Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 45

Jul 4, 2023

Quantum physicists design unconditionally secure system for digital payments

Posted by in categories: cybercrime/malcode, quantum physics

Have you ever been compelled to enter sensitive payment data on the website of an unknown merchant? Would you be willing to consign your credit card data or passwords to untrustworthy hands? Scientists from the University of Vienna have now designed an unconditionally secure system for shopping in such settings, combining modern cryptographic techniques with the fundamental properties of quantum light. The demonstration of such “quantum-digital payments” in a realistic environment has been published in Nature Communications.

Digital payments have replaced physical banknotes in many aspects of our daily lives. Similar to banknotes, they should be easy to use, unique, tamper-resistant and untraceable, but additionally withstand digital attackers and data breaches.

In today’s ecosystem, customers’ sensitive data is substituted by sequences of random numbers, and the uniqueness of each is secured by a classical cryptographic method or code. However, adversaries and merchants with powerful computational resources can crack these codes and recover the customers’ private data, and for example, make payments in their name.

Jul 4, 2023

Artificial intelligence fueling a rise of sextortion cases

Posted by in categories: cybercrime/malcode, education, finance, robotics/AI

PORTSMOUTH, Va. (WAVY) – Artificial intelligence is already revolutionizing society – from healthcare and education to cybersecurity and even our courts. Despite all of its benefits, it has also given criminals an edge when it comes to deceiving us.

Financial sextortion is a crime in which a bad actor attempts to leverage personal material (think: naked pictures or videos) to force a victim into giving into their demands — usually money or other compromising material.

Jun 27, 2023

Flipper hacking device on track to make $80M worth of sales

Posted by in categories: cybercrime/malcode, sustainability, transportation

You may have stumbled across the Flipper Zero hacking device that’s been doing the rounds. The company, which started in Russia in 2020, left the country at the start of the war and moved on since then. It claims it no longer has ties to Russia and that it is on track to sell $80 million worth of its products this year after selling almost $5 million worth as Kickstarter preorders — and it claims it sold $25 million worth of the devices last year.

So what are they selling? Flipper Zero is a “portable gamified multi-tool” aimed at everyone with an interest in cybersecurity, whether as a penetration tester, curious nerd or student — or with more nefarious purposes. The tool includes a bunch of ways to manipulate the world around you, including wireless devices (think garage openers), RFID card systems, remote keyless systems, key fobs, entry to barriers, etc. Basically, you can program it to emulate a bunch of different lock systems.

Continue reading “Flipper hacking device on track to make $80M worth of sales” »

Jun 27, 2023

Facebook users targeted in copyright infringement scam

Posted by in categories: cybercrime/malcode, policy

Shouldn’t Facebook have alerted us and not CBS News?

The fake notice went on to say that a photo uploaded to the account’s page violated Facebook’s copyright infringement policy and that the decision could be appealed within 24 hours.

Continue reading “Facebook users targeted in copyright infringement scam” »

Jun 26, 2023

How AI is reshaping demand for IT skills and talent

Posted by in categories: cybercrime/malcode, employment, ethics, governance, robotics/AI

AI is quickly becoming an essential part of daily work. It’s already being used to help improve operational processes, strengthen customer service, measure employee experience, and bolster cybersecurity efforts, among other applications. And with AI deepening its presence in daily life, as more people turn to AI bot services, such as ChatGPT, to answer questions and get help with tasks, its presence in the workplace will only accelerate.

Much of the discussion around AI in the workplace has been about the jobs it could replace. It’s also sparked conversations around ethics, compliance, and governance issues, with many companies taking a cautious approach to adopting AI technologies and IT leaders debating the best path forward.

While the full promise of AI is still uncertain, it’s early impact on the workplace can’t be ignored. It’s clear that AI will make its mark on every industry in the coming years, and it’s already creating a shift in demand for skills employers are looking for. AI has also sparked renewed interest in long-held IT skills, while creating entirely new roles and skills companies will need to adopt to successfully embrace AI.

Jun 25, 2023

NASA Hack Squeezes More Time Out of Dying Voyager 2 Probe

Posted by in categories: cybercrime/malcode, energy, space

It turns out that reports of its death were greatly exaggerated. NASA says it’s figured out a way to extend the mission of its interstellar Voyager 2 probe by another three years.

And that’s no easy feat, considering the probe has been screaming through the cosmos since 1977 and is currently more than 12 billion miles from Earth.

The probe recently switched to its backup power reserves, which were originally set aside as part of an onboard safety mechanism, according to an update by NASA’s Jet Propulsion Laboratory.

Jun 24, 2023

Hackers Leak Over 100,000 ChatGPT Credentials on the Dark Web

Posted by in category: cybercrime/malcode

The theft of the ChatGPT login credentials was orchestrated using the Raccoon Infostealer malware, said cybersecurity firm Group-IB.

Jun 24, 2023

Securing DevOps: How Hackers Access Cloud Production Systems

Posted by in category: cybercrime/malcode

Attackers are increasingly targeting vulnerable developer laptops to infiltrate production systems without directly attacking them, warned cloud security expert Lee Atchison.

Instead of waiting for an application to become fully functional, hackers target the development process used to bring an application to a state of operation, Atchison said, speaking at a recent Uptycs-sponsored Cybersecurity Standup, “Castles in the Sky – Secure Your App Dev Pipeline From Laptop to Cloud.”

“We focus so much attention on keeping data and cloud data centers secure. But we haven’t realized that all of this technology feeds into the data centers and that one of the primary drivers of that is developers, the source code they develop, and the machines that they develop the source code on,” Atchison said. “Those DevOps machines feed into the production systems but have nowhere near the level of protection behind them that the production data centers do.”

Jun 22, 2023

Code Gets ‘God Mode’: GitHub Copilot X GPT-4

Posted by in categories: cybercrime/malcode, internet, robotics/AI, space travel

Chat gpt 4 has near limitless potential for AI good and it helping so many coders already. It is much like the beginning of the star trek computer and Jarvis from Ironman. It is actually making quick work of all the coding tasks. The real potential is full automation where even work and society could evolve millions of years in seconds. For space exploration we could see it implemented for information of all kinds that is accurate. Eventually it really could be a star trek computer for space exploration. This will only get smarter and Eventually gaps of knowledge even from college level tasks can be easily done and beyond. Along with neuralink even humans could have accurate knowledge with chat gpt 4 including all known knowledge like the entire internet inside neuralink eventually. This could even help with guarding against the superintelligence if that were to happen. Also can even guard nations eventually from polymorphic malware. This tool is a definite force of AI good so stay tuned to chat gpt 4 and beyond.


Hold onto your hats! Microsoft has done it again with the announcement of GitHub Copilot X powered by GPT-4. This shiny new iteration offers many features that will make your pair programming experience feel like a walk in the park.

Jun 20, 2023

Easily hack into Azure Bastion and Azure Container Registry via XSS vulnerabilities

Posted by in category: cybercrime/malcode

Microsoft Azure Bastion and Azure Container Registry have each been found to have one potentially “dangerous” security flaw that, if taken advantage of, may have resulted in a cross-site scripting (XSS) attack being carried out on the affected service. XSS attacks take occur when threat actors insert arbitrary code into a website that would otherwise be trusted. This code is then run each time visitors who are not aware of the attack visit the website.

Both of the vulnerabilities that Orca found take use of a vulnerability in the postMessage iframe, which makes it possible for Window objects to communicate with one another across domains. The vulnerabilities allowed for illegal access to the victim’s session inside the compromised Azure service iframe. This may result in serious repercussions, such as unauthorized data access, unauthorized alterations, and interruption of the Azure services iframes, among other things. This meant that the vulnerability could be exploited to embed endpoints into remote servers by utilizing the iframe element. This would eventually result in the execution of malicious JavaScript code, which would compromise sensitive data.

However, in order to take advantage of these vulnerabilities, a threat actor would first need to undertake reconnaissance on various Azure services in order to identify vulnerable endpoints contained inside the Azure interface. These endpoints may be missing X-Frame-Options headers or have Content Security Policies (CSPs) that are inadequate.

Page 45 of 220First4243444546474849Last