Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 124

May 4, 2021

Spectre Strikes Back: New Hacking Vulnerability Affecting Billions of Computers Worldwide

Posted by in category: cybercrime/malcode

Computing experts thought they had developed adequate security patches after the major worldwide Spectre flaw of 2018, but UVA’s discovery shows processors are open to hackers again.

In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack.

Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted path to pull the instructions from memory. A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way.

May 4, 2021

They Told Their Therapists Everything. Hackers Leaked It All

Posted by in categories: biotech/medical, business, cybercrime/malcode, neuroscience

A mental health startup built its business on easy-to-use technology. Patients joined in droves. Then came a catastrophic data breach.

Apr 29, 2021

Hackers use a bug to evade macOS defenses

Posted by in categories: cybercrime/malcode, robotics/AI

Lauded for years as the system able to best prevent malware infection, macOS recently fell victim to an operating system vulnerability that hackers used to circumvent all of Apple’s system defenses.

Security researcher Cedric Owens discovered this bug in March 2021 while assessing Apple’s Gatekeeper mechanism, a safeguard that will only allow developers to run their on Macs after registering with Apple and paying a fee. Moreover, the company requires that all applications undergo an automated vetting process to further protect against malicious software.

Unfortunately, Owens uncovered a logic flaw in the macOS itself, rather than the . The bug allowed attackers to develop able to deceive the operating system into running their malware regardless of whether they passed Apple’s safety checks. Indeed, this flaw resembles a door that has been securely locked and bolted but still has a small pet door at the bottom through which you can break in or insert a bomb.

Apr 29, 2021

The U.S. Navy’s New Unhackable GPS Alternative: The Stars

Posted by in category: cybercrime/malcode

GPS is a world-changing technology. It’s also incredibly fragile, easily spoofable, and consistently hackable. That’s why the U.S. Navy and Marine Corps are looking to the stars for a navigational Plan B.

Apr 25, 2021

The Most Common Types of Cyber Crime

Posted by in categories: cybercrime/malcode, internet

Deleting another spam email in our inbox is becoming an everyday habit. Some may have even had their accounts hacked after clicking a misleading link or had their identities stolen. These are some common cybercrimes and as our reliance on the internet grows, our interactions with cybercrimes becomes more frequent.

According to a recent FBI report on internet crime, 241342 Americans fell victim to phishing, vishing (via call) and smishing (via text) attacks last year, making it the most common type of cybercrime.


This chart shows the most common types of internet crimes in the U.S. in 2020.

Apr 24, 2021

Now for AI’s Latest Trick: Writing Computer Code

Posted by in categories: cybercrime/malcode, information science, robotics/AI, transportation

Advances in machine learning have made it possible to automate a growing array of coding tasks, from auto-completing segments of code and fine tuning algorithms… See More.


Programs such as GPT-3 can compose convincing text. Some people are using the tool to automate software development and hunt for bugs.

Apr 24, 2021

Martin Rees and Frederick Lamb on humanity’s fate

Posted by in categories: alien life, cybercrime/malcode, evolution, military

Rees explained how his astronomy background meshes with his concern for humanity’s fate:

People often ask does being an astronomer have any effect on one’s attitude toward these things. I think it does in a way, because it makes us aware of the long-range future. We’re aware that it’s taken about 4 billion years for life to evolve from simple beginnings to our biosphere of which we are a part, but we also know that the sun is less than halfway through its life and the universe may go on forever. So we are not the culmination of evolution. Post-humans are going to have far longer to evolve. We can’t conceive what they’d be like, but if life is a rarity in the universe, then, of course, the stakes are very high if we snuff things out this century.

Bottom line: From nuclear weapons to biowarfare to cyberattacks, humanity has much to overcome. Martin Rees and Frederick Lamb discuss the obstacles we face as we look forward to humanity’s future on Earth.

Apr 23, 2021

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Posted by in categories: cryptocurrencies, cybercrime/malcode

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research.

“Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more,” Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.

First documented by Cisco Talos in July 2020, Prometei is a multi-modular botnet, with the actor behind the operation employing a wide range of specially-crafted tools and known exploits such as EternalBlue and BlueKeep to harvest credentials, laterally propagate across the network and “increase the amount of systems participating in its Monero-mining pool.”

Apr 23, 2021

Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion

Posted by in categories: cosmology, cybercrime/malcode

On an incident response engagement, CISA found that cybercriminals exploited VPN flaws to acquire access and deploy Supernova malware on SolarWinds.

Apr 23, 2021

Phishing message sent from Twitter? The platform confirms massive error

Posted by in categories: business, cybercrime/malcode

An unprecedented event occurred a few hours ago when, by mistake, thousands of users received an email from Twitter requesting users to confirm their accounts, giving the impression of being a massive phishing attack. This incident, which began around 10:00 PM on Thursday, impacted individual and business accounts alike.

The subject line of these messages only mentioned the phrase “Confirm your Twitter account”, and included a button to complete the action. While these messages seemed legitimate, the cybersecurity community soon began to question their provenance and intentions, as this clearly seemed like a simple but effective phishing attack.

Continue reading “Phishing message sent from Twitter? The platform confirms massive error” »