Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 63

Quantum magnetometers can detect incredibly small changes in magnetic fields by tapping into the strange and powerful features of quantum physics. These devices rely on the discrete nature and coherence of quantum particles—behaviors that give them a major edge over classical sensors. But how far can their sensitivity go? And what actually makes a magnetometer “quantum?”

A new study explores the theoretical boundaries of these devices, comparing multiple methods for defining their limits. The findings shed light not only on performance but also on what truly separates quantum sensors from their classical counterparts.

Quantum Magnetometers and Ultra-High Sensitivity.

Read more | >

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.

The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).

“In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019–0708),” the South Korean cybersecurity company said. “While an RDP vulnerability scanner was found in the compromised system, there is no evidence of its actual use.”

Read more | >

At the core of the operation is a previously undocumented NFC relay technique that enables threat actors to fraudulently authorize point-of-sale (PoS) payments and Automated Teller Machine (ATM) withdrawals by intercepting and relaying NFC communications from infected devices.

To do this, the attackers urge the victims to bring their debit or credit card in close physical proximity to their mobile device, which then allows the SuperCard X malware to stealthily capture the transmitted card details and relay them to an external server. The harvested card information is then utilized on a threat actor-controlled device to conduct unauthorized transactions.

The application that’s distributed to victims for capturing NFC card data is called a Reader. A similar app known as Tapper is installed on the threat actor’s device to receive the card information. Communication between the Reader and Tapper is carried out using HTTP for command-and-control (C2) and requires cybercriminals to be logged in.

Read more | >

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems.

On Saturday morning, numerous organizations reported that they began receiving Microsoft Entra alerts that accounts had leaked credentials, causing the accounts to be locked out automatically.

Impacted customers initially thought the account lockouts were tied to the rollout of a new enterprise application called “MACE Credential Revocation,” installed minutes before the alerts were issued.

Read more | >

A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.

Scallywag was uncovered by bot and fraud detection firm HUMAN, which mapped a network of 407 domains supporting the operation that peaked at 1.4 billion fraudulent ad requests per day.

HUMAN’s efforts to block and report Scallywag traffic have resulted in its shrinking by 95%, although the threat actors have shown resilience by rotating domains and moving to other monetization models.

Read more | >

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins.

The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials.

The fraudulent message appeared to come from “[email protected]” and passed the DomainKeys Identified Mail (DKIM) authentication method but the real sender was different.

Read more | >

A proposed protocol allows for the teleportation of collective spin-coherent states, as well as entangled spin-squeezed and Dicke states, between nuclear spin degrees of freedom in a two-dimensional trapped-ion crystal. Beyond teleportation, generalizations of the protocol could be used for retroactive squeezing generation and enhanced displacement sensing in a Penning trap, as well as in other systems featuring collective spin-spin interactions within synthetic dimensions or spatially separated arrays.

Read more | >