Security News

Researchers have found a way to clone Google's Titan Security Keys through a side-channel attack, but conducting an attack requires physical access to a device for several hours, as well as technical skills, custom software, and relatively expensive equipment. A new attack method against such devices was described by researchers from NinjaLab, a France-based company that specializes in the security of cryptographic implementations.

Security researchers have spotted a brand new ransomware family taking aim at corporate networks, warning that professional cybercriminals have already hit multiple organizations with the file-encryption scheme. The new ransomware family, called Babuk, has claimed at least four corporate victims facing data recovery extortion attempts.

ReCaptcha is Google's name for its own technology and free service that uses image, audio or text challenges to verify that a human is signing into an account. Google recently started charging for larger reCAPTCHA accounts.

ICREA research professor Jordi Cabot and researcher Abel Gómez, two members of the Systems, Software and Models Research Lab at the Universitat Oberta de Catalunya Internet Interdisciplinary Institute, in collaboration with the IKERLAN technology research centre, have designed an innovative new tool for automating and streamlining the creation of systems that employ asynchronous event-driven communication, one of the most widely used computer architectures in this sector. Abel Gómez said: "Much of the work that goes into implementing a program for an IoT device involves creating messages in the format that subscribers to the channel expect and also"translating" messages from other devices in order to process the information.

An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution vulnerability to compromise database servers. The miner takes a fileless approach, deleting the PostgreSQL table right after code launch, researchers said: PGMiner clears the "Abroxu" table if it exists, creates a new "Abroxu" table with a text column, saves the malicious payload to it, executes the payload on the PostgreSQL server and then clears the created table.

Findings highlight gaps in stress levels between workers at different job levels and industries and how increased usage of collaboration and UC applications has impacted the success of internal communication at enterprises. It's no surprise that stress levels amongst employees have increased in the wake of the pandemic.

A critical vulnerability addressed earlier this year in the PlayStation Now application for Windows could have been exploited by malicious websites to execute arbitrary code. The PlayStation Now application allows users to access an on-demand game collection directly from their Windows PCs. To enjoy the games, users also need a PlayStation Network account and a compatible controller.

UPDATED Infosec researchers at Palo Alto Networks' Unit 42 threat intelligence unit spotted a pair of prominent Chinese apps leaking personal data, and after it informed Google the ad giant dumped the apps from its Play store. Baidu says the personal information was only used to enable push functionality and that the privacy agreement in its apps disclosed that use.

MIT researchers have developed a system that could bring deep learning neural networks to new - and much smaller - places, like the tiny computer chips in wearable medical devices, household appliances, and the 250 billion other objects that constitute the IoT. The system, called MCUNet, designs compact neural networks that deliver unprecedented speed and accuracy for deep learning on IoT devices, despite limited memory and processing power. IoT devices often run on microcontrollers - simple computer chips with no operating system, minimal processing power, and less than one thousandth of the memory of a typical smartphone.

Researchers from the Computer Security and Industrial Cryptography group at the KU Leuven university in Belgium have demonstrated that a Tesla Model X can be stolen in minutes by exploiting vulnerabilities in the car's keyless entry system. The attack method identified by the COSIC researchers targets the Tesla Model X key fob, which uses Bluetooth Low Energy to communicate with the vehicle.