Security News

An IT startup has developed a novel blockchain-based approach for secure linking of databases, called ChainifyDB. "Our software resembles keyhole surgery. With a barely noticeable procedure we enhance existing database infrastructures with blockchain-based security features. Our software is seamlessly compatible with the most common database management systems, which drastically reduces the barrier to entry for secure digital transactions," explains Jens Dittrich, Professor of Computer Science at Saarland University at Saarbrücken, Germany. "If a doctor changes something in his table, it affects all other tables in the network. Subsequent changes to older table states are only possible if all doctors in the network agree," explains Jens Dittrich.

Newly introduced legislation seeks to protect journalist who publish classified information, as well as security researchers who discover classified government backdoors. The modification to the Espionage Act of 1917 would better protect journalists that have been increasingly targeted for disclosing government secrets.

Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks. The Collide+Probe attack can also be launched remotely via a web browser without user interaction, which the experts have shown through an attack on ASLR. "We evaluated our new attack techniques in different scenarios. We established a high-speed covert channel and utilized it in a Spectre attack to leak secret data from the kernel," the researchers said.

The CNAME points to a subdomain on a hosting service like Azure, which allows users to create websites using subdomains of. No verification, no alert to Microsoft that one of their old subdomains has been taken over, and no easy way for enterprise security systems to detect that this apparently legit domain is anything but.

There are more than 600 legitimate Microsoft subdomains that can be hijacked and abused for phishing, malware delivery and scams, researchers warned this week. Researchers at Vullnerability, a company that specializes in exploit and vulnerability alerting services, have created an automated system that scanned all the subdomains of some important Microsoft domains.

Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The claims made by the company are based on the evidential connection between tools, tactics, and procedures used by a hacking group, dubbed 'APT-C-39' against Chinese industries, and the 'Vault 7' hacking tools developed by the CIA. As you may remember, the massive collection of Vault 7 hacking tools was leaked to the public in 2017 by the whistleblower website Wikileaks, which it received from Joshua Adam Schulte, a former CIA employee who is currently facing charges for leaking classified information.

Attacks on cell phones aren't new, and researchers have previously shown that ultrasonic waves can be used to deliver a single command through the air. These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and - with the addition of some cheap hardware - the person initiating the attack can also hear the phone's response.

Researchers from Ben-Gurion University of the Negev's Cyber Security Research Center have found that they can trick the autopilot on an autonomous car to erroneously apply its brakes in response to "Phantom" images projected on a road or billboard. In a research paper the researchers demonstrated that autopilots and advanced driving-assistance systems in semi-autonomous or fully autonomous cars register depthless projections of objects as real objects.

These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices. "By weaponizing new attack vectors, leveraging mobile hotspots, and targeting compromised endpoint IoT devices, attackers are increasingly finding ways to infiltrate our internet-connected world. They are getting more sophisticated by using a minuscule portion of the available vulnerable devices to carry out a successful attack. The largest OpenVPN DDoS attack we observed used less than one percent of the available reflectors connected to the internet. Botmasters are waiting in the wings, since the risk will only increase in 2020 when an estimated 20.4 billion more devices are connected to the internet."

For the 2020 Webroot Threat Report, researchers analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records. Surge in malware targeting Windows 7 93.6 percent of malware seen was unique to a single PC - the highest rate ever observed.