Forum Replies Created
2020-04-11 at 16:55 #65018
‘Fake Fingerprints’ Bypass Scanners with 3D Printing
New research has found that it’s possible to use 3D printing technology to create “fake fingerprints” that can bypass most fingerprint scanners used by popular devices. However, creating the attack remains costly and time-consuming. 3D printing technology is now being used to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products. The fake fingerprints achieved an 80 percent success rate on average, where the sensors were bypassed at least once. Researchers did not have success in defeating biometrics systems in place on Microsoft Windows 10 devices.
2020-04-09 at 14:01 #65012
7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic
Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak that’s fueled by disinformation and fake news to distribute malware via Google Play apps, malicious links and attachments, as well as execute ransomware attacks. The latest development adds to a long list of cyberattacks against hospitals and testing centers, and phishing campaigns that aim to profit off the global health concern. Here’s a list as to what the article covers, Mobile Malware, Email Phishing, Discounted off-the-shelf Malware, SMS Phishing, Face Mask and Hand Sanitizer Scams, Malicious Software and Ransomware Attacks.
2020-04-09 at 14:00 #65010
Zoom Caught in Cybersecurity Debate — Here’s Everything You Need To Know
Over the past few weeks, the use of Zoom video conferencing software has increases in mass amounts but if this public scrutiny can make it a more secure product, it can only be a good thing in the long run. To give credit where it’s due, Zoom passionately responded to these disclosures quickly and it has already patched a number of issues highlighted by the security community. In addition, the company has announced a 90-day freeze on releasing new features to “better identify, address, and fix issues proactively.” Ultimately, it all comes down to if we should be continuing to use Zoom. It would be easy to look at all of these flaws and say that people should simply stay away from Zoom, but it’s not that simple. The fact that Zoom has designed and implemented its own encryption is a major red flag, as custom schemes don’t undergo the same scrutiny and peer review as the encryption standards we all use today are subjected to.
2020-04-02 at 16:15 #64957
Zoom: We’re freezing all new features to sort out security and privacy
SpaceX band its workers from using it due to security and privacy issues, leading Zoom to say all feature development is halted to work on security. In response to these concerns, Zoom has announced it will conduct a third-party security review. With the COVID-19 coronavirus outbreak, it has brought mixed opportunities for Zoom, sending user numbers and its share price skyrocketing as workers and students from all around the globe work from home. However, it’s also brought more scrutiny on the company’s product security and privacy standards leaving us with the question of what should people be communicating with while stuck at home if not Zoom?
2020-04-02 at 16:07 #64955
Patch Released for Linux Kernel Vulnerability Disclosed at Hacking Contest
At the recent Pwn2Own 2020 hacking competition, a patch was released for a Linux kernel vulnerability that would escalate privileges to root on Ubuntu Desktop. The researchers who took part this year in the Zero Day competition earned a total of $270,000 for exploiting vulnerabilities in Windows, Ubuntu Desktop, macOS, Safari, Oracle Virtual Box, and Adobe Reader. The vulnerability has been classified as high severity. Linux kernel developers have patched the bug and Ubuntu has released updates and mitigations to address the vulnerability.
2020-03-26 at 20:23 #64784
Apple iOS users served mobile malware in Poisoned News campaign
Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware. Newly-registered members of the discussion forums would post links generally related to sex, clickbait headlines, and COVID-19. The links do actually lead to legitimate news outlets however, a watering hole attack uses a hidden iframe to deploy and execute malicious code. The URLs used led to a malicious website created by the attacker, which contain three iframes that pointed to different sites. The only visible iframe leads to a legitimate news site, which makes people believe they are visiting the site they searched. One invisible iframe was used for website analytics, while the other led to a site hosting the main script of the iOS exploits.
2020-03-26 at 19:57 #64782
Hackers Use Fake “Corona Antivirus” Software to Distribute Malware Backdoor
A group of hackers were found promoting a fake antivirus software to distribute a malware payload which could infect the systems with the BlackNET RAT, while adding it to a botnet. It comes with bot management features including restarting and shutting down an infected device, updating bot client, and more. Researchers have discovered sites that are exploiting the current COVID-19 pandemic to target computer systems using a fake “Corona Antivirus”.
2020-03-12 at 20:57 #64238
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft released security updates to fix 115 new security vulnerabilities for different versions of the Windows operating system and related software. Of the new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. Users and system administrators should test and apply the latest security patches as soon as possible to prevent anything from exploiting them to gain complete, remote control over vulnerable computers.
2020-03-12 at 20:45 #64236
Beware of ‘Coronavirus Maps’ – It’s a malware infecting PCs to steal passwords
Even the spread of the coronavirus is becoming an opportunity for cybercriminals to spread malware or launch cyberattacks. The malware attack target are those who are looking for cartographic presentations of the spread of the virus on the Internet, and tricks them into downloading and running a malicious application that shows a map loaded from a legit online source but in the background compromises the computer.
2020-02-20 at 22:35 #63927
Navy, Beset by Aging Tech, Pushes for Rapid Modernization
Cybersecurity expert, John Hultquist and WSJ’s Dustin Volz, discuss what new tactics hackers have and whether the U.S. is prepared to defend. Older and fragmented technology has left the U.S. Navy unable to fully defend itself from persistent cyberattacks, claimed defense officials, starting an effort across the service to upgrade and secure computer networks. Alarmed by the technological shorting’s, the Navy’s secretary circulated an internal strategy memo last week outlining goals to quickly modernize computer infrastructure.
2020-02-20 at 22:25 #63924
Cloud misconfigurations surge, organizations need continuous controls
With the rush to obtain cloud services, new opportunities for attackers are evolving faster than companies can protect themselves. The fact that there’s a 42% increase from 2018 to 2019 in cloud related breaches due to misconfiguration issues, proves that attackers are taking advantage of the opportunity to exploit cloud environments that are not sufficiently hardened.
2020-02-13 at 23:08 #63751
BEC Scammers Siphoned Off $2.6 Million from Puerto Rico Government
The government of Puerto Rico has claimed that its Industrial Development Company has played as a victim to an email scam known as BEC or EAC scam. The government owned corporation reportedly received an email claiming a change to a banking account tied to payments. The agency transferred the amount to a fraudulent account. BEC scams continue to cost big to individuals and companies.
2020-02-13 at 21:51 #63746
“Nasty Android malware reinjects its targets, and no one knows how”
Malwarebytes provided a more in depth analysis after the company’s Android antivirus app detected “xHelper” on 33,000 devices mostly located in the US. The encryption made analysis hard, but Malwarebytes researchers came to the conclusion that the main purpose of the malware was to act as a backdoor that could remotely receive commands and install other apps.
2020-02-06 at 18:14 #63611
Only Three Out of Top 100 Airports Pass Cybersecurity Checks
Ninety-seven percent of airport sites were being operated on outdated web software, with 24% of them containing exploitable vulnerabilities. Two-thirds of airports were exposed to the Dark Web. The first step would be to promote and enhance common industry definitions established by the International Civil Aviation Organization. Also, cybersecurity, privacy, and digital trust will be decided on the basis of how well an organization shapes itself to cybersecurity requirements as time goes by.
2020-02-06 at 18:01 #63609
Chrome 80 Released With 56 Security Fixes
Google will release Chrome 80 with 56 vulnerability patches and a few other improvements for security. To protect against cross site forgery attacks, Chrome 80 will also have a new secure default cookie classification system. Google plans to disable FTP by default in the next Chrome and will completely remove support for it in Chrome 82. Google announced in October last year, Chrome 81 will auto update mixed images to HTTPS, or will block them if they fail to load over a secure connection.