Security News

The UK Research and Innovation is dealing with a ransomware incident that encrypted data and impacted two of its services, one offering information to subscribers and the platform for peer review of various parts of the agency. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research.

Google Project Zero researcher Natalie Silvanovich outlined what she believes is a common theme when it comes to serious vulnerabilities impacting leading chat platforms. The research, published Tuesday, identifies a common denominator within chat platforms, called "Calling state machine", which acts as a type of dial tone for messenger applications.

An international research team has developed a fast and affordable quantum random number generator. The device created by scientists from NUST MISIS, Russian Quantum Center, University of Oxford, Goldsmiths, University of London and Freie Universität Berlin produces randomness at a rate of 8.05 gigabits per second, which makes it the fastest random number generator of its kind.

Swimlane announced it has raised $40 million in funding led by EIP. This funding will accelerate partnerships and alliances, expand research and development, and enable further global expansion. For years, companies have focused on threat detection and prevention, with limited investment in innovation to help security staff keep up with their workload. Swimlane stands out in the market for enabling organizations to automate every aspect of their security operations.

Abu Dhabi and the UAE are working to pioneer breakthroughs in post-quantum cryptography and neuromorphic computing through an international partnership between Technology Innovation Institute's Cryptography Research Centre and Yale University, an Ivy League research university in Connecticut, United States. Speaking on the partnership, Dr Najwa Aaraj, Chief Researcher at Cryptography Research Centre, said: "We are excited to work with peers from Yale University in carrying out groundbreaking research in these two vital fields. At the Cryptography Research Centre, we are creating a knowledge-driven ecosystem powered by like-minded scientists and researchers - all focused on designing breakthrough solutions in different areas of cryptography."

The US Treasury Department's Financial Crimes Enforcement Network warned financial institutions of ransomware actively targeting vaccine research organizations. "FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines," the US Treasury Department bureau warned [PDF].

North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development. After slithering into their network, the North Korean state hackers deployed Bookcode and wAgent malware with backdoor capabilities.

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting similarities in the post-exploitation process, leading the researchers to connect the two attacks to the North Korean government-linked hackers.

The North Korea-linked threat actor known as Lazarus was recently observed launching cyberattacks against two entities involved in COVID-19 research. Active since at least 2009 and believed to be backed by the North Korean government, Lazarus is said to have orchestrated some high-profile attacks, including the WannaCry outbreak.

Sophos and ReversingLabs on Monday announced SoReL-20M, a database of 20 million Windows Portable Executable files, including 10 million malware samples. Aimed at driving security improvements across the industry, the database provides metadata, labels, and features for the files within, and enables interested parties to download the available malware samples for further research.