This authenticator app is designed to install bank info-stealing malware that could wipe you out.
Category: cybercrime/malcode – Page 114
We’re all used to swapping RAM in our desktops and laptops. What about a GPU, though? [dosdude1] teaches us that soldered-on RAM is merely a frontier to be conquered. Of course, there’s gotta be a good reason to undertake such an effort – in his case, he couldn’t find the specific type of Nvidia GT640 that could be flashed with an Apple BIOS to have his Xserve machine output the Apple boot screen properly. All he could find were 1GB versions, and the Apple BIOS could only be flashed onto a 2GB version. Getting 2GB worth of DDR chips on Aliexpress was way too tempting!
The video goes through the entire replacement process, to the point where you could repeat it yourself — as long as you have access to a preheater, which is a must for reworking relatively large PCBs, as well as a set of regular tools for replacing BGA chips. In the end, the card booted up, and, flashed with a new BIOS, successfully displayed the Apple bootup logo that would normally be missing without the special Apple VBIOS sauce. If you ever want to try such a repair, now you have one less excuse — and, with the GT640 being a relatively old card, you don’t even risk all that much!
This is not the first soldered-in RAM replacement journey we’ve covered recently — here’s our write-up about [Greg Davill] upgrading soldered-in RAM on his Dell XPS! You can upgrade CPUs this way, too. While it’s standard procedure in sufficiently advanced laptop repair shops, even hobbyists can manage it with proper equipment and a good amount of luck, as this EEE PC CPU upgrade illustrates. BGA work and Apple computers getting a second life go hand in hand — just two years ago, we covered this BGA-drilling hack to bypass a dead GPU in a Macbook, and before that, a Macbook water damage revival story.
Quantum computers could cause unprecedented disruption in both good and bad ways, from cracking the encryption that secures our data to solving some of chemistry’s most intractable puzzles. New research has given us more clarity about when that might happen.
Modern encryption schemes rely on fiendishly difficult math problems that would take even the largest supercomputers centuries to crack. But the unique capabilities of a quantum computer mean that at sufficient size and power these problems become simple, rendering today’s encryption useless.
That’s a big problem for cybersecurity, and it also poses a major challenge for cryptocurrencies, which use cryptographic keys to secure transactions. If someone could crack the underlying encryption scheme used by Bitcoin, for instance, they would be able to falsify these keys and alter transactions to steal coins or carry out other fraudulent activity.
From an autonomous robotic surgeon to the world’s most powerful cyberweapon, check out this week’s awesome tech stories from around the web.
Cybersecurity professionals are already using this tech to identify new types of malware and protect sensitive data for organizations. The beauty of implementing AI systems in a cybersecurity strategy is that they learn as they analyze more data, so they get better at their jobs with new experiences.
The business world is ever-changing, and customer behavior is evolving. Managing the radical transformation can be challenging, but it doesn’t have to be when you’ve got AI at your beck and call. Several SMEs and startups have leveraged AI to capture market share and establish their brand.
Soon, AI in business will no longer be a luxury — it will be a necessity. Companies that don’t keep pace with consumers’ expectations will fall short and lose market share. The only way to stay relevant is to adopt the trend.
North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.
The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin.
After the victims open the malicious attachments and enable macro execution, an embedded macro drops a WindowsUpdateConf.lnk file in the startup folder and a DLL file (wuaueng.dll) in a hidden Windows/System32 folder.
*The past two years has seen a rapid shift of work to remote and hybrid offices. The statistics show that hackers welcomed that shift and took advantage of the vulnerabilities and gaps in security by businesses.
* Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.
Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).y affected firms in the past year. past two years has seen a rapid shift of work to remote and hybrid offices. The statistics show that hackers welcomed that shift and took advantage of the vulnerabilities and gaps in security by businesses.
Google researchers detail two zero-day vulnerabilities reported in Zoom client software and MMR servers.
Researchers reveal details about recent cyberattacks carried out by the Donot Hacking Team against government and military entities in South Asia.
A team of security researchers at Avanan is reporting that hackers are taking advantage of a Google Docs security vulnerability—one that takes advantage of a comment feature. They are claiming that they saw hackers using the vulnerability to target 500 inboxes of 30 Outlook users involving over 100 individual email accounts.
The team at Avanan claims that they found an earlier exploit in Google Docs last June—one that allowed hackers to send phishing links to users. Then, this past October, they discovered that hackers had found another way to send phishing links to unsuspecting users, using the comment feature. They further claim that the vulnerability was not fixed by Google and because of that they began seeing hackers taking advantage of the vulnerability last month.
The hacking approach is both simple and straightforward—a hacker creates a Google Docs document and adds comments to it that include an @ symbol followed by an email address. The symbol automatically alerts the system to send an email to the person designated in the email address—the email that is sent has phishing links in it, sending the user to a webpage that could lead to malicious code.