Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG).
Category: Vulnerabilities
Malware Hidden in Pirated Games Infects 400,000 Devices | PCMag
Researchers at cybersecurity vendor Cyderes are warning about the threat, which has been hiding inside cracked games and modified game installers for franchises including Far Cry, Need for Speed, FIFA, and Assassin’s Creed.
Researcher finds Chinese KVM has undocumented microphone, communicates with China-based servers — Sipeed’s nanoKVM switch has other severe security flaws and allows audio recording, claims researcher | Tom’s Hardware
The researcher says the device’s software stack exposes weak points from the moment it boots. Early units arrived with a pre-set password and open SSH access, a problem the researcher reported to Sipeed and which the company later corrected. The web interface still lacks basic protections, including CSRF defence and any mechanism to invalidate active sessions.
The WIRED Guide to Digital Opsec for Teens | WIRED
Protecting your digital privacy isn’t a blanket prescription. Some people are more private by nature, and others prioritize putting themselves out there. But even if you’re a 24/7 streamer, you can still think about your operations security, commonly known as opsec. What can viewers see in your room while you’re streaming? Which people from your life have appeared onscreen? Could viewers figure out where you live from what they can see out your window?
US emergency alert systems down after cyberattack • The Register
Various municipalities have issued near-identical advisories about the attack on the OnSolve CodeRED platform, now owned by Crisis24, which enables residents to receive real-time alerts for emergencies such as weather warnings, missing children, terror threats, and more.
Study concludes cybersecurity training doesn’t work | KPBS Public Media
Some people with training were slightly less likely to click on a phishing lure than the untrained. But some trained people were more likely to click.
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED
With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.
High-performance mice can be used as a microphone to spy on users thanks to AI — Mic-E-Mouse technique harnesses mouse sensors, converts acoustic vibrations into speech | Tom’s Hardware
The processing works like this: the raw audio data is run through digital signal processing using a Wiener Filter, where you can start to hear some information. This is then further cleared up through a neural model, giving the researchers clear audio.
Cyber criminals pull off $1.5 million heist, exploiting Baltimore’s outdated defenses
A cyber heist has cost the city more than $1.5 million after thieves manipulated the city’s electronic Workday system, according to a report released this week by Inspector General Isabel Cumming. The breach allowed cybercriminals to access a vendor’s account, alter bank account information, and redirect payments intended for city work.