Lifeboat Foundation

Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector.

As cybersecurity company Recorded Future revealed in a report published in April, state-backed Chinese hacking groups (including one traced as RedEcho) targeted multiple Indian electrical grid operators, compromising an Indian national emergency response system and the subsidiary of a multinational logistics company.

The attackers gained access to the internal networks of the hacked entities via Internet-exposed cameras on their networks as command-and-control servers.

Secure communications provider Wickr has announced that it will shutter its free encrypted messaging app, Wickr Me, next year.

Text messaging has been around since the dawn of cellular technology, and sparked its own unique language. But it’s time to put sending regular SMS messages out to pasture.

If you have an iPhone, you’re already on your way. iPhones (as well as iPads and Macs) use iMessage to send messages between Apple devices. It’s a data-based messaging system reliant on 3G, 4G, and Wi-Fi, rather than SMS messaging, which uses an old, outdated but universal 2G cellular network. iMessage has grown in popularity, but has left Android devices and other computers out in the dark.

Continue reading “Cybersecurity 101: How to choose and use an encrypted messaging app” »

WASHINGTON, Nov 8 (Reuters) — The United States and Russia are expected to meet soon and discuss resuming inspections under the New START nuclear arms reduction treaty that have been paused since before Russia’s invasion of Ukraine, U.S. State Department spokesperson Ned Price said on Tuesday.

Speaking at a daily press briefing, Price said the bilateral consultative commission (BCC), the mechanism for implementation of the last remaining arms control agreement between the world’s two largest nuclear powers, will meet “in the near future.”

Russia in August suspended cooperation with inspections under the treaty, blaming travel restrictions imposed by Washington and its allies over Moscow’s February invasion of Ukraine, but said it was still committed to complying with the provisions of the treaty.

A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA.

It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by allowing mission-critical devices (like flight controls and life support systems) and less important devices (like passenger WiFi or data collection) to coexist on the same network hardware. This blend of devices on a single network arose as part of a push by many industries to reduce network costs and boost efficiency.

Continue reading “Cyber vulnerability discovered in networks used by spacecraft, aircraft and energy generation systems” »

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware.

“Xenomorph is a trojan that steals credentials from banking applications on users’ devices,” Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

“It is also capable of intercepting users’ SMS messages and notifications, enabling it to steal one-time passwords and multi-factor authentication requests.”

He added: “Being asked to sign up for a mortgage when you have no interest in that whatsoever is annoying and spam.”

The Tesla CEO went on to describe his own penchant for social-media shopping and his targeted product advertising strategy would facilitate it.

“I’d love to see ads for gizmos. If I saw ads for gizmos, I love gizmos, of course, I’d buy them all in a click,” he said. “Even if they’re not that great, I’ll still buy gizmos. I love technology. I’ll see content for gizmos but not an ad or an ability to actually buy the gizmo.”

SAN FRANCISCO — Two weeks after closing a $44 billion deal to buy Twitter, Elon Musk painted a bleak financial picture for the social media company and outlined a series of changes for employees in his first companywide emails to staff.

In two emails sent to workers late on Wednesday, Mr. Musk said the economy was challenging. He added that he planned to end Twitter’s remote work policy and wanted employees to renew their focus on generating revenue and fighting spam.

“Sorry that this is my first email to the company, but there is no way to sugarcoat the message,” Mr. Musk, 51, wrote in one email. “The economic picture ahead is dire.” Twitter was too heavily dependent on advertising and vulnerable to pullbacks in brand spending, he added, and would need to bolster the revenue it gets from subscriptions.

Experts do not want to hack it.

Juan Gilbert, a professor of computer science at the University of Florida, has claimed that he has built the ultimate unhackable voting machine that can put concerns to rest over machine-related voting, Undark.

Continue reading “Scientist claims he has made the ultimate unhackable voting machine” »

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer.

“The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22,” software supply chain security company Phylum said in a report published this week.

The list of offending packages is as follows: typesutil, typestring, sutiltype, duonet, fatnoob, strinfer, pydprotect, incrivelsim, twyne, pyptext, installpy, faq, colorwin, requests-httpx, colorsama, shaasigma, stringe, felpesviadinho, cypress, pystyte, pyslyte, pystyle, pyurllib, algorithmic, oiu, iao, curlapi, type-color, and pyhints.