Lifeboat Foundation

Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.

Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. Previously discovered bootkits such as CosmicStrand, MosaicRegressor, and MoonBounce work by targeting the UEFI firmware stored in the flash storage chip. Others, including BlackLotus, target the software stored in the EFI system partition.

Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to launch malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.

Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER can leak data from air-gapped computers to a nearby smartphone at a rate of 20bits/sec.

The CASPER attack leverages the internal speakers inside the target computer as the data transmission channel to transmit high-frequency audio that the human ear cannot hear and convey binary or Morse code to a microphone up to 1.5m away.

The receiving microphone can be in a smartphone recording sound inside the attacker’s pocket or a laptop in the same room.

It looks like AT&T experienced a data breach, leaving roughly 9 million customers data exposed. The data breach didn’t come directly from the wireless carrier, but occurred with one of its vendors.

The news originates from the AT&T forums, where customers were curious about an email that has apparently been going out to affected customers since last week. The email discusses the breach the wireless carrier experienced, sharing that it occurred with one of its vendor’s systems, which gave access to the wireless carrier’s “Customer Proprietary Network Information” (CPNI) system.

The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework.

The particular malware was previously seen in espionage campaigns targeting critical Southeast Asian organizations, attributed to various Chinese APTs.

Check Point identified a new campaign using the malware that started in late 2022 and continues through 2023, employing spear-phishing attacks for initial compromise.

As the use of machine learning (ML) algorithms continues to grow, computer scientists worldwide are constantly trying to identify and address ways in which these algorithms could be used maliciously or inappropriately. Due to their advanced data analysis capabilities, in fact, ML approaches have the potential to enable third parties to access private data or carry out cyberattacks quickly and effectively.

Morteza Varasteh, a researcher at the University of Essex in the U.K., has recently identified new type of inference attack that could potentially compromise confidential user data and share it with other parties. This attack, which is detailed in a paper pre-published on arXiv, exploits vertical federated learning (VFL), a distributed ML scenario in which two different parties possess different information about the same individuals (clients).

“This work is based on my previous collaboration with a colleague at Nokia Bell Labs, where we introduced an approach for extracting private user information in a data center, referred to as the passive party (e.g., an insurance company),” Varasteh told Tech Xplore. “The passive party collaborates with another data center, referred to as the active party (e.g., a bank), to build an ML algorithm (e.g., a credit approval algorithm for the bank).”

Get a real time quote from over 300 cutting edge providers worldwide while maintaining contact with FreedomFire Communications only. Our suppliers offer best-in-class business ethernet/fiber networks, network security solutions and cybersecurity educational programs, digital transformation tools and resources, IoT network ecosystems (sensor technology, network connectivity, data analytics), and more… at the most competitive price available with industry leading customer service and support.

WHETHER you’re an Android fan or an iPhone lover, you should be wary of a common text message scam.

It’s called “smishing” and has been flagged by the experts at Security Intelligence as a growing problem.

Smishing is essentially the same as phishing, the common email scam technique that tries to get you to give away personal data.

A cybersecurity technique that shuffles network addresses like a blackjack dealer shuffles playing cards could effectively befuddle hackers gambling for control of a military jet, commercial airliner or spacecraft, according to new research. However, the research also shows these defenses must be designed to counter increasingly sophisticated algorithms used to break them.

Many aircraft, spacecraft and weapons systems have an onboard computer network known as military standard 1,553, commonly referred to as MIL-STD-1553, or even just 1553. The network is a tried-and-true protocol for letting systems like radar, flight controls and the heads-up display talk to each other.

Securing these networks against a cyberattack is a national security imperative, said Chris Jenkins, a Sandia cybersecurity scientist. If a hacker were to take over 1,553 midflight, he said, the pilot could lose control of critical aircraft systems, and the impact could be devastating.

The United States Marshals Service (USMS) was hit with a ransomware attack the agency said in a statement. The incident occurred on February 17, and “officials determined that it constitutes a major incident,” according to an agency spokesperson.

Ransomware is a type of malware that locks up computer systems until a “ransom” is paid to unlock the system.