Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 81

Jul 19, 2022

Scientists hack fly brains to make them remote controlled

Posted by in categories: cybercrime/malcode, engineering, genetics, nanotechnology, neuroscience, particle physics

Researchers at Rice University have shown how they can hack the brains of fruit flies to make them remote controlled. The flies performed a specific action within a second of a command being sent to certain neurons in their brain.

The team started by genetically engineering the flies so that they expressed a certain heat-sensitive ion channel in some of their neurons. When this channel sensed heat, it would activate the neuron – in this case, that neuron caused the fly to spread its wings, which is a gesture they often use during mating.

Continue reading “Scientists hack fly brains to make them remote controlled” »

Jul 19, 2022

Flipkart-owned flight booking platform Cleartrip hit by data breach

Posted by in category: cybercrime/malcode

Flipkart-owned Cleartrip, a flight booking platform, said that it suffered a major data breach in its internal systems.

In an email to customers, the company stated, “This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems.”

However, the travel company assured them that no sensitive information pertaining to a user’s account had been compromised due to this incident, apart from a few personal details.

Jul 18, 2022

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Posted by in category: cybercrime/malcode

Researchers have raised the alarm about a “sudden” spike in cyberattacks attempting to exploit an unpatched vulnerability in WordPress Plugin.


Pegasus spy software was used to hack into the devices of dozens of Thai pro-democracy activists as part of an extensive espionage operation.

Jul 18, 2022

Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand

Posted by in category: cybercrime/malcode

Pegasus spy software was used to hack into the devices of dozens of Thai pro-democracy activists as part of an extensive espionage operation.

Jul 17, 2022

Beating hackers at bug hunting

Posted by in categories: cybercrime/malcode, innovation, robotics/AI

An innovative new collaboration between EPFL’s HexHive Laboratory and Oracle has developed automated, far-reaching technology in the ongoing battle between IT security managers and attackers, hoping to find bugs before the hackers do.

On the 9th of December 2021 the world of IT went into a state of shock. Before its developers even knew it, the log4j application—part of the Apache suite used on most web servers—was being exploited by hackers, allowing them to take control of servers and all over the world.

The Wall Street Journal reported news that nobody wanted to hear: “U.S. officials say hundreds of millions of devices are at risk. Hackers could use the bug to steal data, install malware or take control.”

Jul 17, 2022

‘Lives are at stake’: hacking of US hospitals highlights deadly risk of ransomware

Posted by in categories: biotech/medical, cybercrime/malcode

The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, according to a report from the cybersecurity firm Sophos. More than two-thirds of healthcare organizations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.

Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021.

“The current outlook is terrible,” said Israel Barak, CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.”

Jul 17, 2022

The most dangerous keylogger malware of 2022: Snake Keylogger

Posted by in categories: cybercrime/malcode, encryption, finance

Check Point Research, the Threat Intelligence division of the company, a leading global cybersecurity specialist provider, has released its Global Threat Index for the month of June 2022. Researchers have found that Emotet continues to be the number one malware and has also increased its global incidence by around 6%. Continuing with its climb of the last month, Snake Keylogger sneaks into the top three positions, taking the Formbook position, both still far from Emotet.

Emotet, has affected 14% of organizations around the world in June, an increase that is almost double compared to the previous month. This malware is highly profitable thanks to its ability to go unnoticed. Its persistence also makes it difficult to remove once a device is infected, making it the perfect tool in a cybercriminal’s arsenal. Conceived as a banking Trojan, it is often distributed via phishing emails and has the ability to embed other malware, increasing its ability to cause widespread damage.

Continue reading “The most dangerous keylogger malware of 2022: Snake Keylogger” »

Jul 16, 2022

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices

Posted by in category: cybercrime/malcode

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple’s operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware.

“An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a write-up.

Tracked as CVE-2022–26706 (CVSS score: 5.5), the security vulnerability impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022.

Jul 15, 2022

Security vulnerabilities revealed in fingerprint sensors and crypto wallets

Posted by in categories: cybercrime/malcode, innovation

Security experts from paluno, the Ruhr Institute for Software Technology at the University of Duisburg-Essen (UDE) have developed a new technique that, for the first time, enables fuzz testing of protected memory areas in modern processors. Their method revealed many vulnerabilities in security-critical software.

Intel’s “Software Guard Extension” (SGX) is a widely used technology to protect from misuse. It helps developers in shielding a certain memory area from the rest of a computer. A , for example, can be executed safely in such an enclave, even if the rest of the system is corrupted by malware.

However, it is not uncommon for errors to creep in during the programming of the enclaves. Already in 2020, the paluno team from Prof. Dr. Lucas Davi discovered and published several vulnerabilities in SGX enclaves. Now, together with partners form the CASA cluster of excellence, the researchers have achieved another breakthrough in the analysis techniques: Their latest development enables the fuzz testing of enclaves, which is much more effective than the previously used symbolic execution. The idea behind fuzz testing is to feed a large number of inputs into a program in order to gain insights into the structure of the code.

Jul 14, 2022

A deep learning technique to generate DSN amplification attacks

Posted by in categories: cybercrime/malcode, information science, privacy, robotics/AI

Deep learning techniques have recently proved to be highly promising for detecting cybersecurity attacks and determining their nature. Concurrently, many cybercriminals have been devising new attacks aimed at interfering with the functioning of various deep learning tools, including those for image classification and natural language processing.

Perhaps the most common among these attacks are adversarial attacks, which are designed to “fool” deep learning algorithms using data that has been modified, prompting them to classify it incorrectly. This can lead to the malfunctioning of many applications, , and other technologies that operate through .

Several past studies have shown the effectiveness of different adversarial attacks in prompting (DNNs) to make unreliable and false predictions. These attacks include the Carlini & Wagner attack, the Deepfool attack, the fast gradient sign method (FGSM) and the Elastic-Net attack (ENA).

Page 81 of 220First7879808182838485Last