Surgeons in New York announce world’s first eye transplant

source: reuters.com  |  image: pexels.com

 

Nov 9 (Reuters) – Surgeons in New York have performed the first-ever whole-eye transplant in a human, they announced on Thursday, an accomplishment being hailed as a breakthrough even though the patient has not regained sight in the eye.

In the six months since the surgery, performed during a partial face transplant, the grafted eye has shown important signs of health, including well-functioning blood vessels and a promising-looking retina, according to the surgical team at NYU Langone Health.

“The mere fact that we transplanted an eye is a huge step forward, something that for centuries has been thought about, but it’s never been performed,” said Dr. Eduardo Rodriguez, who led the team.

Until now, doctors have only been able to transplant the cornea, the clear front layer of the eye.

Continue reading “Surgeons in New York announce world’s first eye transplant”

Casino Breaches Expose Why Identity Management Is at a Crossroads

 

source: technewsworld.com  |  image: pexels.com

 

As cyberthreats become more prevalent, the tangible losses from identity access management-related breaches underline the critical need to reform this cornerstone of digital security.

By now, many have heard about the massive cyberattacks that affected casino giants MGM Resorts and Caesars, leaving everything from room keys to slot machines on the fritz. Like many recent breaches, it’s a warning to improve security around digital identities — because that’s where it all started.

The origin story of this breach is similar to many we have seen lately: social engineering and impersonation attacks.

Hackers called MGM’s IT department and tricked the help desk into resetting legitimate logins, which they then used to launch a ransomware attack. The same group allegedly staged a rash of similar attacks across various other sectors, including a breach at casino rival Caesars Entertainment, which reportedly paid $15 million to get its data back days before the MGM attack.

Continue reading “Casino Breaches Expose Why Identity Management Is at a Crossroads”

A New AI Arms Race

 

source: cyberdefensemagazine.com  |  image: pixels.com

 

The internet has seen its share of arms races in recent decades. The advent of viruses resulted in an ongoing battle between those who make viruses and those who make antiviruses. The increase in spam made our email accounts unusable without spam filters. The proliferation of annoying ads made ad blockers necessary to maintain any semblance of sanity while browsing the web.\

What is the most likely scenario, then, with regards to the recent breakthroughs in AI technology – namely the large language models (LLMs) that most people know as ChatGPT or Bard?

Predictions vary from the catastrophic to the utopian. And to be sure, both scenarios are possible. But I would suggest that the most predictable outcome is substantially more mundane than either of these options.

Continue reading “A New AI Arms Race”

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

 

source: threatpost.com  | image:  pixabay.com

 

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software.

Researcher Felix Krause, who outlined how Meta tracks users in a blog posted Wednesday, claims that this type of tracking puts users at “various risks”. He warns both iOS versions of the apps can “track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap” via their in-app browsers.

iOS users’ concerns over tracking were addressed by Apple’s 2021 release of iOS 14.5 and a feature called App Tracking Transparency (ATT). The added control was intended to require app-developers to get the user’s consent before tracking data generated by third-party apps not owned by the developer.

Krause said that both iOS apps Facebook and Instagram are using a loophole to bypassed ATT rules and track website activity within their in-app browsers via the use of a custom JavaScript code used in both in-app browsers. That means, when an iOS user of Facebook and Instagram click on a link within a Facebook and Instagram post (or an ad), Meta launches its own in-app browser which can then track what you do on external sites you visit.

Meta’s Use of a JavaScript Injection 

“The Instagram [and Facebook] app injects their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn’t do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers,” Krause wrote.

Continue reading “Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’”

Fingerprint Theft Just a Shutter Click Away

source: technewsworld.com  |  image: pixabay.com

 

Ever since smartphone makers started incorporating fingerprint scanners as a means of unlocking mobile phones, the Chaos Computer Club has attacked the technology with vigor. 

Not long after Apple added Touch ID to its iPhones, the German hackers demonstrated how to lift prints from a surface and create a flexible pad containing the print that could be used to break into a phone.

Now the CCC hacker known as “Starbug” has used digital photography to perform the same trick without lifting any prints at all. At a recent cybersecurity conference, Starbug demonstrated how he created the thumb print of German Minister of Defense Ursula von der Leyen from several news photos.

“After this talk, politicians will presumably wear gloves when talking in public,” Starbug said.

Continue reading “Fingerprint Theft Just a Shutter Click Away”

A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise

 

source: wired.com  |  image: pixabay.com

 

Though often viewed as the “crown jewel” of the US intelligence community, fresh reports of abuse by NSA employees and chaos in the US Congress put the tool’s future in jeopardy.

The federal law authorizing a vast amount of the United States government’s foreign intelligence collection is set to expire in two months, a deadline that threatens to mothball a notoriously extensive surveillance program currently eavesdropping on the phone calls, text messages, and emails of no fewer than a quarter million people overseas.

The US National Security Agency (NSA) relies heavily on the program, known as Section 702, to compel the cooperation of communications giants that oversee huge swaths of the internet’s traffic. The total number of communications intercepted under the 702 program each year, while likely beyond tally, ostensibly reaches into the high hundreds of millions, according to scraps of reportage declassified by the intelligence community over the past decade, and the secret surveillance court whose macroscopic oversight—even when brought to full bear against the program—scarcely takes issue with any quotidian abuses of its power.

Continue reading “A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise”

Social engineering for espionage

and for profit

 

source: thecyberwire.com  |  image: pixabay.com

 

At a glance.

  • Okta discloses a data exposure incident.
  • Cisco works to fix zero-day.
  • DPRK threat actors pose as IT workers.
  • Five Eyes warn of AI-enabled Chinese espionage.
  • Job posting as phishbait.
  • The risk of first-party fraud.
  • The Quasar RAT and DLL side-loading.
  • Hacktivists trouble humanitarian organizations with nuisance attacks.
  • Content moderation during wartime.
  • Not content-moderation, but fact-checking.
  • Cyberespionage at the ICC.

Okta discloses a data breach.

Identity and access management company Okta has disclosed a data breach affecting some of the company’s customers. The company stated, “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.”

Continue reading “Social engineering for espionage and for profit”

The Best Password Managers to Secure Your Digital Life

 

source: wired.com  |  image: pexels.com

 

PASSWORD MANAGERS ARE the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For nearly a decade, that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.

The safest (if craziest) way to store your passwords is to memorize them all. (Make sure they are long, strong, and secure!) Just kidding. That might work for Memory Grand Master Ed Cooke, but most of us are not capable of such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our memory.

A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks. Read our guide to VPN providers for more ideas on how you can upgrade your security, as well as our guide to backing up your data to make sure you don’t lose anything if the unexpected happens.

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

 

source: infosecurity-magazine.com  |  image: pexels.com

 

Security researchers have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency, by getting them to complete meaningless tasks they believe will earn them money.

Dubbed “WebWyrm” by CloudSEK, the operation has already targeted more than 100,000 individuals across over 50 countries by impersonating over 1000 companies across 10 industries. It has already potentially netted the scammers over $100m.

The scammers approach victims primarily on WhatsApp, potentially using data from recruitment portals to target their schemes to those most likely to respond.

Promising a weekly salary of $1200-1500, they request the victim to complete 2-3 “packets” or “resets” per day, with each containing 40 tasks.

Continue reading “Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers”

The surprising threat is lurking even in your ‘secure’ work environment

 

source: fast company.com  |  image: pexels.com

 

When Netflix released The Most Hated Man on the Internet, we got an up-close glimpse of the harm that nefarious people can do by exposing the personal information of others online. The series illustrated how Hunter Moore used stolen or hacked images to populate a pornographic website, targeting women who did not consent for their images to be used—and introducing many people to the concept of “doxing.” 

Derived from 1990s hacker culture, doxing is a play on the word document or dossier, referring to compiling data on a person or company. It gained greater visibility in 2014 when a group released the private information of women who they perceived as receiving favoritism in the gaming journalism industry. The incident, titled GamerGate, exposed the dangers of being targeted by bad actors and the potential for negative psychological outcomes.

Continue reading “The surprising threat is lurking even in your ‘secure’ work environment”