Mar 08 15:29

Ransomware as a service is the new big problem for business

Ransomware as a service is proving effective for cyber criminals who want a piece of the cyber-extortion action but without necessarily having the skills to develop their own malware, with two out of three attacks using this model.

Ransomware attacks are still proving extremely lucrative, with the most well-organised gangs earning millions per victim, so many cyber criminals want to cash in – but don't have the ability to code and distribute their own campaigns.

That's where ransomware as a service (RaaS) comes in, with developers selling or leasing malware to users on dark web forums. These affiliate schemes provide low-level attackers with the ability to distribute and manage ransomware campaigns, with the developer behind the ransomware receiving a cut of each ransom victim's pay for the decryption key.

Mar 08 15:04

The Army’s New Goggles Let Soldiers See Right Through Walls

The U.S. Army’s new goggles can help soldiers see right through the walls of combat vehicles, which means infantry troops will have unparalleled situational awareness.

The Army is developing its Integrated Visual Augmentation System (IVAS) goggles for close-combat forces, including mounted and dismounted troops, particularly infantry. The service hopes to field tens of thousands of the goggles, which can also help soldiers see in the dark, check around corners, and even project digital maps and other data onto the lenses.

Mar 08 14:45

Xanadu announces programmable photonic quantum chip able to execute multiple algorithms

A team of researchers and engineers at Canadian company Xanadu Quantum Technologies Inc., working with the National Institute of Standards and Technology in the U.S., has developed a programmable, scalable photonic quantum chip that can execute multiple algorithms. In their paper published in the journal Nature, the group describes how they made their chip, its characteristics and how it can be used. Ulrik Andersen with the Technical University of Denmark has published a News & Views piece in the same journal issue outlining current research on quantum computers and the work by the team in Canada.

Mar 08 07:20

Watch: Microsoft Hacked, Over 30,000 Businesses Compromised In Chinese Cyberwar Operation

Thousands of small businesses and government offices across the US were endangered due to a back door defect in Microsoft’s email program, according to reports.

Hackers in China have been abusing some flaws in Microsoft’s Exchange software to break into accounts and view emails without authorization and to install unlawful software, according to the Wall Street Journal.

Sources told the newspaper that tens of thousands of customers all over the world could be affected, and that figure could be higher than 250,000.

Mar 07 07:40

Utah Lawmakers Pass Bill to Require 'Porn Filters' on All Tablets and Phones Sold in the State

Pour one out for all the horny folks in Utah, y’all. The state’s legislature has passed its baffling “porn filter” bill, which would mandate a default filter for “material that is harmful to minors” on all tablets and smartphones sold in the state beginning in 2022.

House Bill 72—its official title—passed the state Senate this week in a 19-6 vote with four absences, as first spotted by XBIZ. In February, the Utah House of Representatives sanctioned the bill after it narrowly scraped through a committee vote with a 6-5 margin. Now it’s headed to the desk of Utah Governor Spencer Cox for final approval.

Mar 07 07:38

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

Microsoft's Exchange Server team has released a script for IT admins to check if systems are vulnerable to recently-disclosed zero-day bugs.

As noted in an alert published by the US Cybersecurity and Infrastructure Security Agency (CISA) on Saturday, Microsoft's team has published a script on GitHub that can check the security status of Exchange servers.

The script has been updated to include indicators of compromise (IOCs) linked to four zero-day vulnerabilities found in Microsoft Exchange Server.

On March 2, the tech giant warned of the active exploit of the zero-days by a state-sponsored Chinese threat group called Hafnium. FireEye's Mandiant Managed Defense team has also tracked ongoing attacks against US organizations leveraging the bugs. So far, victims include local government entities, a university, and retailers.

Mar 07 07:37

The Latest Microsoft Hack Looks Like It Could Be Huge

Microsoft announced this week that another one of its email products, Exchange, had been compromised by a hacking campaign. This recent hack is actually totally unrelated to the “SolarWinds” one, in which Microsoft has also played an outsized role.

A state-sponsored threat actor from China dubbed “HAFNIUM” is said to be exploiting a number of zero-day flaws in on-premises Microsoft Exchange servers all over the globe in an apparent effort to steal data. Exchange essentially works with mail clients like Microsoft Office, ensuring that updates to devices are synchronized. It’s a very widely used product, to say the least. While Microsoft has sought to play down the potential scope of this hack (calling it “limited and targeted” in nature), it is beginning to look like that assessment is actually really, really wrong.

Mar 07 07:36

A new type of supply-chain attack with serious consequences is flourishing

A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.

The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but it’s not clear if they succeeded in executing the malware inside their networks. The npm and PyPi open source code repositories, meanwhile, have been flooded with more than 5,000 proof-of-concept packages, according to Sonatype, a firm that helps customers secure the applications they develop.

Mar 04 13:05

Five strikes and you're OUT! Twitter launches new 'strike' system for tweets that contain misinformation about Covid-19 and will attach warning labels to anti-vax posts

Twitter has launched a new 'strike' system for users who post tweets containing misinformation about Covid-19, including vaccines.

The strike policy will punish repeat offenders with temporary suspensions, which could lead to permanent suspension from the platform after five strikes.

The social network is also expanding its use of warning labels to tweets that may contain misleading information about the Covid-19 vaccines.

Offending tweets will appear with the message: 'This tweet may be misleading. Find out why health officials consider Covid-19 vaccines safe for most people.'

Mar 04 09:31

Microsoft's new Power Fx is an open-source language based on Excel

Microsoft has introduced Power Fx, an open-source, low-code language built on the foundation of Microsoft Excel.

Power Fx is the new language for expressing logic across the Microsoft Power Platform . It's not so much a brand-new programming language as it is the new name for the formula language for Microsoft's so-called canvas apps.

Power Fx is described by Microsoft as a general-purpose, strong-typed, declarative, and functional programming language. It shares the same syntax and functions as Excel, with Microsoft explaining that Power Fx behaves much in the same way its popular spreadsheet application handles formulas.

Mar 04 08:55

Skydio: Drones With ‘Most Advanced AI Ever’ Coming Soon To Your Local Police Department

It claims to be shipping the most advanced AI-powered drone ever built: a quadcopter that costs as little as $1,000, which can latch on to targets and follow them, dodging all sorts of obstacles and capturing everything on high-quality video. Skydio claims that its software can even predict a target’s next move, be that target a pedestrian or a car.

The technology is futuristic, but not exactly brand-new. DJI, which claims yearly revenues above $2 billion, has been making drones with similar autonomous flying features since at least 2016. Some police who’ve used Skydio claim its drones are better at flying in tight, tactical situations—like inside buildings or through a forest—but DJI, which is valued north of $15 billion, has a significant market advantage. Analysts put its U.S. market share at between 70% and 80%, with no other manufacturer above 10% (worldwide numbers are similar).

Mar 04 08:53

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive following the release of fixes for zero-day vulnerabilities in Microsoft Exchange.

The US agency's Emergency Directive 21-02, "Mitigate Microsoft Exchange On-Premises Product Vulnerabilities," was issued on March 3.

This week, Microsoft warned that four zero-day vulnerabilities in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 are being actively exploited by a suspected state-sponsored advanced persistent threat (APT) group from China called Hafnium.

Exchange Online is not affected by the bugs. However, Exchange Server is software used by government agencies and the enterprise alike, and so Microsoft's warning to apply provided patches immediately should not be ignored.

Mar 04 08:42

Companies are using this email trick to spy on you – here’s how to stop them

All of the marketing emails that flood your email account each don’t just make it harder to achieve inbox zero. Many of them actually do much more than push the brand’s message into your inbox — they also include unseen mechanisms that allow the email messages to essentially spy on you, tracking things like whether you opened the message and what time you did so.

Mar 04 08:35

If you use this app, your private data might have been exposed in a big data breach

Reports have begun circulating that Zee5, an on-demand Internet streaming service based in India, that’s available almost everywhere globally except the US, may have suffered another data breach — this time reportedly putting some 9 million users’ private data at risk of being exploited by hackers.

Previous Zee5 data leaks were reported last year. What sparked this new episode, about which Zee5 has been quiet thus far, is a tweet a few days ago from an independent Internet security researcher, who wrote the following: “9 Million users data alleged leaked from #Zee5 again!! It seems latest data leak on 23rd Feb 2021. I sure no one is going to take responsibility for this too. Now we can say that there is no value of our personal and financial data. Risk is ours.”

Mar 04 08:14

Apple might replace the iPhone’s Lightning port with something much better

Various rumors claimed last year that Apple is already developing a portless iPhone. This handset would not feature a Lightning port for battery charging and data transfer, which is what Lightning does on all iPhones and most iPads. Known for his accurate Apple predictions, analyst Ming-Chi Kuo made similar remarks in a recent note to customers. He said that Apple wouldn’t replace Lightning with USB-C anytime soon. Instead, the company would launch a portless design than switching to USB-C.

Mar 03 10:41

Google patches actively exploited Chrome browser zero-day vulnerability

The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."

Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.

Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.

The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.

Mar 03 10:40

Microsoft: These Exchange Server zero-day flaws are being used by hackers, so update now

Microsoft has released updates to address four previously unknown or 'zero-day' vulnerabilities in Exchange Server that were being used in limited targeted attacks, according to Microsoft.

Microsoft is urging customers to apply the updates as soon as possible due to the critical rating of the flaws. The flaws affected Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Exchange Online is not affected.

"We strongly encourage all Exchange Server customers to apply these updates immediately," it said.

Mar 03 09:23

Wikipedia’s founder is creating new free speech competitor to website, citing leftist domination

Sanger admitted that Wikipedia had become “badly biased” last year, citing the use of political propaganda by establishment editors on the site who consistently lock down articles pertaining to publicly discussed topics and figures.

Mar 03 08:40

U.S. ‘Not Prepared To Defend Or Compete’ With China On AI According To Commission Report

The National Security Commission on Artificial Intelligence, or NCSAI, issued a report on Monday, March 1, 2021, which offers a stark warning to the leadership of the United States. According to the thorough 756-page report, China could likely soon replace the U.S. as the world’s leader in artificial intelligence, or AI, and that shift will have significant ramifications for the U.S. military at home and abroad. The full text of the report is listed on the NCSAI website.

Mar 03 07:35

'Failing': Alarming Report Spells Out Artificial Intelligence Development Gap Between U.S. & China

The United States needs to intensify its artificial intelligence-powered instruments in order not to fall short of the efforts of communist China, a U.S. national security commission has told Congress.

In a 750-page report to Congress published on March 1, the National Security Commission on Artificial Intelligence (NSCAI) outlined the threats posed by Beijing, which has been striving to replace the United States as the world’s next AI superpower.

If left uncared for, the communist regime’s rapid progress in the AI field would see China surpass America within the next ten years, suggested the commission headed by former Google chairman Eric Schmidt, along with executives from Microsoft, Oracle, and Amazon.

Mar 03 07:16

Why privacy-busting, law-breaking GCHQ’s pledges to protect the public using artificial intelligence should raise an eyebrow

The UK’s signals intelligence agency isn't known for its commitment to the rule of law, so claims its new Artificial Intelligence capabilities will be used to safeguard citizens, not spy on them, shouldn’t be taken at face value.
On February 24, GCHQ issued a report – Pioneering a New National Security – outlining how it intends to use Artificial Intelligence (AI) to tackle child sex abuse, drugs, weapons and human trafficking, and online disinformation.

Mainstream media outlets widely reiterated the paper’s headline claims without criticism or balance. The BBC went so far as to suggest the release reflected GCHQ’s benevolent intentions and commitment to transparency.

Mar 02 16:51

Oxford University lab researching coronavirus was just targeted in a cyberattack

“Portuguese-speaking” South American hackers have targeted the biomedical systems in a laboratory in the University of Oxford that is conducting research on the Wuhan coronavirus (COVID-19).

Officials from Oxford confirmed that its Division of Structural Biology, known as Strubi, was targeted by a cyber attack sometime in mid-February. The university was quick to point out that, while Strubi was researching the coronavirus, it was distinct from the Jenner Institute, the laboratory that developed the coronavirus vaccine in partnership with pharmaceutical company AstraZeneca.

Oxford was alerted to the breach in Strubi when screenshots of the attack were discovered inside the lab’s network. The hackers left these screenshots in one of their “poorly secured servers.”

Mar 02 11:55

The Perseverance rover runs on processors used in iMacs in the 1990s

Remember the colourful iMac computers from the late 1990s? The same processor that powered those is being used to run NASA’s Mars Perseverance rover.

This processor, which is also being used in the Curiosity rover, has just 10.4 million transistors – even affordable smartphones now have more than 1000 times as many. So why is such old technology used in a cutting-edge space exploration mission?

It all comes down to radiation.

Mar 02 08:08

Forget 5G, Apple is now looking for engineers to work on 6G

Hot on the heels of launching its first 5G-enabled iPhones, Apple is now looking to start work on sixth-generation (6G) cellular connectivity. The California-based company is currently looking for wireless systems research engineers for next-generation networks.

Mar 02 07:30

The Global Inflation Nightmare That You Have Been Warned About Is Here

If you thought that authorities all over the planet could print, borrow and spend money like there was no tomorrow without any consequences, you were being delusional.  Since the beginning of the "COVID pandemic", we have witnessed the greatest monetary binge in world history.  Of course that was going to cause enormous problems.  Of course that was going to cause nightmarish inflation.  Anyone with an ounce of common sense should have been able to see that.  When the value of money is tied to nothing, “more money” is always such a tempting solution for those in power.  But as history has demonstrated over and over again, going down that path almost always leads to tragedy.

Mar 02 06:54

Another Mega Group Spy Scandal? Samanage, Sabotage, and the SolarWinds Hack

The devastating hack on SolarWinds was quickly pinned on Russia by US intelligence. A more likely culprit, Samanage, a company whose software was integrated into SolarWinds’ software just as the “back door” was inserted, is deeply tied to Israeli intelligence and intelligence-linked families such as the Maxwells.

In mid-December of 2020, a massive hack compromised the networks of numerous US federal agencies, major corporations, the top five accounting firms in the country, and the military, among others. Despite most US media attention now focusing on election-related chaos, the fallout from the hack continues to make headlines day after day.

The hack, which affected Texas-based software provider SolarWinds, was blamed on Russia on January 5 by the US government’s Cyber Unified Coordination Group. Their statement asserted that the attackers were “likely Russian in origin,” but they failed to provide evidence to back up that claim.

Mar 01 12:27

Google: Bad bots are on the attack, and your defence plan is probably wrong

Google is warning that bots are causing more problems for business -- but many companies are only focused on the most obvious attacks.

At the outset of the COVID-19 pandemic Microsoft chief Satya Nadella said Microsoft had seen "two years' worth of digital transformation in two months." Google now sees that attackers have adapted to these changed conditions and are boosting attacks on newly online businesses, with bots high on the list of tools used.

Bot attacks can cover anything from web scraping where bots are used to gather content or data, to bots that try to beat Captchas, to ad fraud, card fraud and inventory fraud. Of particular concern are distributed denial of service attacks (DDoS), where junk traffic is directed at an online service with the purpose of flooding it to the point of knocking it offline.

Mar 01 07:57


A group of Swiss scientists developed a wearable microchip which sits on the skin throughout the day and records hormone levels via sweat. The microchip measures levels of cortisol in the body and tells the wearer when they are experiencing too much stress, say the researchers.

Mar 01 07:12

You have to see this laptop that you can build and upgrade yourself

It might look like a MacBook from that angle, but then again, many laptop makers attempt to mimic Apple’s MacBook Pro and Air designs. A closer look makes it clear that this isn’t an Apple computer.

The Framework Laptop is easily the most exciting laptop project of 2021 so far, and we’ve just seen a bunch of interesting new notebooks that will hit stores this year. What sets the Framework Laptop apart is something you normally only see on desktops. The Framework Laptop is a modular machine that you can build and rebuild at any time, upgrading the parts that slow you down.

Feb 28 07:48

CONFIRMED: Hackers Strike And Leak Bill Gates, WHO, And Wuhan Lab Emails

FRN has confirmed reports that hackers have successfully hacked accounts belonging to Bill Gates, the WHO, and a lab in Wuhan believed to be the location researching coronavirus that received funding from Dr. Fauci.

The event appears to have taken place on or about April 20th.

Netizens have taken to activism and people are logging in via SSH and downloading the contents of these hacks. This means that many people will be combing through the hacked documents with a fine-toothed comb.

Hackers apparently looking for the truth behind the coronavirus outbreak have allegedly hacked the World Health Organization, the Wuhan biolab and the Bill and Melinda Gates Foundation. A set of huge databases containing usernames and passwords has been leaked.

Feb 28 07:20

War Mongering For Artificial Intelligence

The ghost of Edward Teller must have been doing the rounds between members of the National Commission on Artificial Intelligence. The father of the hydrogen bomb was never one too bothered by the ethical niggles that came with inventing murderous technology. It was not, for instance, “the scientist’s job to determine whether a hydrogen bomb should be constructed, whether it should be used, or how it should be used.” Responsibility, however exercised, rested with the American people and their elected officials.

The application of AI in military systems has plagued the ethicist but excited certain leaders and inventors. Russian President Vladimir Putin has grandiloquently asserted that “it would be impossible to secure the future of our civilization” without a mastery of artificial intelligence, genetics, unmanned weapons systems and hypersonic weapons.

Feb 28 07:04

The Air Force is using virtual reality to fight its suicide epidemic

Airman Mike is having a real bad day. He’s in a tough spot at work, his wife left him and took the kids, and he’s posting a lot of worrisome stuff on Instagram. Unfortunately, there are a lot of Mikes in the Air Force, and now you’re at his house, trying to check in on him. What do you do?

That’s exactly the question the Air Force’s new suicide prevention virtual reality simulator is trying to help airmen answer. The 30-minute training session being demoed at Scott and Travis Air Force Bases puts trainees in the shoes of airmen checking in on their virtual buddies at a rough time in their lives.

Feb 27 07:48

March of the microscopic robots

Feb 27 07:47

Mafia-type gangs, not foreign powers, hacked French hospitals, says minister, as some doctors continue to work with pen and paper

The French minister for digital transformation has said mafia-type gangs from Eastern Europe are probably behind a spate of attacks on French hospitals and laboratories during the pandemic, rather than foreign state actors.

“Concerning the hospitals, in all likelihood, it is not foreign powers, but rather Mafia-type organizations – often situated in eastern countries but not just limited to there – who are looking for money,” Cedric O, the secretary of state for digital transformation, told France 2 television on Thursday.

The minister said that the gangs normally attempt to steal confidential data with the aim of ransoming the organization in question, adding that the situation had stabilized following a spate of attacks earlier in the year.

While many hospitals and healthcare organizations have returned to normal, Cedric O claimed that hospitals in Dax and Villefranche-sur-Saône were still working with pen and paper after their computer systems were hit.

Feb 26 11:39

Google looks at bypass in Chromium's ASLR security defense, throws hands up, won't patch garbage issue

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR).

About two weeks later, Google software security engineer Chris Palmer marked the bug "WontFix" because Google has resigned itself to the fact that ASLR can't be saved – Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited.

Or as Palmer put it, "we already have to plan for a world in which ASLR is bypassable."

Feb 26 10:51

Google Demonetizes Information Liberation For Sharing Video Of Capitol Police Shooting Ashli Babbitt

Information Liberation has been suspended from Google AdSense after some 15 years for sharing video of Capitol police shooting Air Force veteran Ashli Babbitt in an article without any Google ads -- video which CNN and NBC paid $35,000 each to air on live TV and tons of other corporate media sites have fully monetized with Google's approval.

Feb 26 08:23


As internet penetration and smartphone usage increases across Africa, digital spaces have become increasingly important for organising political uprisings and opposition movements. In response, several of the continent’s regimes have shut down the internet or blocked social media apps. To sidestep the economic costs and global criticism that these online shutdowns incur, governments have turned to digital surveillance technology as a shrewder way to crush all opposition.

Feb 26 08:22


In late January, the National Security Commission on Artificial Intelligence (NSCAI), or the AI Commission, released a draft of their upcoming report to Congress, rejecting calls to ban AI-powered autonomous weapons, characterized by critics as “killer robots”. While the AI Commission did briefly address privacy and civil liberties concerns, they ultimately called on Congress to double AI research and funding annually up to $32 billion a year by 2026. The report also failed to note clear conflicts of interest between the Commission’s Chairman, and former Google CEO, Eric Schmidt.

Opponents of the advancing AI-powered surveillance and police states include privacy advocates concerned about a future where law enforcement are wearing glasses equipped with facial recognition software powered by secret AI algorithms.

Feb 25 13:52

You can control an armed Spot robot online, and Boston Dynamics is not happy

Boston Dynamics' lineup of robots have been taking turns wowing us with their stunts and fueling our nightmares (thanks in no small part to that Black Mirror episode). Now an artsy startup has finally gone ahead and combined the light and dark sides of the company's robotic dog, Spot, into a chaotic online event.

Starting at 10 a.m. PT Wednesday, random visitors to a website will be able to control a Spot robot equipped with a paintball gun as it ransacks an art gallery set up for the purpose.

MSCHF Product Studio / Screenshot by CNET
Spot's Rampage is the latest effort from MSCHF Product Studio, which is the same outfit that re-created episodes of The Office entirely in Slack and sells a cap for your Alexa device that jams its microphone.

To participate, you'll need to download the MSCHF App and visit the Spot's Rampage website where the chaos will be livestreamed. Every two minutes, control of Spot via the app will be passed to a random viewer on the website.

Feb 25 13:51

These are the most common ways hackers will attack your computer

Computer security has dominated tech news headlines in recent weeks, with reports of one hack and data breach after another as hackers get increasingly brazen and aggressive when it comes to different ways of stealing your information.

We’ve noted in previous posts some of the different steps you can take to make yourself less of a target in the next data breach, but in the meantime, researchers from the cybersecurity company Proofpoint have prepared a report that looks at some of the most common steps hackers take in order to break into your PC. They include phishing emails, whereby hackers trick users into opening messages and interacting with them in a way that triggers a malicious action. Indeed, the Proofpoint researchers warn in their report, for those of you not aware, that “email is by far the biggest channel for cyber attacks. We saw a wide range of email attack techniques in the fourth quarter, but almost all of them included some form of social engineering.”

Feb 24 11:45

A quantum computer just solved a decades-old problem three million times faster than a classical computer

Scientists from quantum computing company D-Wave have demonstrated that, using a method called quantum annealing, they could simulate some materials up to three million times faster than it would take with corresponding classical methods.

Together with researchers from Google, the scientists set out to measure the speed of simulation in one of D-Wave's quantum annealing processors, and found that performance increased with both simulation size and problem difficulty, to reach a million-fold speedup over what could be achieved with a classical CPU.

Feb 24 10:18

Trust Stamp – Bill Gates Funded Program That Will Create Your Digital Identity Based On Your Vaccination History

Trust Stamp is a vaccination based digital identity program funded by Bill Gates and implemented by Mastercard and GAVI, that will soon link your biometric digital identity to your vaccination records. The program said to “evolve as you evolve” is part of the Global War on Cash and has the potential dual use for the purposes of surveillance and “predictive policing” based on your vaccination history. Those who may not wish to be vaccinated may be locked out of the system based on their trust score.

Feb 24 10:16

Israeli cyber firm: Chinese hacking tool was modeled on NSA spyware

An Israeli cybersecurity firm announced Monday that China has used a hacking tool initially developed by the US National Security Agency.

In a new report, Check Point Software Technologies said the Chinese malware, which it dubbed “Jian,” exploited a vulnerability in Windows. It said the exploit was a replica of one used by the secretive “Equation Group” at the NSA.

Check Point said the tool was developed in 2014 and has been used since at least the following year, two years before cyber weapons made by the Equation Group were leaked online. The Tel Aviv-based firm hypothesized that Chinese spies may have obtained the code during an Equation Group operation against a target in China, captured it while monitoring an Equation Group attack against a third party, or acquired it during a Chinese operation against the Equation Group.

Feb 24 09:48

60 Years After Eisenhower's Warning, Distinct Signs Of A 'Digital-Intelligence Complex'

In June 2019, Susan Gordon stood on a stage at the Washington Convention Center. Behind her loomed three giant letters, “AWS,” the abbreviation for Amazon Web Services, the cloud computing division of the giant Internet retailer.

After three decades at the Central Intelligence Agency, Gordon had risen to one of the top jobs in the cloak-and-dagger world: principal deputy director of national intelligence. From that perch she publicly extolled the virtues of Amazon Web Services and the cloud services the tech giant provides the CIA.

She told the crowd that the intelligence community’s 2013 decision to sign a multi-year, $600 million contract with AWS for cloud computing “will stand as one of those that caused the greatest leap forward. … The investment we made so many years ago in order to be able to try and harness the power of the cloud with a partner who wanted to learn and grow with us has left us not only ready for today but positioned for tomorrow.”

Feb 24 09:24

Arizona's $24-Million Prison Management Software Is Keeping People Locked Up Past The End Of Their Sentences

The Arizona Department of Corrections is depriving inmates of freedom they've earned. Its $24 million tracking software isn't doing what it's supposed to when it comes to calculating time served credits. That's according to whistleblowers who've been ignored by the DOC and have taken their complaints to the press. Here's Jimmy Jenkins of KJZZ, who was given access to documents showing the bug has been well-documented and remains unfixed, more than a year after it was discovered.

According to Arizona Department of Corrections whistleblowers, hundreds of incarcerated people who should be eligible for release are being held in prison because the inmate management software cannot interpret current sentencing laws.

Feb 24 08:37

Microsoft President Blames Russia Intelligence Agency for SolarWinds Hack

Microsoft President Brad Smith told a US Senate panel there is substantial evidence that a Russian intelligence agency was involved in the massive SolarWinds hacking attack and there are no leads that would incriminate other suspects.

"I do think we can say this. At this stage we have seen substantial evidence that points to the Russian foreign intelligence agency. And we have found no evidence that leads us anywhere else," Smith said in a testimony to the Senate Select Committee on Intelligence.

US officials have said they agree that Russian hackers are likely behind a massive cyberattack that targeted at least nine federal agencies and 17,000 private companies. The suspects reportedly embedded malware in SolarWinds updates and patches to penetrate the networks in search for sensitive data. Russia has denied the allegations.

"We will wait for the rest of formal steps to be taken by the government and others. But there is not a lot of suspense at this moment," Smith said.

Feb 23 10:44

Find and Remove the New 'Silver Sparrow' macOS Malware

What’s Silver Sparrow? No, it’s not a Game of Thrones character—has that ship sailed?—but rather a new piece of macOS malware that runs on both Intel and M1-based Macs. That makes it the second piece of known malware for the latter, but there’s a silver lining: Researchers discovered the malicious software before it had a chance to actually harm your system.

As Red Canary’s Tony Lambert writes:

“...the ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts have not downloaded what would be the next or final payload.”

Feb 23 10:33

NASA’s New Mars Rover Is Less Powerful Than Many Smartphones

If you thought a NASA rover that cost $2.4 billion to build and launch would be more powerful than your old smartphone, you have another thing coming.

NASA’s Perseverance rover, which landed successfully on Mars Thursday, is powered by an old chipset that gives it about the same processing power as an iMac from 1998, according to PCMag‘s breakdown. More specifically, it’s packing 256MB of RAM and 2GB of storage, with a 200MHz processor.

For comparison’s sake, that’s substantially less computing power than the original Apple Watch, which packs 512MB of RAM and 8GB of storage, with a 520MHz processor.

But don’t be down on NASA — space engineers tend to use extremely time-tested computing components for maximum reliability. After all, if Perseverance runs into trouble, the nearest Apple Store is tens of millions of miles away.

Feb 23 08:33

Pieces Of Color: When YouTube’s oversensitive filters think CHESS VIDEOS are racist, will language have to adapt to Big Tech?

With all its talk of black-on-white war, YouTube’s “hate speech”-filtering AI can’t tell the difference between chess players and violent racists. Perhaps leaving robots in charge of the English language isn’t such a good idea.

Croatian chess player Antonio Radic, known to his million subscribers as ‘Agadmator,’ runs the world’s most popular chess channel on YouTube. Last summer he found his account suspended due to its “harmful and dangerous” content. Radic, who was in the middle of a show with Grandmaster Hikaru Nakamura at the time, was puzzled. He received no explanation for the ban, which was reversed on appeal, but speculated that YouTube’s censorship algorithm may have heard him say something like “black goes to B6 instead of C6, white will always be better.”

“If that's the case, I'm sure all [all of] my 1,800 videos will be taken down as it's black against white to the death in every video,” he told the Sun at the time.

Feb 23 08:20

Chinese Spies Hijack NSA Hacking Tools To Use Against The US

The NSA (and its army of expert hackers) has once again been hoist upon its own petard. And this time, it's not a shadowy group of hackers using aliases like "the Shadow Brokers" that's stealing the agency's code. It's the Chinese government, and its massive security apparatus.

According to Reuters, Chinese spies managed to hijack code first developed by the NSA to support the agency's hacking operations, the latest example of how malicious software developed by the US federal government has been used against the US, or its allies. Chinese spies reportedly first used the code developed by the NSA to support their own operations.

Feb 22 10:57

30,000 Macs infected with new Silver Sparrow malware

Security researchers have spotted a new malware operation targeting Mac devices that has silently infected almost 30,000 systems.

Named Silver Sparrow, the malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black.

"According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany," Red Canary's Tony Lambert wrote in a report published last week.

But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it's unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days.

Feb 22 10:20

Scam artists lurking on dating apps and social media made away with a record haul in 2020

We expect love to have an emotional impact on us, but a new report released by the Federal Trade Commission revealed it's also hurting wallets. A record $304 million was reported lost to romance scams in 2020.

Scammers lurk on dating apps and social media, striking up conversation with strangers until they build up trust to eventually ask for money. The prevalence of these types of scams has been steadily rising for the past four years. In 2020, there was a 50% jump in reported dollar losses from romance scams from 2019. The pandemic has only made things easier, creating legitimate reasons for scammers to hide their real motives, claiming they cannot meet in person or need money for medical treatment.

Feb 22 07:54

Watch: US Army Conducts First Autonomous Vehicle Test At New Facility Near Baltimore 

US Army researchers began experimenting with autonomous vehicles at a new testing facility within Aberdeen Proving Ground (APG) in Middle River, Maryland.

APG allotted Army Research Laboratory (ARL) with 200 acres to prove and refine autonomous vehicles' performance. The facility has been home to the service for nearly a century, where munitions and weapons have been tested.

"The one-of-its-kind research campus was established to advance Army knowledge of autonomy and intelligent systems through basic and applied research of unmanned technologies that integrate artificial intelligence, autonomy, robotics and human teaming elements in complex environments," Jeffrey Westrich, an ARL program manager said.

Feb 21 13:01

Facebook now tracking OFFLINE interactions with partner stores to stalk users with targeted ads

You might expect social media platforms like Facebook to collect information about what you do on their site for ad targeting purposes, but did you know that they are also tracking your offline interactions with partner stores?

In its quest to know everything about everyone, Facebook partners with numerous retailers to learn what its users are buying, both from online retailers and in brick-and-mortar stores. They then use this data to target ads to you based on what they believe you are likely to buy. This explains why you might suddenly see a rise in the number of ads on Facebook related to a store you’ve visited or item you’ve bought recently.

Feb 21 08:42

New malware found on 30,000 Macs has security pros stumped

A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Feb 21 08:41

Google Fires Another Top Researcher on Its AI Ethics Team

Google has fired another top artificial intelligence researcher, Margaret Mitchell, in the latest escalation of internal tensions at the company following December’s controversial ouster of Timnit Gebru, a Black AI ethicist. As if the PR fire with Google’s AI ethics team didn’t have enough fuel already.

Mitchell, who formerly led the team alongside Gebru, was caught using automated scripts to comb through her work emails to find evidence of discrimination and harassment to back up Gebru’s claims, Axios reports. In January, she lost access to her corporate email after Google launched an investigation into her activity. In a statement to Reuters, Google claims Mitchell’s firing followed disciplinary recommendations by investigators and a review committee. Google said she violated the company’s code of conduct and security policies and transferred electronic files outside the company.

Feb 19 12:22

California DMV Warns Millions of Records May Have Been Exposed in Worrisome Data Breach

The California Department of Motor Vehicles has warned state residents that over a year’s worth of data—including customer addresses and license plate numbers—may have been compromised in a recent cyberattack on a third-party contractor.

That contractor—Automatic Funds Transfer Services (AFTS)—is a financial services and data management firm, which California uses to verify changes of address for car owners.

AFTS was hit by a ransomware attack sometime between Feb. 3 and 4, potentially exposing “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN),” the DMV has said. As should be obvious, that means millions and millions of records.