Author: esimantiras

How to fix the military’s software SNAFU

Posted on by esimantiras

How to fix the military’s software SNAFU

source: defenseone.com  |  image: pexels.com

 

Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.

The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU.  

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Continue reading “How to fix the military’s software SNAFU”

‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities

Posted on by esimantiras

‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities

source: securityweek.com  |  image: pexels.com

 

The Android banking malware known as Vultur has been updated with new capabilities, allowing operators to interact with the infected devices and modify files, according to a report from security consulting outfit NCC Group.

Vultur was first documented in March 2021, when it stood out for the abuse of the legitimate applications AlphaVNC and ngrok for remotely accessing the VNC server on the victim device, and for automating screen recording and key-logging for credential harvesting.

The most recent version of the banking malware, however, packs significantly more capabilities, allowing attackers to control the infected device, prevent applications from running, display custom notifications, bypass lock-screen protections, and download, upload, install, search for, and delete files.

Continue reading “‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities”

AI robot wars heat up

Posted on by esimantiras

AI robot wars heat up

source: axios.com (submitted by FAN, Bill Amshey)  | image: pexels.com

 

Walking, dexterous robots are gradually making the leap from the science lab to the workplace with more sophisticated AI-driven software, Axios’ Jennifer A. Kingson writes.

  • Why it matters: There’s intense competition among humanoid robot manufacturers to get their products into the production lines of companies like Amazon and BMW.

Zoom in: An OpenAI-powered robot from a company called Figure was filmed using “common sense” to pick up an apple and hand it to a person who asked: “Can I have something to eat?”

  • The wild demonstration video for Figure 01, released yesterday, also showed the robot explaining in plain English why it acted in the way it did: “So I gave you the apple because it’s the only uh edible item I could provide you with from the table.”

Figure garnered a massive investment from Jeff Bezos and OpenAI. It’s currently staffing a BMW production line.

  • A robot from Agility — a Figure competitor — is being tested by Amazon and GXO Logistics, which recently deployed it at a Spanx warehouse in Georgia.

Majority of Consumers Feel Safe With DIY Home Security: Parks Study

Posted on by esimantiras

Majority of Consumers Feel Safe With DIY Home Security: Parks Study

 

source: technewsworld.com  |  image:  pexels.com

 

Some 60% of consumers believe their self-monitoring home security systems keep them just as safe as monitoring provided by security pros, according to research released by Parks Associates.

“Consumers view self-monitoring as a way to be notified of what’s going on in their homes. For many of them, that can provide the peace-of-mind that’s safe enough for certain households,” Parks President and CEO Elizabeth Parks told TechNewsWorld.

Based on a survey of 8,000 U.S. internet households, the research also found that the major reason for canceling professional monitoring systems was cost, with 25% of consumers citing “fees too high” as their reason for terminating their monitoring services.

Also mentioned as reasons for cutting professional monitoring were an increased sense of neighborhood safety and a realization that the household doesn’t use its system enough.

While many consumers feel their self-monitoring systems keep them safe, professional monitoring services remain popular.

Continue reading “Majority of Consumers Feel Safe With DIY Home Security: Parks Study”

Holographic message encoded in simple plastic

Posted on by esimantiras

Holographic message encoded in simple plastic

source: science daily.com  |  image: pexels.com

 

Important data can be stored and concealed quite easily in ordinary plastic using 3D printers and terahertz radiation, scientists show. Holography can be done quite easily: A 3D printer can be used to produce a panel from normal plastic in which a QR code can be stored, for example. The message is read using terahertz rays — electromagnetic radiation that is invisible to the human eye.

 

There are many ways to store data — digitally, on a hard disk, or using analogue storage technology, for example as a hologram. In most cases, it is technically quite complicated to create a hologram: High-precision laser technology is normally used for this.

Cybersecurity Threats in Global Satellite Internet

Posted on by esimantiras

Cybersecurity Threats in Global Satellite Internet

 

 

source: cyberdefensemagazine.com  |  image:  pixabay.com

 

Internet via satellite was first used for military purposes in the 1960s and became available for wide-scale commercial use in the 1990s. Current satellite internet systems typically use low-orbit satellites and provide data transmission at low speeds due to limited bandwidth. Starlink, on the other hand, is a project developed by Elon Musk’s SpaceX company and aims to provide a faster, more reliable and more comprehensive internet experience with low latency and high bandwidth through a high number of low orbit satellites.

The surge in satellite internet usage has opened up a new frontier for cybersecurity threats, ranging from sophisticated hacking attempts to disruptive denial-of-service attacks.

Continue reading “Cybersecurity Threats in Global Satellite Internet”

NSA shares zero-trust guidance to limit adversaries on the network

Posted on by esimantiras

NSA shares zero-trust guidance to limit adversaries on the network

source: bleepingcomputer.com (contributed by FAN, Steve Page)  |  image: nsa.gov

 

The National Security Agency is sharing new guidance to help organizations limit an adversary’s movement on the internal network by adopting zero-trust framework principles.

A zero-trust security architecture requires strict controls for accessing resources on the network, be they inside or outside the physical perimeter, to minimize the impact of a breach.

Compared to the traditional IT security model, which presumes that everything and everyone on the network is trusted, the zero-trust design assumes that a threat already exists and does not allow free rein inside the network. 

Continue reading “NSA shares zero-trust guidance to limit adversaries on the network”

Fidelity customers’: ransomware attack

Posted on by esimantiras

Fidelity customers’ financial info feared stolen in suspected ransomware attack

 

source: the register.com (submitted by FAN, Steve Page)  |  image: pixabay.com

 

Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers’ personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys’ IT systems in the fall.

According to Fidelity, in documents filed with the Maine attorney general’s office, miscreants “likely acquired” information about 28,268 people’s life insurance policies after infiltrating Infosys.

“At this point, [Infosys] are unable to determine with certainty what personal information was accessed as a result of this incident,” the insurer noted in a letter [PDF] sent to customers. However, the US-headquartered firm says it “believes” the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.

In other words: Potentially everything needed to drain a ton of people’s bank accounts, pull off any number of identity theft-related scams — or at least go on a massive online shopping spree.

LockBit claimed to be behind the Infosys intrusion in November, shortly after the Indian tech services titan disclosed the “cybersecurity incident” affecting its US subsidiary, Infosys McCamish Systems aka IMS. It reported that the intrusion shuttered some of its applications and IT systems [PDF].

This was before law enforcement shut down at least some of LockBit’s infrastructure in December, although that’s never a guarantee that the gang will slink off into obscurity — as we’re already seen.

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Posted on by esimantiras

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

source: wired.com  |  image: pexels.com

 

In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”

It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that impacted thousands of organizations that downloaded a compromised software update, and led to the compromise of around 100 organizations, including major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.

According to Microsoft, it has found no evidence that its customer-facing systems were breached.

Communication devices found on Chinese-made cranes in US ports

Posted on by esimantiras

Communication devices found on Chinese-made cranes in US ports

 

source: newsnationnow.com (contributed by FAN, Steve Page)  | image: pixabay.com

 

A congressional investigation into Chinese-built cargo cranes at U.S. ports has uncovered concerns about potential national security risks.

According to a report from The Wall Street Journal, some of the cranes were found to contain communications equipment, including cellular modems, that could be accessed remotely.

Lawmakers worry about the threat of espionage and disruption posed by these cranes, which are predominantly manufactured by ZPMC, a Chinese company.

Continue reading “Communication devices found on Chinese-made cranes in US ports”