Lifeboat Foundation

In this weeks episode of Minutes With we sat down with Mustafa Al-Bassam, a former member of Anonymous and one of the founders of LulzSec.

Mustafa tells us how he got in to hacking and how he ended up getting involved in attacks on The Sun, The Westboro Baptist Church and even the US Government.

Continue reading “How I Hacked The US Government Aged 16 | Minutes With | @LADbible” »

The travel and tourism sector has become a prime focus for cyberattacks in recent times, resulting in ransomware incidents arising from data breaches. Against this backdrop, cybersecurity concerns within the industry have escalated with a 4 pc year-on-year (YoY) rise in 2022, reflecting the prevailing sentiment, says GlobalData, a leading data and analytics company.

In its report, Company Filing Analytics Database, GlobalData says that sentiment for airlines, travel services, and lodging rose by 6 pc, 4 pc, and 1 pc, respectively, in 2022 over 2021.

“Companies are consistently working on information and network security projects to set up a reliable technical protection and security management mechanism to ensure customer security and prevent data leakage. A severe data security incident can lead to operational disturbances and cause significant financial damage to the business,” says Misa Singh, Business Fundamentals Analyst at GlobalData.

Online romance fraud is an increasingly common phenomenon, which can affect people of all ages worldwide. This type of fraud occurs when a malicious individual or members of a criminal organization engage with users online pretending to be romantically interested in them, while trying to trick them into sending money or sharing confidential information with them.

Online romance scams can have a detrimental effect on a victim’s life, causing them to spend all their savings, become indebted, and even be subjected to blackmail or identity theft. A team of researchers at Abertay University in the U.K. recently reviewed existing literature focusing on romance fraud and then summarized some of the most recurring findings in a paper pre-published on arXiv.

“Romance fraud has been growing over the last decade or so and was exacerbated by the COVID-19 pandemic which saw a surge in cybercrime and cyberattacks,” Dr. Lynsay Shepherd, one of the researchers who carried out the study, told Tech Xplore. “Our paper provides a comprehensive overview of romance fraud research, which could serve as a starting point for future research in the field.”

The company is offering rewards ‘for exceptional discoveries’.

OpenAI, the creator of conversational chatbot ChatGPT, has announced a Bug Bounty program where users can report “vulnerabilities, bugs, or security flaws” and be financially rewarded for finding them. The company has announced rewards ranging from $200 to $20,000 depending on the severity of the flaw and teamed up with a popular bug-finding platform to streamline the process.

OpenAI’s ChatGPT has ushered in a race for artificial intelligence (AI) models that provide comprehensive solutions to user queries and can even simulate intriguing imagery with the help of a few text prompts.

Continue reading “OpenAI launches $20k Bug Bounty Program to make its products safer” »

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses.

“The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps,” Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023.

Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store. Such apps often masquerade as seemingly innocuous apps, with malicious updates introduced upon clearing the review process and the applications have amassed a significant user base.

While much-debated AI tools will not automate or elevate every digital assault, phishing scheme or hunt for software exploits, NSA’s Rob Joyce said April 11, what it will do is “optimize” workflows and deception in an already fast-paced environment.

“Is it going to replace hackers and be this super-AI hacking? Certainly not in the near term,” Joyce said at an event hosted by the Center for Strategic and International Studies think tank. “But it will make the hackers that use AI much more effective, and they will operate better than those who don’t.”

Continue reading “AI tools like ChatGPT likely to empower hacks, NSA cyber boss warns” »

After Watching “The Undeclared War” and reading about the documents leaked from the Pentagon this week I’m not surprised to hear about the creation of a Cyber Force military branch.

The U.S. is considering a 7th branch of its armed services to combat cyberthreats on Earth and in space.

According to reports, the Taiwanese computer hardware company MSI (Micro-Star International) was recently joined to the list of victims of a new ransomware gang that goes by the name “Money Message.” The perpetrators of the cybercrime say that they have taken source code along with other critical material from the company’s network. MSI is a world-renowned leader in the production of computer components, such as motherboards, graphics cards, desktop computers, laptop computers, servers, and other electronic equipment. It brings in more than $6.5 billion in income every year.

Money Message has included MSI on the website that it maintains for the publication of leaked material and has published images of the company’s CTMS and ERP databases in addition to files that include software source code, private keys, and BIOS firmware. If MSI does not comply with the threat actors’ demand for a ransom payment, they will now threaten to release all of the information that was taken.

Continue reading “Computer hardware company MSI hacked, BIOS source code and private keys stolen” »

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.

This entails the abuse of CVE-2022–46169 (CVSS score: 9.8) and CVE-2021–35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week.

CVE-2022–46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code. CVE-2021–35394 also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021.