Category: Security News

Listening is so last year — Meta’s new tech wants to feel your voice

Posted on by esimantiras

Listening is so last year — Meta’s new tech wants to feel your voice

source: media.hubspot.com (contributed by Artemus founder, Bob Wallace)  |  image: pixabay.com

 

Great news for the vocal fry community: Your vocal cord vibrations could soon be put to good use protecting your data.

Seriously. Meta filed a patent application for user authentication using a “combination of vocalization and skin vibration,” per Patent Drop.

That title is a mouthful, so let’s break it down:
  • Meta wants to replace the need for passwords or fingerprint scanning with voice authentication for accessing systems like its AR headset or smart glasses.
  • But AI has made impersonating someone’s voice really easy, with convincing voice cloning and deep fakes already swirling.
  • So Meta is taking voice authentication one step further by scanning the “vibration of tissue” during speech in addition to one’s voice.
  • When a user says a wake word, a “vibration measurement assembly” picks up the vibrations of their skin and the acoustic waves of their voice to authenticate them.

The combined dataset would create a unique audio fingerprint and, when built into headsets and glasses, would let users access their systems with a single word.

And while no one likes their password getting hacked, the stakes are getting a hell of a lot higher, with new tech poised to start harvesting data directly from our brains.

Sounds interesting

This patent is just the latest of Meta’s voice authentication tech. A separate “user identification with voice prints” patent application would see voice prints integrated into the two-factor authentication process for the company’s social media apps.

And Meta is far from the only company thinking about voice biometrics — the market is projected to hit 11.1B by 2032.

It will only become more important as AI companies crank out new voice generation tools, like OpenAI’s Voice Engine, which can clone someone’s voice using only a 15-second clip of them speaking, or ElevenLabs’ Reader App, which can clone celebrity voices.

 

 

FBI Kicks Hackers In The Teeth…

Posted on by esimantiras

FBI Kicks Hackers In The Teeth With Free 7,000 Ransomware Key Giveaway

source: Forbes.com (contributed by FAN, Steve Page  |  image: fbi.gov

 

The FBI is encouraging anyone who has been a victim of the LockBit ransomware group and its many affiliates to contact them for a free decryption key that could help restore their data. Bryan Vorndran, FBI Cyber Division assistant director, has urged potential victims to contact the Bureau after confirming that it is in possession of more than 7,000 decryption keys from the ransomware hackers.

Speaking at the Boston Conference on Cyber Security on June 5, Vorndran revealed that as part of the ongoing disruption of LockBit, it has amassed a vast collection of ransomware decryption keys. “We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov,” Vorndran said.

FBI Continues To Disrupt The World’s Most Prolific Ransomware Gang

LockBit has long been one of the most prolific ransomware groups, responsible for at least 1,800 successful attacks in the U.S. alone, according to the FBI. A joint law enforcement operation in February 2024 saw the FBI, along with the U.K. National Crime Agency and Europol, take control of LockBit infrastructure as part of an ongoing plan to disrupt its activity. Operation Cronos even saw law enforcement trolling the cybercrime group by replacing website information with a $10 million bounty on the group’s leader.

A Kick In The Teeth For LockBit

Raj Samani, chief scientist at cybersecurity specialist Rapid7, said the collection and release of the decryption keys was “another kick in the teeth for the ransomware group and a great win for law enforcement.”

LockBit is not going down without a fight, however, and has been heavily engaged in a public relations damage control exercise since the February takedown as a show of strength in order to try and maintain the confidence of the affiliates it relies upon to hack into networks and deploy the ransomware malware. “Such announcements by the FBI damages this confidence,” Samani said, “and hopefully we’ll soon see the end of the LockBit ransomware group.”

Is Your Computer Part of ‘The Largest Botnet Ever?’

Posted on by esimantiras

Is Your Computer Part of ‘The Largest Botnet Ever?’

source: krebsonsecurity.com  |  image: pixabay.com

 

he U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime.

On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe Wang. In a statement on his arrest today, the DOJ said 911 S5 enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs. Continue reading “Is Your Computer Part of ‘The Largest Botnet Ever?’”

NSA Warns iPhone And Android Users To Turn It Off And On Again

Posted on by esimantiras

NSA Warns iPhone And Android Users To Turn It Off And On Again

source: Forbes.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

Updated Saturday, June 1: This article has been updated to include clarifcation around the safety of using public Wi-Fi networks and additional advice from the NCSC and FCC.

Although some people might worry about the National Security Agency itself spying on their phones, the NSA has some sage advice for iPhone and android users concerned about zero-click exploits and the like: turn it off and on again once per week.

How often do you turn off your iPhone or android device? Completely turn it off and then reboot it, rather than just going into standby mode, that is. I suspect that the answer for many people is only when a security or operating system update requires it. That, according to the NSA, could be a big mistake.

Users can mitigate the threat of spear-phishing, which can lead to the installation of yet more malware and spyware, by the same simple action. However, the NSA document does warn that the turn it off and on again advice will only sometimes prevent these attacks from being successful. Continue reading “NSA Warns iPhone And Android Users To Turn It Off And On Again”

3 North Koreans infiltrated US companies in ‘staggering’ alleged telework fraud: DOJ

Posted on by esimantiras

3 North Koreans infiltrated US companies in ‘staggering’ alleged telework fraud: DOJ

 

source: yahoo.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

The Justice Department on Thursday unsealed an indictment charging three North Korean workers and a United States citizen with allegedly engaging in “staggering fraud” through a complex scheme where they secured illicit work with a number of U.S. companies and government agencies.

The indictment against the North Korean IT workers — using the aliases Jiho Han, Chunji Jin and Haoran Xu — alleges the group used fraudulent identities belonging to 60 real Americans to secure telework positions between October 2020 and 2023 that ultimately generated nearly $7 million in profits for the Democratic People’s Republic of Korea.

Continue reading “3 North Koreans infiltrated US companies in ‘staggering’ alleged telework fraud: DOJ”

Defense contractors face a long road on cybersecurity

Posted on by esimantiras

Defense contractors face a long road on cybersecurity

source: axios.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

Most defense contractors believe they’re too small and inconsequential for nation-state hackers to target them, a National Security Agency official told Axios.

Why it matters: China, in particular, has been laser-focused on targeting key American critical infrastructure, officials have warned. Continue reading “Defense contractors face a long road on cybersecurity”

Report calls for U.S. biodefense buildup

Posted on by esimantiras

Report calls for U.S. biodefense buildup

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pixabay.com

 

A new report calls on all levels of government to strengthen U.S. biodefense measures and urges policymakers to codify parts of a national strategy to address an array of biological threats.

Why it matters: Threats in the form of infectious disease outbreaks, lab accidents and biology-based weapons are expected to increase in the coming years, according to the report’s authors and other experts.

  • But biodefense investments get caught in a cycle of “panic and neglect” — an intense focus for a short period, after which policymakers, funders and the public move on, the report notes.
  • “Every future administration must ensure that the National Biodefense Strategy keeps pace with the rapidly evolving and increasing biological threat,” the authors of the 2024 National Blueprint for Biodefense write. Continue reading “Report calls for U.S. biodefense buildup”

Apple’s iPhone Spyware Problem Is Getting Worse

Posted on by esimantiras

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

source: wired.com | image: pexels.com

 

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

 

In April, Apple sent notifications to iPhone users in 92 countries, warning them they’d been targeted with spyware. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” the notification reads.

Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based in India, but others in Europe also reported receiving Apple’s warning.

Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed “LightSpy,” but Apple spokesperson Shane Bauer says this is inaccurate, and researchers at security firm Huntress say the variant Blackberry analyzed was a macOS version, not iOS. Continue reading “Apple’s iPhone Spyware Problem Is Getting Worse”

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

Posted on by esimantiras

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

source: technewsworld.com | image: pexels.com

 

Brute force cracking of passwords takes longer now than in the past, but the good news is not a cause for celebration, according to the latest annual audit of password cracking times released Tuesday by Hive Systems.

Depending on the length of the password and its composition — the mix of numbers, letters, and special characters — a password can be cracked instantly or take half a dozen eons to decipher.

For example, four-, five-, or six-number-only passwords can be cracked instantly with today’s computers, while an 18-character password consisting of numbers, upper- and lower-case letters, and symbols would take 19 quintillion years to break.

Last year, Hive’s research found that some 11-character passwords could be cracked instantaneously using brute force. This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms — like bcrypt — for encrypting passwords in databases. Now, that same 11-character password takes 10 hours to crack.

Continue reading “Brute Force Password Cracking Takes Longer, But Celebration May Be Premature”

How to fix the military’s software SNAFU

Posted on by esimantiras

How to fix the military’s software SNAFU

source: defenseone.com  |  image: pexels.com

 

Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.

The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU.  

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Continue reading “How to fix the military’s software SNAFU”