Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 3682

Threat actors used a well-liked piece of corporate communication software from 3CX, according to security experts. In particular, reports state that a desktop client for the 3CX VoIP (Voice over Internet Protocol) service was used to specifically target 3CX’s clients.

It is believed that the attack is a multi-part process, with the first stage using a hacked version of the 3CX desktop application. Although the.exe file and the MSI package have the same name, preliminary research indicates that the MSI package is the one that may include DLLs that have been maliciously modified.

The beginning of the infection process occurs when 3CXDesktopApp.exe loads the ffmpeg.dll file. After that, ffmpeg.dll will read the encrypted code from d3dcompiler_47.dll and then decode it. It seems that the decrypted code is the backdoor payload that attempts to visit the IconStorage GiHub page in order to access an ICO file that contains the encrypted C&C server that the backdoor connects to in order to acquire the probable ultimate payload.

Read more | >

Researchers from multiple security companies have reported that a massive supply chain attack on users of 3CX, a widely utilized voice and video calling desktop client, was carried out by computer hackers working on behalf of the government of North Korea. The attack targeted users of the Windows and macOS operating systems. 3CX users may make calls, examine the status of colleagues, chat, plan a video conference, and check voicemails all from the desktop program by using the 3CXDesktopApp, which is accessible for Windows, macOS, Linux, and mobile devices.

The attack resulted in the compromising of the software build system that was used to generate and distribute versions of the app for Windows and macOS. The app delivers VoIP and PBX services to “over 600,000 clients,” some of which include American Express, Mercedes-Benz, and Price Waterhouse Cooper. Since the attackers controlled the software development system, they were able to insert malware into 3CX applications, even though those applications had been digitally signed using the official signing key for the firm.

This is a traditional kind of attack on supply chains, and its purpose is to take advantage of the trust connections that exist between an organization and third parties.

Read more | >

Many scientific problems can be formulated as sparse regression, i.e., regression onto a set of parameters when there is a desire or expectation that some of the parameters are exactly zero or do not substantially contribute. This includes many problems in signal and image processing, system identification, optimization, and parameter estimation methods such as Gaussian process regression. Sparsity facilitates exploring high-dimensional spaces while finding parsimonious and interpretable solutions. In the present work, we illustrate some of the important ways in which sparse regression appears in plasma physics and point out recent contributions and remaining challenges to solving these problems in this field. A brief review is provided for the optimization problem and the state-of-the-art solvers, especially for constrained and high-dimensional sparse regression.

Read more | >

Having more tools helps; having the right tools is better. Utilizing multiple dimensions may simplify difficult problems—not only in science fiction but also in physics—and tie together conflicting theories.

For example, Einstein’s theory of —which resides in the fabric of space-time warped by planetary or other massive objects—explains how gravity works in most cases. However, the theory breaks down under such as those existing in black holes and cosmic primordial soups.

An approach known as superstring theory could use another dimension to help bridge Einstein’s theory with , solving many of these problems. But the necessary evidence to support this proposal has been lacking.

Read more | >

Researchers at University of Tokyo, JTS PRESTO, Ludwig Maximilians Universität and Kindai University recently demonstrated the modulation of an electron source by applying laser light to a single fullerene molecule. Their study, featured in Physical Review Letters, could pave the way for the development of better performing computers and microscopic imaging devices.

“By irradiating a sharp metallic needle with , we had previously demonstrated optical control of electron emission sites on a scale of approximately 10 nm,” Hirofumi Yanagisawa, one of the researchers who carried out the study, told Phys.org. “The optical control was achieved using plasmonic effects, but it was technically difficult to miniaturize such an electron source using the same principle. We were seeking a way to miniaturize the electron source and we hit upon the idea of using a and its molecular orbitals.”

Yanagisawa and his colleagues set out to realize their idea experimentally using electrons emitted from molecules on a sharp metallic needle. However, they were well-aware of the difficulties they would encounter, due to unresolved difficulties associated with the use of electron emissions from molecule-covered needles.

Read more | >