Security News
The paper itself has a neutrally worded title that simply states the algorithm that it introduces, namely: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. For those who don't have iPhones or Macs, AirDrop is a surprisingly handy but proprietary Apple protocol that lets you share files directly but wirelessly with other Apple users nearby.
The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "Skillful and methodic operators who follow operations security best practices to minimize traces, stay under the radar, and avoid detection." By analyzing telemetry data associated with previously published indicators of compromise, RiskIQ said it identified an additional set of 18 servers with high confidence that likely communicated with the targeted, secondary Cobalt Strike payloads delivered via the TEARDROP and RAINDROP malware, representing a 56% jump in the attacker's known command-and-control footprint.
In these new roles, we are struggling to find the top tier of the ever-expanding next generation of threat experts. In career advice calls and meetings with young adults over the past couple of years, I've noticed an unexpected and common pattern emerge with Ivy League fresh grads with cybersecurity degrees, people considering a career transfer with little formal infosec training, and everyone in between.
Grid.ai announced the general availability of Grid, a new platform that enables researchers and data scientists to train AI models on the cloud at scale, from a laptop with zero code changes. The availability of Grid enables AI researchers, machine learning engineers, and data scientists to do development and training at scale without requiring advanced skills in machine learning engineering or MLOps engineering.
An academic researcher has analysed more than 100 Computer Misuse Act cases to paint a picture of the sort of computer-enabled criminals who not only plagued Great Britain's digital doings in the 21st Century but were also caught by the plod. The average Computer Misuse Act convict is likely to be a semi- or low-skilled individual, mostly working alone and more likely than not to have no knowledge of his or her victim, James Crawford of Royal Holloway, University of London, found.
An academic researcher has analysed more than 100 Computer Misuse Act cases to paint a picture of the sort of computer-enabled criminals who not only plagued Great Britain's digital doings in the 21st Century but were also caught by the plod. The average Computer Misuse Act convict is likely to be a semi- or low-skilled individual, mostly working alone and more likely than not to have no knowledge of his or her victim, James Crawford of Royal Holloway, University of London, found.
Behind the strategies and solutions needed to counter today's cyber threats are-dedicated cybersecurity researchers. What drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from around the world.
Pwn2Own 2021 ended with contestants earning a record $1,210,000 for exploits and exploits chains demoed over the course of three days. The total prize pool for Pwn2Own 2021 was over $1,500,000 in cash and included a Tesla Model 3.
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
A researcher has disclosed the details of a series of vulnerabilities that could have been exploited by an attacker to access an organization's private pages on GitHub. GitHub Pages is a service that individuals and organizations can use to host websites.