News

Hackers May Be Able to Manipulate AI Training Algorithms

Hackers May Be Able to Manipulate AI Training Algorithms

Earlier this week, a paper by researchers from New York University showed that an attacker may be able to manipulate deep learning-based artificial intelligence (AI) algorithms. The researchers said that small equations that can be used as a backdoor can be hidden in deep learning algorithms due to their vast complexity. The backdoor cannot be removed by feeding the AI with more sample data as it will only decrease its accuracy. They add that the attack scenario is very possible, a hacker can simply use social engineering to gain access to the cloud service and then insert the backdoored model […]

Adware Campaign Circulates Fake Messages with Malware on Facebook Messenger

Adware Campaign Circulates Fake Messages with Malware on Facebook Messenger

David Jacoby, a senior security researcher in the global research and analysis team at Kaspersky Lab, has recently uncovered an attack method where users are redirected to fake versions of popular websites for the purpose of spreading adware. He adds that the code is advanced and obfuscated, and uses a sophisticated process involving multi platform malware and adware. The message will have the name of the recipient and the word “video” with a shocked emoji. When the user clicks on the video, he will get redirected to a number of sites that will prompt to install the adware. The accounts […]

FBI Charges Chinese National for Malware Distribution

FBI Charges Chinese National for Malware Distribution

Yu Pingan, a Chinese malware broker, has been charged by the FBI for conspiring with two other hackers who targeted the networks of US companies. Using the alias “GoldSun”, Yu is also said to have distributed the Sakula malware which was used in the breach of the US Office of Personnel Management in 2014 where 22 million records of Americans were affected, and the breach of the health insurance firm Anthem in 2015 that impacted around 78.8 million customers. Source: ZDNet

New Android App Allows Hackers to Build Ransomware Without Code Knowledge

New Android App Allows Hackers to Build Ransomware Without Code Knowledge

Security researchers have recently discovered that a Trojan Development Kit which doesn’t require coding knowledge is being sold in various underground forums and hacking discussion boards. The ransomware kit comes with an easy-to-use interface where the aspiring hacker can simply fill out forms and specify customization options. Once the app is ready, the creator just needs to pay the developer to be able to freely distribute the ransomware and create further variants. Principal threat analysis engineer at Symantec Dinesh Venkatesan says that the app makes the creation of a malware on a smartphone possible without ever needing to write even […]

WikiLeaks Says CIA Spied on FBI & NSA

WikiLeaks Says CIA Spied on FBI & NSA

The latest Wikileaks Vault 7 revealed a project called ExpressLane where the CIA used a trojan to get biometric information from its security service partners. It was said that the CIA installed the trojan on the systems of partners that did not voluntarily give them the biometric data. The trojan would even have a splash screen with a progress bar to look like a legitimate installation so it can be installed in the presence of partner agents. The trojan would then save the data to a hidden partition in a thumb drive that OTS agents would use on ‘maintenance’ visits. […]

Google to Offer Free Wi-Fi in Indonesia

Google to Offer Free Wi-Fi in Indonesia

Last Thursday, Google announced that it will be launching its ‘Google Station’ free Wi-Fi project in Indonesia within the next 12 months. First launched in in India 18 months ago, the project seeks to offer emerging markets decent Internet connectivity to locations such as railway stations and universities with the help of partner ISPs, venue owners, and system integrators. Tech companies have started to focus on Indonesia, which is Southeast Asia’s largest economy. The country of 260 million is expected to contribute as much as half to the region’s rapidly growing internet economy which is projected to grow to around […]

Microsoft to Stop Pushing Updates on German Users

Microsoft to Stop Pushing Updates on German Users

Last Monday, Germany’s Baden-Würtenberg consumer rights center announced that Microsoft has admitted to wrongdoing with regards to pushing large amounts of upgrade data on its users. The 18-month legal battle started when Baden-Würtenberg began investigating the tech giant due to complaints from German users and organizations who said that their storages were unnecessarily being filled with 6GB worth of Windows 10 upgrade. A number of other complaints were filed against Microsoft, including breaking user privacy and not giving users the option to disable the download process. Baden-Würtenberg added that Microsoft purposely dragged out the investigation which could have otherwise been […]

Study Says 90% of Companies are Hit with 3 Year Old Vulnerabilities

Study Says 90% of Companies are Hit with 3 Year Old Vulnerabilities

A study by network security company Fortinet revealed that as many as 90% of companies that they protect get hit with attacks that exploit vulnerabilities that are 3 years and older, and around 60% with exploits 10 years and older. Experts say that most hackers who exploit older vulnerabilities won’t have the same skill level as nation-state hacking units, and will therefore rely on working open-source exploits that eventually get shared on exploit-sharing sites. The study highlights the importance of updating security systems as early as possible, and not leaving it unpatched for years. Source: Bleeping Computer

Zerodium Offers Big Bounty for Popular Messaging Apps Zero Days

Zerodium Offers Big Bounty for Popular Messaging Apps Zero Days

Exploit acquisition platform Zerodium is now offering $500,000 for valid zero day exploits on popular messaging apps that include iMessage, Telegram, WhatsApp, Signal, Facebook, Viber, and WeChat. Zerodium says that they pay the highest rewards on the market for high-risk vulnerabilities with fully functional exploits, unlike other bug bounty programs that accept any kind of flaws and PoCs in exchange for low rewards. The company is also paying $150,000 for exploits that impact baseband frequencies, media files and documents, and as high as $1 million for an iOS jailbreak that requires human interaction. Source: ZDNet

Telstra Launches Cybersecurity Center in Sydney

Telstra Launches Cybersecurity Center in Sydney

Sydney, Australia – Telcoms provider Telstra has launched its latest security operations centre (SOC) in Sydney which opened for customers last Thursday. The Australian telco giant already has sites in Melbourne and Canberra, and is planning to launch more across the globe. The centers are built to Australian Security and Intelligence Organisation (ASIO) T4 standard which employ heightened security protocols. CEO Andy Penn says the SOCs will provide enterprise customers with world-class security teams, and increased visibility and insight for business cyber-risk management. Source: ZDNet