What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

source: securitymagazine.com

A quick “work from home new normal” search on Google will return results somewhere in the ballpark of 2 billion. On the other hand, searches for “cybersecurity risks work from home” result in far less—around 32 million. While that may seem like a lot of coverage on any scale, it reflects the chasm between what we focus on and what we understand about this new environment as we begin 2021.

By now, most companies recognize there is no turning back the hands of time to the way it was before the pandemic. The digital transformation is not just upon us but part of life moving forward. That’s likely to mean digital or hybrid workforces, digital currency and digital content, all of which can be hacked, causing significant damage to enterprises and employees alike. And while cybersecurity has been a concern for as long as the Internet became a staple of life, the difference now is that instead of organizations considering a strong culture of cybersecurity “nice to have,” it is a necessity—regardless of where workers are located.

Continue reading “What You Cannot See You Cannot Secure”

Google Warning: North Korean Hackers Breach Windows And Chrome Defenses To Attack Security Researchers

source: forbes.com

North Korean hackers have been masquerading as cybersecurity bloggers in order to target researchers in the field, according to Google. They’re doing so by exploiting mysterious weaknesses in computers running the most up-to-date versions of  Microsoft Windows and Google Chrome, the tech giant warned Monday.

Adam Weidemann, a researcher at Google’s Threat Analysis Group, said the attacks have been ongoing over the last three months. The hackers set up fake Twitter accounts to show off security research and link to a blog. One of the accounts—@br0vvnn—claimed to be the founder of @BrownSec3Labs and looked to be posting innocuous research as well as promoting others’ work, including Google’s own researcher Ben Hawkes. Earlier this month, another Google researcher, Thomas Shadwell, was sent a Twitter direct message by one of the hackers’ personas, Zhang Guo, though it’s unclear what they wanted. While the blog did contain some legitimate research (as well as faked material), it also hosted an exploit that would install a backdoor on the victim’s PC. Only Windows PCs have been attacked thus far.

Continue reading “Google Warning: North Korean Hackers Breach Windows…”

How Email Attacks are Evolving in 2021

source:  threatpost.com


The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise (BEC) attacks have on victims, said Ronnie Tokazowski, senior threat researcher with Agari.

These type of attacks don’t garner the same attention as high-profile hacks, he said. Why? Because BEC attacks are simple – yet potent. Instead of having to develop malware or complex attack chains, all attackers need to do is send an email – usually mimicking a coworker’s email account or using a compromised account –  and con victims to wire transfer money, for example. But the fallout from these types of attacks are devastating.

Continue reading “How Email Attacks are Evolving in 2021”

There Are Spying Eyes Everywhere—and Now They Share a Brain

source: wired.com

Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one?

ONE AFTERNOON IN the fall of 2019, in a grand old office building near the Arc de Triomphe, I was buzzed through an unmarked door into a showroom for the future of surveillance. The space on the other side was dark and sleek, with a look somewhere between an Apple Store and a doomsday bunker. Along one wall, a grid of electronic devices glinted in the moody downlighting—automated license plate readers, Wi-Fi-enabled locks, boxy data processing units. I was here to meet Giovanni Gaccione, who runs the public safety division of a security technology company called Genetec. Headquartered in Montreal, the firm operates four of these “Experience Centers” around the world, where it peddles intelligence products to government officials. Genetec’s main sell here was software, and Gaccione had agreed to show me how it worked.

Continue reading “There Are Spying Eyes Everywhere—and Now They Share a Brain”

Netlab, the networking security division of Chinese security firm Qihoo 360, said it had discovered a new fledgling malware operation that is currently infecting Android devices for the purpose of assembling a DDoS botnet, according to a ZDNetreport. 

The botnet, Matryosh, is going after Android devices that have left their ADB debug interface exposed on the internet. Netlab says Matryosh is a ADB-targeting botnet, using the Tor network to hide its command and control servers. The encryption algorithm implemented in this botnet and the process of obtaining C2 are nested in layers, “like Russian nesting dolls,” why is why Netlabnamed it Matryosh. 

Commenting on the news, Burak Agca, Engineer at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says, “The key feature of this attack is the exploitation of ADB, a long standing Android feature that’s meant to provide developers a simple method to communicate with, and remotely control devices. ADB allows anyone to connect to a device, install apps and execute commands, without authentication.

Continue reading “New Matryosh Botnet Targeting Android Devices”

In a Topsy-Turvy Pandemic World, China Offers Its Version of Freedom

source:  nytimes.com

Surveillance and censorship bolster Beijing’s uncompromising grip on power. But in the country’s cities and streets, people have resumed normal lives.

 

Duncan Clark’s flight was rolling down the runway in Paris in late October when President Emmanuel Macron announced a second national lockdown in France. The country had nearly 50,000 new Covid-19 infections that day. The United States had almost 100,000.

He sighed with relief. He was headed to China. That day, it had reported 25 new infections, all but one originating abroad.

Mr. Clark, a businessman and an author, returned to China after spending nine months in the United States and France, his longest time away from the country since he moved to Beijing in 1994. He had been spending more time outside China over the past few years to get away from air pollution, censored internet and an increasingly depressing political environment.

But when he returned in October, he felt something new: safe, energized and free.

“The ability to just live a normal life is pretty amazing,” he said.

Continue reading “In a Topsy-Turvy Pandemic World, China Offers Its Version of Freedom”

No More Needles for Diagnostic Tests? Engineers Develop Nearly Pain-Free Microneedle Patch

source: scitechdaily.com

Nearly pain-free microneedle patch can test for antibodies and more in the fluid between cells.

Blood draws are no fun.

They hurt. Veins can burst, or even roll — like they’re trying to avoid the needle, too.

Oftentimes, doctors use blood samples to check for biomarkers of disease: antibodies that signal a viral or bacterial infection, such as SARS-CoV-2, the virus responsible for COVID-19, or cytokines indicative of inflammation seen in conditions such as rheumatoid arthritis and sepsis.

These biomarkers aren’t just in blood, though. They can also be found in the dense liquid medium that surrounds our cells, but in a low abundance that makes it difficult to be detected.

Until now.

Engineers at the McKelvey School of Engineering at Washington University in St. Louis have developed a microneedle patch that can be applied to the skin, capture a biomarker of interest and, thanks to its unprecedented sensitivity, allow clinicians to detect its presence.

The technology is low cost, easy for clinicians or patients themselves to use, and could eliminate the need for a trip to the hospital just for a blood draw.

Continue reading “No More Needles for Diagnostic Tests?”

SpaceX Will Launch Billionaire Jared Isaacman on a Private Spaceflight This Year

Isaacman chartered a Crew Dragon flight and is donating the other three seats.

 source:  space.com

SpaceX continues to blaze new paths to the final frontier.

Billionaire tech entrepreneur Jared Isaacman has chartered a trip to Earth orbit with Elon Musk’s company, which last year became the first private outfit to fly astronauts to the International Space Station.

The 37-year-old Isaacman, who’s also an accomplished pilot, will command the four-person “Inspiration4” mission aboard a SpaceX Crew Dragon capsule, he and SpaceX announced today (Feb. 1). There will be no professional astronauts aboard; Isaacman is donating the other three seats.

“It will be the first-ever all-private crewed orbital mission in history,” Musk said during a teleconference with reporters today (Feb. 1).

SpaceX will use the Crew Dragon spacecraft “Resilience” for Inspiration4, Musk added. Resilience is currently docked at the International Space Station on the Crew-1 mission, SpaceX’s first contracted crewed flight to the orbiting lab for NASA.