In another instance of a misconfigured data server, the personal details of over 3 million senior citizens have been exposed.
Category: cybercrime/malcode
The covid-19 pandemic has reinforced humanity’s dependence on modern tech, but the same tools that enable remote working are also being used to spread disinformation and perpetuate cybercrime. Ambivalence towards technology is nothing new.
Read more of our coverage of Science & technology: https://econ.st/3CdkVa5
See our Technology Quarterlies: https://econ.st/3jldAN6
Why is pessimism about the impact of technology nothing new? https://econ.st/3Cfme8B
Listen to our weekly podcast on vaccine technology: https://econ.st/3joucn8
Listen to our podcast “Babbage: Early warning” on future of pandemics: https://econ.st/2TSfgoz.
There’s very few opportunities in cybersecurity where you get the benefit of foresight. This could be one.
The goal is to pre-empt the fall of traditional cryptography likely to follow the quantum revolution.
A research team with the Technical University of Munich (TUM) have designed a quantum cryptography chip aimed at the security demands of the quantum computing revolution. The RISC-V chip, which was already sent to manufacturing according to the researchers’ design, aims to be a working proof of concept for protecting systems against quantum computing-based attacks, which are generally considered to be one of the most important security frontiers of the future. Alongside the RISC-V based hardware implementation (which includes ASIC and FPGA structures), the researchers also developed 29 additional instructions for the architecture that enable the required workloads to be correctly processed on-chip.
Traditional cryptography is generally based on both the sender and receiver holding the same “unlock” key for any given encrypted data. These keys (which may include letters, digits, and special characters) have increased in length as time passes, accompanying increases in hardware performance available in the general computing sphere. The idea is to thwart brute-force attacks that would simply try out enough character combinations that would allow them to eventually reach the correct answer that unlocks the encrypted messages’ contents. Given a big enough size of the security key (and also depending on the encryption protocol used), it’s virtually impossible for current hardware — even with the extreme parallelization enabled by the most recent GPUs — to try out enough combinations in a short enough timeframe to make the effort worthwhile.
The deal combines decades of cyber security experience.
Norton and Avast are merging in a big anti-virus deal. The combined companies will focus on consumer offerings for cyber security, just as ransomware is becoming a big issue.
The hackers claim to have confidential documents.
Gigabyte has been the victim of a cyberattack, which was reportedly the work of a ransomware outfit called RansomEXX. According to The Record, the attack didn’t have an impact on any of the company’s production systems, but it did affect some internal servers. Currently, some parts of Gigabyte’s website, including its support section, are down, giving customers issues when trying to access warranty repair information and updates. The hackers who claim to have carried out the attack are reportedly threatening to release data from the company, including confidential documents from Intel, AMD, and American Megatrends.
Gigabyte is mainly known for its PC components such as motherboards and graphics cards, but it also has a line of laptops and peripherals like gaming monitors, which are often branded with the Aorus name.
Natural language processing continues to find its way into unexpected corners. This time, it’s phishing emails. In a small study, researchers found that they could use the deep learning language model GPT-3, along with other AI-as-a-service platforms, to significantly lower the barrier to entry for crafting spearphishing campaigns at a massive scale.
Researchers have long debated whether it would be worth the effort for scammers to train machine learning algorithms that could then generate compelling phishing messages. Mass phishing messages are simple and formulaic, after all, and are already highly effective. Highly targeted and tailored “spearphishing” messages are more labor intensive to compose, though. That’s where NLP may come in surprisingly handy.
At the Black Hat and Defcon security conferences in Las Vegas this week, a team from Singapore’s Government Technology Agency presented a recent experiment in which they sent targeted phishing emails they crafted themselves and others generated by an AI-as-a-service platform to 200 of their colleagues. Both messages contained links that were not actually malicious but simply reported back clickthrough rates to the researchers. They were surprised to find that more people clicked the links in the AI-generated messages than the human-written ones—by a significant margin.
Check Point, an Israeli cybersecurity provider, found that by clicking an e-book infected by malware, users could lose control of both their Kindle tablet and their Amazon accounts.
