close
  • chevron_right

    New ultra-stealthy Linux backdoor isn’t your everyday malware discovery

    news.movim.eu / ArsTechnica · Thursday, 9 June - 22:36

Stylized illustration of binary code.

Enlarge (credit: Getty Images / iStock )

Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

On Thursday, researchers from Intezer and The BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November.

Researchers for Intezer and BlackBerry wrote:

Read 6 remaining paragraphs | Comments

  • chevron_right

    Information security gets personal: How to protect yourself and your stuff

    news.movim.eu / ArsTechnica · Friday, 27 May - 17:23

Redefining privacy at Ars Frontiers. Click here for transcript . (video link)

At the Ars Frontiers event in Washington, DC, I had the privilege of moderating two panels on two closely linked topics: digital privacy and information security. Despite significant attempts to improve things, conflicting priorities and inadequate policy have weakened both privacy and security. Some of the same fundamental issues underly the weaknesses in both: Digital privacy and information security are still too demanding for average people to manage, let alone master.

Our privacy panel consisted of Electronic Frontier Foundation deputy executive Kurt Opsahl, security researcher Runa Sandvik, and ACLU Senior Policy Analyst Jay Stanley. Individuals trying to protect their digital privacy face "a constant arms race between what the companies are trying to do, or doing because they can, versus then what people are saying that they either like or don't like," Sandvik explained.

Read 7 remaining paragraphs | Comments

  • Ga chevron_right

    Deepfake attacks can easily trick 9 out of 10 live facial recognition systems online, fooling even 'liveness tests'

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Sunday, 22 May - 12:01

https://upload.movim.eu/files/62f168f3fbecac605d21a105beda461820293db1/8FgEYASNTFu6/facialrecognition.jpg

Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

Sensity mentioned needing a specialised phone to hijack mobile cameras and injecting pre-made deepfake models in its report.

Security is always a moving target...

See https://www.theregister.com/2022/05/22/ai_in_brief/

#technology #security #deepfakes #facialrecognition

  • chevron_right

    Researchers devise iPhone malware that runs even when device is turned off

    news.movim.eu / ArsTechnica · Monday, 16 May - 20:20

Researchers devise iPhone malware that runs even when device is turned off

Enlarge (credit: Classen et al.)

When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down.

It turns out that the iPhone’s Bluetooth chip—which is key to making features like Find My work—has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.

This video provides a high overview of some of the ways an attack can work.

Read 9 remaining paragraphs | Comments

  • Ga chevron_right

    Microsoft, Apple, Google, and hundreds of tech companies accelerate push to eliminate passwords, supporting standards developed by the FIDO Alliance and the W3C

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Thursday, 5 May - 20:14 · 1 minute

Google, Microsoft, and Apple are important in this regard because they represent the greatest volume of single-sign capabilities for sites other than their own. So if you want a change away from passwords, without their support, it drags out for years, never reaching any tipping point to be effective. Note though that what is being adopted are open alliance standards, and not proprietary to Google, Apple, or Microsoft.

We do have 2FA (2-Factor Authentication) already, but it often falls back onto insecure e-mail or text messages. We're going to also have to finalise, or have options between biometrics vs device specific. Many don't want biometrics (or their hash) saved, not because it's invasive (it does not store your actual fingerprint), but because it cannot be changed (or does using a different finger count, although most of us still have a limit of 10?). Biometrics are the most convenient and usually not lost, but that also counts against them for the same reason. A device such as YubiKey, fob, phone, etc can easily be lost or left at home, and you lose access.

But yes, passwords do need to go, along with that useless advice of updating a password every 30 days.

See https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/

#technology #security #passwords #authentication

  • Ga chevron_right

    High‑impact UEFI vulnerabilities discovered (again) in over a hundred of models of Lenovo consumer laptops

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Wednesday, 4 May - 15:21

Yes, two of the drivers immediately caught attention by their very unfortunate (but surprisingly honest) names: SecureBackDoor and SecureBackDoorPeim. I also seem to recall Lenovo had a similar issue about 5 or 6 years ago, so not a first time.

Altogether, the list of affected devices contains more than one hundred different consumer laptop models with millions of users worldwide, from affordable models like Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05. The full list of affected models with active development support is published in the Lenovo Advisory.

Bottom line though is, if you have a consumer Lenovo device, you really want to check if there is a firmware update.

See https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

#technology #security #vulnerability #lenovo #backdoor

  • Ga chevron_right

    Open source ZeroTier is an encrypted virtual network backbone, allowing multiple machines to communicate as if they were on a single network

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Wednesday, 4 May - 13:02

The code is all open source, and you can self-host the controller or use the ZeroTierOne service with either free or paid plans. Their free plan (cloud based) is robust, solid, and very consistent.

After you have two nodes connected, connecting to each other — no matter where you are or what side of any firewalls you may be on — is exactly what you would expect if you were in the same building on the same network. A primary use case is for remote access to a Home Assistant setup without needing to open up firewall ports or expose it to the internet.

The linked article explains how to get going with it.

See https://opensource.com/article/22/5/zerotier-network

#technology #security #VPN #ZeroTier #networks

  • In chevron_right

    The new Elastic CEO puts cloud front and center

    pubsub.slavino.sk / infoworldcom · Friday, 22 April - 10:00 edit

The new CEO of the enterprise search software company Elastic has one priority: cloud.

“Cloud is front and center,” he told InfoWorld during a recent interview. “That is really where you should continue to see me double down.”

ashutosh kulkarni Elastic

Elastic CEO Ashutosh Kulkarni

To read this article in full, please click here


Značky: #Security, #Rozne, #Devops