Lifeboat Foundation

Has your phone been acting up? Here’s how to check if malware is to blame, and what to do if it is.

In late 1998, when I was just beginning my career in technology, I read in the venerable Phrack magazine how poor input sanitization allowed rain.forest.puppy (the pseudonym used by Jeff Forristal) to pass SQL query strings directly to the back-end database of a Web application.

It’s an unfortunate reality that a quarter of a century later, SQL injection — among the lowest hanging of security fruit — is still included in the Open Worldwide Application Security Project (OWASP) Top 10 list of security vulnerabilities. One of the worst attacks ever occurred back in 2008, when Heartland Payment Systems was breached and more than 130 million credit and debit card numbers were compromised. In 2023, the Cl0p ransomware group exploited previously unknown SQL injection vulnerabilities in MOVEit, Progress Software’s file transfer program, and compromised hundreds of victims as part of a supply chain attack.

We do not have insight into Progress Software’s software development life cycle or security practices to ascertain what happened. While a vulnerability assessment system or even a bug hunting program could have potentially identified SQL injection flaws in the code before it was exploited, focusing on producing code that is secure by construction is an even better way to address this class of vulnerability.

Meta is collecting personal data to train AI.

This post is also available in: עברית (Hebrew)

A recent Chinese hack of senior officials at the U.S. State and Commerce departments was apparently a result of the compromise of a Microsoft engineer’s corporate account, and stealing a valuable key, as reported by Microsoft Corp (MSFT.O).

According to Reuters, Microsoft has stated that the engineer’s account had been compromised by the “Storm-0558” hacking group, which allegedly used the key to forge authentication tokens to access email accounts on Microsoft’s cloud servers including top American officials such as Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.

China-backed hackers stole a digital skeleton key allowing access to US government emails.

To recap, Microsoft disclosed in July that hackers it calls Storm-0558, which it believes are backed by China, “acquired” an email signing key that Microsoft uses to secure consumer email accounts like Outlook.com. The hackers used that digital skeleton key to break into both the personal and enterprise email accounts of government officials hosted by Microsoft. The hack is seen as a targeted espionage campaign aimed at snooping on the unclassified emails of U.S. government officials and diplomats, reportedly including U.S. Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns.

How the hackers obtained that consumer email signing key was a mystery — even to Microsoft — until this week when the technology giant belatedly laid out the five separate issues that led to the eventual leak of the key.

It’s easy to trick the large language models powering chatbots like OpenAI’s ChatGPT and Google’s Bard. In one experiment in February, security researchers forced Microsoft’s Bing chatbot to behave like a scammer. Hidden instructions on a web page the researchers created told the chatbot to ask the person using it to hand over their bank account details. This kind of attack, where concealed information can make the AI system behave in unintended ways, is just the beginning.

Hundreds of examples of “indirect prompt injection” attacks have been created since then. This type of attack is now considered one of the most concerning ways that language models could be abused by hackers. As generative AI systems are put to work by big corporations and smaller startups, the cybersecurity industry is scrambling to raise awareness of the potential dangers. In doing so, they hope to keep data—both personal and corporate—safe from attack. Right now there isn’t one magic fix, but common security practices can reduce the risks.

“Indirect prompt injection is definitely a concern for us,” says Vijay Bolina, the chief information security officer at Google’s DeepMind artificial intelligence unit, who says Google has multiple projects ongoing to understand how AI can be attacked. In the past, Bolina says, prompt injection was considered “problematic,” but things have accelerated since people started connecting large language models (LLMs) to the internet and plug-ins, which can add new data to the systems. As more companies use LLMs, potentially feeding them more personal and corporate data, things are going to get messy. “We definitely think this is a risk, and it actually limits the potential uses of LLMs for us as an industry,” Bolina says.

Operating from Noida’s Sector 6, a cyber fraud ring exploited leaked American social security numbers from the dark web. The group, adept at mimicking American accents, targeted lakhs of US citizens with calls mimicking US Social Security Administration personnel. While many resisted, a significant number fell victim. Following a tip-off, police raided the premises, arresting 84 and revealing a vast cyber con operation. Masterminds Harshit Kumar and Yogesh Pandit remained at large, having duped over 600 people out of 4 lakh contacted. The call center employees, aware of the fraud, were enticed by high incentives, amassing daily revenues of Rs 40 lakh.

#noida #callcentre #scam #callerscam #scammer #callcenter #callcentertraining #noidakhabar #news #englishnews #delhi #delhi.

Continue reading “BEWARE! How Noida Call Centre Scammers Exploited Dark Web Data” »

Several telescopes are still down weeks after a cybersecurity attack was discovered by US National Science Foundation (NSF) researchers. There is presently no information available on when the Gemini North telescope in Hawaii and the Gemini South telescope in Chile will resume operations. A number of smaller telescopes on the slopes of Cerro Tololo in Chile were also shut down “out of an abundance of caution”.

The IT team at the National Science Foundation’s NOIRLab discovered suspicious behavior in the laboratory’s computer systems early on the morning of August 1. This led to the decision to temporarily halt activities at the huge optical infrared telescopes located on Hawaii’s Maunakea for the sake of safety.

The ‘double’ telescope located in the southern Andes of Chile was already in the process of being prepped for maintenance and required very little more work.

The United States government said today that a multinational law enforcement operation has destroyed Qakbot, also known as QBot, an infamous botnet and malware loader that was responsible for losses that amounted to hundreds of millions of dollars all over the globe, and that they have confiscated more than $8.6 million in illegal cryptocurrencies.

During a news conference held on Tuesday to announce the takedown of the botnet, United States Attorney Martin Estrada referred to the investigation as “the most significant technological and financial operation ever led by the Department of Justice against a botnet.” Duck Hunt was headed by the FBI. For one thing, the federal government developed some software that, when installed on computers that were infected with Qbot, would make the virus useless.

Continue reading “How FBI remotely deleted QBot malware from 700K computers worldwide” »