thermoset polymer that maintains its robustness while ensuring safely being recycled through heat and environmental degradation. When compared to traditional thermosets, the DHF thermosets can still be used for a myriad of commercial applications, including footwear, electronics, and garden hoses, just to name a few.

“We’ve spent 100 years trying to make polymers that last forever, and we’ve realized that’s not actually a good thing,” said Dr. Brett Fors, who is a professor of physical chemistry at Cornell University and a co-author on the study. “Now we’re making polymers that don’t last forever, that can environmentally degrade.”

Read more | >