Security News

Researchers develop new optical stealth encryption technology
2020-01-31 05:00

The first all optical stealth encryption technology that will be significantly more secure and private for highly sensitive cloud-computing and data center network transmission, has been introduced by BGN Technologies. "Today, information is still encrypted using digital techniques, although most data is transmitted over distance using light spectrum on fiber optic networks," says Prof. Dan Sadot, Director of the Optical Communications Research Laboratory, who heads the team that developed the technology.

Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats
2020-01-29 15:15

"The main takeaway for online conference platforms is that these companies are in charge of the security of their users and they need to work to secure these environments. Zoom added a password but other actions can be taken as well so that people can't really abuse these platforms," she said. Beyond Zoom's recent flaw, Horowitz also talked to Threatpost about the challenges of hunting down cybercriminals and making attribution, and the top threats she's anticipating in 2020 - from ransomware to cloud-infrastructure attacks.

Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws
2020-01-29 15:11

Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that's tying down Intel's patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. These relate to a data leakage problem called Microarchitectural Data Sampling affecting Intel's speculative execution technology introduced in the late 1990s to improve chip performance. ZombieLoad was originally made public by researchers last May as part of a triplet of hypothetical issues which included two others, Fallout and Rogue In-Flight Data Load, affecting post-2011 Intel processors.

Maryland: Make malware possession a crime! Yes, yes, researchers get a free pass
2020-01-27 18:15

A US state that was struck by a ransomware attack last year is now proposing a local law that would ban possession of malicious software. Local news website the Baltimore Fishbowl reported that Maryland's Senate heard arguments on Senate Bill SB0030, a proposition that would "Label the possession and intent to use ransomware in a malicious manner as a misdemeanor" punishable with up to 10 years in prison and/or a $10,000 fine.

Hackers Target European Energy Firm: Researchers
2020-01-24 16:03

Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future. The precise goal of the campaign that the Recorded Future analysts describe in a report released Thursday is not clear, although other studies have found that several Iranian-backed advanced persistent threat groups have targeted U.S. and European businesses connected to the energy sector over the last several years - before the tensions between the U.S. and Iran recently heated up.

Researchers Earn $280,000 for Hacking Industrial Systems at Pwn2Own Miami
2020-01-24 13:03

Researchers who took part this week in the Zero Day Initiative's Pwn2Own Miami hacking competition have earned a total of $280,000 for exploits targeting industrial control systems and associated protocols. The teams and individuals who signed up for the hacking contest were Incite Team, Flashback Team, Claroty Research, Ben McBride, Fabius Artrel, Michael Stepankin, Lucas Georges, and a nameless team comprising Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi from the Horst Goertz Institute for IT-Security in Germany.

Some Hackers Take the Ransom and Run: Researchers
2020-01-24 05:24

Paying off hackers after a ransomware infection could end up being a total loss, according to a study released Thursday which finds some attackers just take the money and run. A survey by researchers at the security firm Proofpoint found that 33 percent of organizations infected with ransomware opted to pay the ransom.

Researchers create OT honeypot, attract exploits and fraud
2020-01-21 13:40

Trend Micro announced the results of research featuring a honeypot imitating an industrial factory. The highly sophisticated Operational Technology honeypot attracted fraud and financially motivated exploits.

Windows Vulnerability: Researchers Demonstrate Exploits
2020-01-16 20:03

A day after the U.S. National Security Agency disclosed a vulnerability that could affect the cryptographic operations in some versions of Microsoft Windows, security researchers started releasing "Proof of concept" code to show how attackers potentially could exploit the flaw. The vulnerability affects versions of Windows 10 as well as Windows Server 2016 and 2019.

How a researcher exploited the Windows 10 bug patched by Microsoft
2020-01-16 19:23

Saleem Rashid shows that a patch for a security bug in Windows 10 and Windows Server 2016/2019 could be exploited in the real world to spoof security certificates on machines without the patch. This week Microsoft was forced to quickly patch a security bug in Windows 10 and Windows Server 2016/2019 that could have allowed attackers to spoof legitimate security certificates as a way of gaining control of an infected PC. Microsoft was prompted to act after the NSA discovered and privately reported the bug, which was evidence of a serious flaw in the way the latest versions of Windows and Windows Server check the validity of certain security certificates.