Security - Posted On:2024-04-24 11:00:00 Source: arstechnica

Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and South America before targeting richer countries that have more sophisticated security methods.

Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.

“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.

Read More

Security - Posted On:2024-04-24 10:15:00 Source: arstechnica

Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia and South America before targeting richer countries that have more sophisticated security methods.

Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.

“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.

Read More

Security - Posted On:2024-04-19 14:00:00 Source: arstechnica

Everyone with a Roku TV or streaming device will eventually be forced to enable two-factor authentication after the company disclosed two separate incidents in which roughly 600,000 customers had their accounts accessed through credential stuffing.

Credential stuffing is an attack in which usernames and passwords exposed in one leak are tried out against other accounts, typically using automated scripts. When people reuse usernames and passwords across services or make small, easily intuited changes between them, actors can gain access to accounts with even more identifying information and access.

In the case of the Roku attacks, that meant access to stored payment methods, which could then be used to buy streaming subscriptions and Roku hardware. Roku wrote on its blog, and in a mandated data breach report, that purchases occurred in "less than 400 cases" and that full credit card numbers and other "sensitive information" was not revealed.

Read More

Security - Posted On:2024-04-18 08:45:00 Source: arstechnica

Ground teams on Florida's Space Coast hoisted Boeing's Starliner spacecraft atop its United Launch Alliance Atlas V rocket this week, putting all the pieces in place for liftoff next month with two veteran NASA astronauts on a test flight to the International Space Station.

This will be the first time astronauts fly on Boeing's Starliner crew capsule, following two test flights without crew members in 2019 and 2022. The Starliner Crew Flight Test (CFT) next month will wrap up a decade and a half of development and, if all goes well, will pave the way for operational Starliner missions to ferry crews to and from the space station.

Starliner is running years behind schedule and over budget. SpaceX's Crew Dragon spacecraft has flown all of NASA's crew rotation missions to the station since its first astronaut flight in 2020. But NASA wants to get Boeing's spacecraft up and running to have a backup to SpaceX. It would then alternate between Starliner and Crew Dragon for six-month expeditions to the station beginning next year.

Read More

Security - Posted On:2024-04-04 10:45:00 Source: arstechnica

NASA has made another bold bet on the nation's commercial space industry, this time asking private companies to provide a lunar rover that can survive for up to a decade near the South Pole of the Moon.

The space agency on Wednesday announced the selection of three teams, led by Intuitive Machines, Lunar Outpost, and Venturi Astrolab, to work on designs for a rover that can be used by astronauts and function autonomously when no crew is around.

Each company will work with the space agency for the next year or so to reach what is known as a "preliminary design review" for their vehicle. The initial awards are not huge; each is a few tens of millions of dollars. But this work will set the stage for a demonstration phase, which will be worth significantly more.

Read More

Security - Posted On:2024-04-03 17:15:00 Source: arstechnica

Was someone messing with the Jacksonville Jaguars' giant jumbotron?

On September 16, 2018, the Jaguars were playing the New England Patriots when the in-stadium screen experienced, in the US government's words, "a loss in reference sync which manifested as a large horizontal green lines [sic] appearing across one whole video board."

On November 18, during a game against the Pittsburgh Steelers, it happened again—but this time, entire video sub-boards filled with green.

Read More

Security - Posted On:2024-03-22 10:15:00 Source: arstechnica

When thousands of security researchers descend on Las Vegas every August for what's come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it's a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city's elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room's gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room's door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they're finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

Read More

Security - Posted On:2024-02-29 12:15:01 Source: arstechnica

Video doorbell cameras have been commoditized to the point where they're available for $30–$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however.

Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities."

Read More

Security - Posted On:2024-02-29 06:45:01 Source: arstechnica

Video doorbell cameras have been commoditized to the point where they're available for $30–$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however.

Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities."

Read More

Security - Posted On:2024-01-29 17:30:00 Source: arstechnica

Scammers are stepping up their game by sending couriers to the homes of elderly people and others as part of a ruse intended to rob them of their life savings, the FBI said in an advisory Monday.

“The FBI is warning the public about scammers instructing victims, many of whom are senior citizens, to liquidate their assets into cash and/or buy gold, silver, or other precious metals to protect their funds,” FBI officials with the agency’s Internet Crime Complaint Center said. “Criminals then arrange for couriers to meet the victims in person to pick up the cash or precious metals.”

The scammers pose as tech or customer support agents or government officials and sometimes use a multi-layered approach as they falsely claim they work on behalf of technology companies, financial institutions, or the US government. The scammers tell the targets they have been hacked or are at risk of being hacked and that their assets should be protected. The scammers then instruct the targets to liquidate assets into cash. In some cases, the scammers instruct targets to wire funds to a fake metal dealer who will ship purchased merchandise to the victims’ homes.

Read More

Security - Posted On:2024-01-17 14:15:00 Source: arstechnica

As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips for the computing power they need to run large language models (LLMs) and to crunch data quickly at massive scale. Between video game processing and AI, demand for GPUs has never been higher, and chipmakers are rushing to bolster supply. In new findings released today, though, researchers are highlighting a vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could allow an attacker to steal large quantities of data from a GPU’s memory.

The silicon industry has spent years refining the security of central processing units, or CPUs, so they don’t leak data in memory even when they are built to optimize for speed. However, since GPUs were designed for raw graphics processing power, they haven’t been architected to the same degree with data privacy as a priority. As generative AI and other machine learning applications expand the uses of these chips, though, researchers from New York-based security firm Trail of Bits say that vulnerabilities in GPUs are an increasingly urgent concern.

Read More

Security - Posted On:2024-01-17 13:30:00 Source: arstechnica

As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips for the computing power they need to run large language models (LLMs) and to crunch data quickly at massive scale. Between video game processing and AI, demand for GPUs has never been higher, and chipmakers are rushing to bolster supply. In new findings released today, though, researchers are highlighting a vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could allow an attacker to steal large quantities of data from a GPU’s memory.

The silicon industry has spent years refining the security of central processing units, or CPUs, so they don’t leak data in memory even when they are built to optimize for speed. However, since GPUs were designed for raw graphics processing power, they haven’t been architected to the same degree with data privacy as a priority. As generative AI and other machine learning applications expand the uses of these chips, though, researchers from New York-based security firm Trail of Bits say that vulnerabilities in GPUs are an increasingly urgent concern.

Read More

Security - Posted On:2023-12-01 09:45:00 Source: arstechnica

Researchers in Google's Threat Analysis Group have been as busy as ever with discoveries that have led to the disclosure of three high-severity zero-day vulnerabilities under active exploitation in Apple OSes and the Chrome browser in the span of 48 hours.

Apple on Thursday said it was releasing security updates fixing two vulnerabilities present in iOS, macOS, and iPadOS. Both of them reside in WebKit, the engine that drives Safari and a wide range of other apps, including Apple Mail, the App Store, and all browsers running on iPhones and iPads. While the update applies to all supported versions of Apple OSes, Thursday’s disclosure suggested that the in-the-wild attacks that are exploiting the vulnerabilities targeted earlier versions of iOS.

“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” Apple officials wrote of both vulnerabilities, which are tracked as CVE-2023-42916 and CVE-2023-42917.

Read More

Security - Posted On:2023-11-30 20:15:00 Source: arstechnica

Researchers in Google's Threat Analysis Group have been as busy as ever, with discoveries that have led to the disclosure of three high-severity zero-day vulnerabilities under active exploitation in Apple OSes and the Chrome browser in the span of 48 hours.

Apple on Thursday said it was releasing security updates fixing two vulnerabilities present in iOS, macOS, and iPadOS. Both of them reside in WebKit, the engine that drives Safari and a wide range of other apps, including Apple Mail, the App Store, and all browsers running on iPhones and iPads. While the update applies to all supported versions of Apple OSes, Thursday’s disclosure suggested in-the-wild attacks exploiting the vulnerabilities targeted earlier versions of iOS.

“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” Apple officials wrote of both vulnerabilities, which are tracked as CVE-2023-42916 and CVE-2023-42917.

Read More

Security - Posted On:2023-11-23 08:00:01 Source: arstechnica

Welcome to Edition 6.20 of the Rocket Report! We apologize for missing last week, but both Stephen and I were in transit to South Texas for the Starship launch. To make up for it this week's report is extra long, and a day early due to the Thanksgiving holiday in the United States. But that doesn't mean the spaceflight action stops, with an eagerly awaited hot fire test of the Ariane 6 rocket expected Thursday. See below for details on how to watch live.

As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

North Korea launches spy satellite. North Korea's launch of a small, solid-fueled Chŏllima-1 rocket, which has a capacity of about 300 kg to low-Earth orbit, appears to have been successful, Reuters reports. Jonathan McDowell, an astronomer and astrophysicist at the Harvard–Smithsonian Center for Astrophysics, said the US Space Force data had cataloged two new objects in an orbital plane consistent with the launch from North Korea at the time stated by Pyongyang.

Read More

Security - Posted On:2023-10-07 07:15:00 Source: arstechnica

When you buy a TV streaming box, there are certain things you wouldn’t expect it to do. It shouldn’t secretly be laced with malware or start communicating with servers in China when it’s powered up. It definitely should not be acting as a node in an organized crime scheme making millions of dollars through fraud. However, that’s been the reality for thousands of unknowing people who own cheap Android TV devices.

In January, security researcher Daniel Milisic discovered that a cheap Android TV streaming box called the T95 was infected with malware right out of the box, with multiple other researchers confirming the findings. But it was just the tip of the iceberg. This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

Read More

Security - Posted On:2023-09-05 19:15:00 Source: arstechnica

Airspace and maritime navigation warnings released to pilots and mariners suggest the US military might launch a hypersonic missile this week on a test flight from Cape Canaveral, Florida.

This test could be one of the final milestones before the US Army fields the nation's first ground-based hypersonic weapon, which is more maneuverable and more difficult for an enemy to track and destroy than a conventional ballistic missile. Russia has used hypersonic in combat against Ukraine, and US defense officials have labeled China as the world's leader in emerging hypersonic missile technology.

That has left the US military playing catch-up, and the Army is on the cusp of having its first ground-based hypersonic missiles ready for active duty. If informed speculation is correct, the test launch from Cape Canaveral Space Force Station this week—performed in partnership between the Army and the Navy—could be a full-scale test of the new solid-fueled hypersonic missile to propel a hypersonic glide vehicle to high speeds over the Atlantic Ocean.

Read More

Security - Posted On:2023-08-25 21:00:00 Source: arstechnica

For three days, system administrators have been troubleshooting errors that have prevented Windows users from running applications such as QuickBooks and Avatax. We now know the cause: an unannounced move or glitch by Microsoft that removed a once-widely used digital certificate in Windows.

The removed credential is known as a root certificate, meaning it anchors the trust of hundreds or thousands of intermediate and individual certificates downstream. The root certificate—with the serial number 18dad19e267de8bb4a2158cdcc6b3b4a and the SHA1 fingerprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5—was no longer trusted in Windows. Because that root was tied to certificates that certify their authenticity and trust, people trying to use or install the app received the error.

Just minutes before this post was scheduled to go live, researchers learned that the certificate had been restored in Windows. It’s unclear how or why that occurred. The certificate immediately below this paragraph shows the certificate's status on Thursday. The one below that shows the status as of Friday.

Read More

Security - Posted On:2023-07-13 16:45:01 Source: arstechnica

For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.

Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.

Those targets encompass US government agencies including the State Department, according to CNN, though US officials are still working to determine the full scope and fallout of the breaches. An advisory from the US Cybersecurity and Infrastructure Security Agency says the breach, which was detected in mid-June by a US government agency, stole unclassified email data “from a small number of accounts.”

Read More

Security - Posted On:2021-03-08 16:30:00 Source: bleepingcomputer

Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [...]

Read More