Security News
Researchers at the University of Notre Dame are using artificial intelligence to develop an early warning system that will identify manipulated images, deepfake videos and disinformation online. The scalable, automated system uses content-based image retrieval and applies computer vision-based techniques to root out political memes from multiple social networks.
On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop and macOS. Pwn2Own typically takes place at the CanSecWest cybersecurity conference in Vancouver, Canada, and participants have to attend in person. On the first day of Pwn2Own 2020, a team from the Georgia Tech Systems Software & Security Lab successfully executed code on macOS through Safari.
Researchers from Cybereason Nocturnus have been tracking the rise and variety of such attacks, which now include phishing, fake apps and ransomware. Beyond phishing, criminals have targeted home workers with fake apps offering coronavirus information, and false VPNs taking advantage of corporate advice to stay home and use VPNs. Reason Labs' Shai Alfasi found a fake 'coronavirus map' offering information on the spread of the pandemic, but hiding an AZORult-related infostealer.
Cybersecurity firm Check Point Research, in a report shared with The Hacker news, uncovered the digital trail of a Nigerian cybercriminal, who went by the name of "Dton" and targeted hundreds of thousands of people under the moniker of "Bill Henry" by sending them malicious emails with custom-built malware. A multi-stage criminal scheme The operation began with Dton buying stolen credit card details from Ferrum Shop, an online marketplace that sells over 2.5 million stolen credit card credentials, and then charging them each $550 each to fraudulently net more than $100,000 in illicit transactions.
Cybersecurity firm Check Point Research, in a report shared with The Hacker news, uncovered the digital trail of a Nigerian cybercriminal, who went by the name of "Dton" and targeted hundreds of thousands of people under the moniker of "Bill Henry" by sending them malicious emails with custom-built malware. A multi-stage criminal scheme The operation began with Dton buying stolen credit card details from Ferrum Shop, an online marketplace that sells over 2.5 million stolen credit card credentials, and then charging them each $550 each to fraudulently net more than $100,000 in illicit transactions.
Researchers have discovered a new strain of ransomware, dubbed "PXJ," which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said.
An IT startup has developed a novel blockchain-based approach for secure linking of databases, called ChainifyDB. "Our software resembles keyhole surgery. With a barely noticeable procedure we enhance existing database infrastructures with blockchain-based security features. Our software is seamlessly compatible with the most common database management systems, which drastically reduces the barrier to entry for secure digital transactions," explains Jens Dittrich, Professor of Computer Science at Saarland University at Saarbrücken, Germany. "If a doctor changes something in his table, it affects all other tables in the network. Subsequent changes to older table states are only possible if all doctors in the network agree," explains Jens Dittrich.
Newly introduced legislation seeks to protect journalist who publish classified information, as well as security researchers who discover classified government backdoors. The modification to the Espionage Act of 1917 would better protect journalists that have been increasingly targeted for disclosing government secrets.
Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks. The Collide+Probe attack can also be launched remotely via a web browser without user interaction, which the experts have shown through an attack on ASLR. "We evaluated our new attack techniques in different scenarios. We established a high-speed covert channel and utilized it in a Spectre attack to leak secret data from the kernel," the researchers said.
The CNAME points to a subdomain on a hosting service like Azure, which allows users to create websites using subdomains of. No verification, no alert to Microsoft that one of their old subdomains has been taken over, and no easy way for enterprise security systems to detect that this apparently legit domain is anything but.