This Cryptomining Tool Is Stealing Secrets

 

source: wired.com  |  image: pexels.com

 

As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory’s compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine’s history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

Continue reading “This Cryptomining Tool Is Stealing Secrets”

The Best Password Managers to Secure Your Digital Life

 

source: wired.com  |  image: pexels.com

 

PASSWORD MANAGERS ARE the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For nearly a decade, that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.

The safest (if craziest) way to store your passwords is to memorize them all. (Make sure they are long, strong, and secure!) Just kidding. That might work for Memory Grand Master Ed Cooke, but most of us are not capable of such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our memory.

A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks. Read our guide to VPN providers for more ideas on how you can upgrade your security, as well as our guide to backing up your data to make sure you don’t lose anything if the unexpected happens.

Taliban weighs using US mass surveillance plan, met with China’s Huawei

 

source: reuters.com  |  image: pixabay.com

 

KABUL, Sept 25 (Reuters) – The Taliban are creating a large-scale camera surveillance network for Afghan cities that could involve repurposing a plan crafted by the Americans before their 2021 pullout, an interior ministry spokesman told Reuters, as authorities seek to supplement thousands of cameras already across the capital, Kabul.

The Taliban administration — which has publicly said it is focused on restoring security and clamping down on Islamic State, which has claimed many major attacks in Afghan cities — has also consulted with Chinese telecoms equipment maker Huawei about potential cooperation, the spokesman said.

Continue reading “Taliban weighs using US mass surveillance plan, met with China’s Huawei”

Meta spots largest influence network to date

source: axios.com  |  image: pixabay.com

 

Meta said it’s taken down what it believes is the biggest online influence operation of all time.

Why it matters: The wide-reaching, pro-Chinese operation targeted social media users in Taiwan, alongside users in a handful of the island’s allies like the U.S., the U.K. and Japan, as anxieties over a possible Chinese invasion of Taiwan grow.

Details: Meta estimated in its second-quarter threat report, released today, that the China-linked campaign involved 7,704 accounts, 954 pages, 15 groups on Facebook and 15 accounts on Instagram.

  • Researchers uncovered evidence of the campaign on more than 50 online platforms, including YouTube, TikTok, Reddit, Pinterest and X, formerly known as Twitter.
  • The campaign mostly spread pro-China messages, amplified criticisms of U.S. and other Western policies, and targeted journalists, human rights activists and other critics of the Chinese government.

What they’re saying: “This is one of the single-biggest takedowns of coordinated inauthentic behavior that we’ve ever run into,” Ben Nimmo, global threat intelligence lead at Meta, told reporters.

Yes, but: Campaign operators struggled to garner significant, authentic engagement or reach, much like most recent pro-Chinese influence campaigns.

Catch up quick: Meta believes the latest campaign is an extension of an ongoing effort known as “Spamouflage” that emerged in 2019.

The intrigue: Campaign operators started their scheme by posting content directly to Facebook and Instagram, but automated systems were quick to detect the posts, according to the report.

  • This prompted campaign operators to start posting on smaller platforms and later amplify those posts on Meta’s social media sites.

What’s next: Meta researchers expect the threat actors behind the campaign to rebuild and keep trying, despite consistently struggling to reach real people, Nimmo said.

A New Attack Reveals Everything You Type With 95 Percent Accuracy

 

source: wired.com (contributed by Artemus Founder, Bob Wallace)  |  image: pixabay.com

A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still dangerously high, and a record for that medium.

Such an attack severely affects the target’s data security, as it could leak people’s passwords, discussions, messages, or other sensitive information to malicious third parties.

Continue reading “A New Attack Reveals Everything You Type With 95 Percent Accuracy”

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

source: securityweek.com  |  image: pexels.com

 

Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Government agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Last year, the Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which proof-of-concept (PoC) exploit code exists publicly.

Continue reading “Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities”

Officials found suspected Chinese malware hidden in various US military systems. Its intended use is disruption rather than surveillance, a ‘disturbing’ change in intent, experts say.

 

source: businessinsider.com  |  image: pexels.com

 

  • Suspected Chinese malware has been identified in several US military systems. 
  • Unlike other surveillance malware from China, this malware seems intended to disrupt operations.
  • The malware could also have the ability to disrupt normal civilian life and businesses.

US officials found suspected Chinese malware across several military systems — and unlike previous attacks, experts say the intent is more likely to disrupt rather than to surveil, The New York Times reports.

The attacks first came into the public eye in May after Microsoft identified malicious code in telecommunications software in Guam, where the US houses the Andersen Air Force Base.

Continue reading “Officials found suspected Chinese malware hidden…”

US power grid faces escalating cyber threats, infrastructure experts warn

source: govexec.com  |  image: pixabay.com

The power grid is experiencing heightened threats from foreign adversaries and domestic extremist groups that can pose devastating consequences for the nation’s supply of electricity, experts told a House subcommittee. 

 

Energy infrastructure experts testified that the U.S. power grid is facing a myriad of escalating cybersecurity risks and emerging threats from both foreign adversaries and domestic extremists amid an ongoing critical modernization journey.

The latest annual threat assessment out of the Intelligence Community identifies Chinese cyber operations against the U.S. homeland as a major national security threat and warns that Beijing is “almost certainly capable of launching cyber attacks that could disrupt critical infrastructure services” nationwide, including the power grid. 

Continue reading “US power grid faces escalating cyber threats, infrastructure experts warn”

Pro-China influence campaign infiltrates U.S. news websites

source: washington post, courtesy of FAN, Bill Amshey  |  image: pixabay.com

  • Haixun is a private company but has links to Chinese government actors, according to its own publicity and government media coverage of the firm. 
  • It’s not clear whether the content published on U.S. news websites is paid for by Chinese state actors. However, much of it is directly reproduced from Chinese state media reports or state-funded think tanks. 
The articles — which have appeared in financial news subdomains of at least 32 websites including the Arizona Republic and the Pittsburgh Post-Gazette — include Chinese state media stories and scathing critiques of U.S. policymakers, academics and others critical of Beijing. 

Continue reading “Pro-China influence campaign infiltrates U.S. news websites”

Russia-Linked RomCom Hackers Targeting NATO Summit Guests

source: securityweek.com  |  image: pixabay.com

 

A recent RomCom cyber operation has been targeting NATO Summit guests and other entities supporting Ukraine.

As part of a recently identified cyber operation, a Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit taking place July 11-12, the cybersecurity unit at BlackBerry reports.

Taking place in Vilnius, Lithuania, the NATO Summit has on the agenda talks focusing on the war in Ukraine, as well as new memberships in the organization, including Sweden and Ukraine itself.

Taking advantage of the event, RomCom has created malicious documents likely to be distributed to supporters of Ukraine, and appears to have dry-tested its delivery on June 22 and a few days before the command-and-control (C&C) domain used in the campaign went live,BlackBerry explains.

Continue reading “Russia-Linked RomCom Hackers Targeting NATO Summit Guests”