Lifeboat Foundation

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.

Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards.

When plugging in a Razer device into Windows 10 or Windows 11 the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons.

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.

ProxyShell is the name of an attack consisting of three chained Microsoft Exchange vulnerabilities that result in unauthenticated, remote code execution.

The three vulnerabilities were discovered by Devcore Principal Security Researcher Orange Tsai, who chained them together to take over a Microsoft Exchange server in April’s Pwn2Own2021hacking contest.

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date.

The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. “Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests,” the company noted, at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks.

Uptycs Threat Research Team has discovered malware that not only hijacks vulnerable *nix-based servers and uses them to mine cryptocurrency but actually modifies their CPU configurations in a bid to increase mining performance at the cost of performance in other applications.

Perpetrators use a Golang-based worm to exploit known vulnerabilities like CVE-2020–14882 (Oracle WebLogic) and CVE-2017–11610 (Supervisord) to gain access to Linux systems, reports The Record. Once they hijack a machine, they use model-specific registers (MSR) to disable the hardware prefetcher, a unit that fetches data and instructions from the memory into the L2 cache before they are needed.

In another instance of a misconfigured data server, the personal details of over 3 million senior citizens have been exposed.

The covid-19 pandemic has reinforced humanity’s dependence on modern tech, but the same tools that enable remote working are also being used to spread disinformation and perpetuate cybercrime. Ambivalence towards technology is nothing new.

Read more of our coverage of Science & technology: https://econ.st/3CdkVa5

Continue reading “Should we be worried about technology? | The Economist” »

There’s very few opportunities in cybersecurity where you get the benefit of foresight. This could be one.

The goal is to pre-empt the fall of traditional cryptography likely to follow the quantum revolution.

A research team with the Technical University of Munich (TUM) have designed a quantum cryptography chip aimed at the security demands of the quantum computing revolution. The RISC-V chip, which was already sent to manufacturing according to the researchers’ design, aims to be a working proof of concept for protecting systems against quantum computing-based attacks, which are generally considered to be one of the most important security frontiers of the future. Alongside the RISC-V based hardware implementation (which includes ASIC and FPGA structures), the researchers also developed 29 additional instructions for the architecture that enable the required workloads to be correctly processed on-chip.

Traditional cryptography is generally based on both the sender and receiver holding the same “unlock” key for any given encrypted data. These keys (which may include letters, digits, and special characters) have increased in length as time passes, accompanying increases in hardware performance available in the general computing sphere. The idea is to thwart brute-force attacks that would simply try out enough character combinations that would allow them to eventually reach the correct answer that unlocks the encrypted messages’ contents. Given a big enough size of the security key (and also depending on the encryption protocol used), it’s virtually impossible for current hardware — even with the extreme parallelization enabled by the most recent GPUs — to try out enough combinations in a short enough timeframe to make the effort worthwhile.

Continue reading “Researchers Develop RISC-V Chip for Quantum-Resistant Encryption” »

The deal combines decades of cyber security experience.

Norton and Avast are merging in a big anti-virus deal. The combined companies will focus on consumer offerings for cyber security, just as ransomware is becoming a big issue.