Author: Disini & Disini Law Office

DARPA Project Seeks to Create “Mix-n-Match” Modular Computing Framework

DARPA Project Seeks to Create “Mix-n-Match” Modular Computing Framework

US’ Defense Advanced Research Projects Agency has recently kicked off its CHIPS project, which was first announced last year. An abbreviation of Common Heterogeneous Integration and Intellectual Property Reuse Strategies, the project has reached out to various universities, military-industrial contractors, chip makers and other related tech organizations to create a standard chiplet size and form factor that can easily be reconfigured depending on what it will be used for. DARPA expressed that they would prefer to retool existing hardware rather than make a brand new one from scratch. In a post, the agency also said that they would be using […]

Trump Reaches Out to Moscow, Russian Hackers Not Spared

Trump Reaches Out to Moscow, Russian Hackers Not Spared

US Justice Department filings have revealed that seven Russian hackers have already been charged for US cyber crimes this year, from just an average of 2 from 2010. This shows that although President Trump is looking to improve ties with Moscow, the US is not relenting in going after Russian cybercriminals. However, opposition lawmakers are still questioning if the the President has any plans of sending a strong response to Moscow over its cyber activity. Some US federal law officials, who wish to remain anonymous, have also confirmed that the administration is not making any centralized effort to go against […]

Zimperium Researcher Releases iOS Kernel Exploit

Zimperium Researcher Releases iOS Kernel Exploit

Last Saturday, security researcher Adam Donenfeld of Zimperium has published an exploit code for vulnerabilities found in iOS 10.3.1 and prior versions. Dubbed “zIVA”, the exploit code can give the attacker RW (read-write) and root access. Even though Apple had already patched the vulnerabilities last May, the phone maker asked Donenfeld to delay publishing his findings to allow users more time to update their devices. Seven of the vulnerabilities affect the AppleAVE Driver kernel extension, which Donenfeld says was written without heeding basic security fundamentals.         Source: Bleeping Computer

New Photo-Sharing Social Network Uses Emotion Detection

New Photo-Sharing Social Network Uses Emotion Detection

Last Friday, photo-sharing Social Network Polygram launched its iOS app which is expected to be compete directly with Instagram and Snapchat. The app includes features such as beautification using augmented reality, emotion recognition, and smart screenshot prevention, as well as giving the user analytics on their posts. Even after raising $2.1 million in seed funding, Polygram will be facing an uphill climb, since there is a chance that its bigger competitors will copy the features they offer. However, co-founder Faryar Ghazanfari says that they offer ‘white glove’ service and custom features to influencers who can attract people to use and […]

Defray Ransomware Uses Highly Customized Phishing Emails

Defray Ransomware Uses Highly Customized Phishing Emails

Researchers from cybersecurity company Proofpoint have uncovered a malware that uses highly tailored emails to target healthcare and education organizations, as well as manufacturing and tech companies. Dubbed as “Defray”, the ransomware also demands a significantly bigger ransom amount to be paid, in one case as much as $5000 in Bitcoin. The ransomware is delivered in an email with a Word Doc attachment which contains an executable file. Experts believe that the amount of effort that that went into the campaign suggest that a highly-organized cybercriminal group is behind Defray.    Source: ZDNet

Users May Soon be Able to Permanently Mute Audio on Annoying Websites on Chrome

Users May Soon be Able to Permanently Mute Audio on Annoying Websites on Chrome

Reports say that the Google Chrome team is currently testing a feature that will allow users to mute audio permanently on websites of their choosing. The feature is currently only available in Chrome Canary, and it is uncertain if and when it will be included in stable builds. It is also not available by default. To enable it, open the properties of Google Canary and in the Target Field, add “–enable-features=SoundContentSetting” then save the changes. After these steps, the option to mute website audio should be available by clicking on the exclamation button to the left of the URL. Source: […]

Hackers May Be Able to Manipulate AI Training Algorithms

Hackers May Be Able to Manipulate AI Training Algorithms

Earlier this week, a paper by researchers from New York University showed that an attacker may be able to manipulate deep learning-based artificial intelligence (AI) algorithms. The researchers said that small equations that can be used as a backdoor can be hidden in deep learning algorithms due to their vast complexity. The backdoor cannot be removed by feeding the AI with more sample data as it will only decrease its accuracy. They add that the attack scenario is very possible, a hacker can simply use social engineering to gain access to the cloud service and then insert the backdoored model […]

Adware Campaign Circulates Fake Messages with Malware on Facebook Messenger

Adware Campaign Circulates Fake Messages with Malware on Facebook Messenger

David Jacoby, a senior security researcher in the global research and analysis team at Kaspersky Lab, has recently uncovered an attack method where users are redirected to fake versions of popular websites for the purpose of spreading adware. He adds that the code is advanced and obfuscated, and uses a sophisticated process involving multi platform malware and adware. The message will have the name of the recipient and the word “video” with a shocked emoji. When the user clicks on the video, he will get redirected to a number of sites that will prompt to install the adware. The accounts […]

FBI Charges Chinese National for Malware Distribution

FBI Charges Chinese National for Malware Distribution

Yu Pingan, a Chinese malware broker, has been charged by the FBI for conspiring with two other hackers who targeted the networks of US companies. Using the alias “GoldSun”, Yu is also said to have distributed the Sakula malware which was used in the breach of the US Office of Personnel Management in 2014 where 22 million records of Americans were affected, and the breach of the health insurance firm Anthem in 2015 that impacted around 78.8 million customers. Source: ZDNet

New Android App Allows Hackers to Build Ransomware Without Code Knowledge

New Android App Allows Hackers to Build Ransomware Without Code Knowledge

Security researchers have recently discovered that a Trojan Development Kit which doesn’t require coding knowledge is being sold in various underground forums and hacking discussion boards. The ransomware kit comes with an easy-to-use interface where the aspiring hacker can simply fill out forms and specify customization options. Once the app is ready, the creator just needs to pay the developer to be able to freely distribute the ransomware and create further variants. Principal threat analysis engineer at Symantec Dinesh Venkatesan says that the app makes the creation of a malware on a smartphone possible without ever needing to write even […]