Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 144

“Now witness the firepower of this fully armed and operational Battle Station.” – Emperor Palpatine, Return of the Jedi

This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.

Through four steps over four days, Microsoft flexed the muscle of its legal team and its control of the Windows operating system to nearly obliterate the actions of some of the most sophisticated offensive hackers out there. In this case, the adversary is believed to be APT29, aka Cozy Bear, the group many believe to be associated with Russian intelligence, and best known for carrying out the 2016 hack against the Democratic National Committee (DNC).

Read more | >

The widespread and monthslong hack of the U.S. government and some of America’s biggest corporations was enabled by an unlikely source: a little-known Austin, Texas, software company called SolarWinds Corp. that until this week was a household name only to computer network administrators.

Security investigators say the company that boasts more than 400 of the Fortune 500 corporations and many government agencies as clients provided the perfect delivery mechanism for a carefully executed intrusion attributed to Russia’s foreign-intelligence service.

SolarWinds provides the tools many companies use to manage their computer networks. That’s what made the hack of U.S. government agencies and some of America’s biggest corporations so pernicious.

Read more | >

The US government has confirmed that a massive hack had occurred in at least two federal departments, including the US Treasury and the Department of Commerce.

Hackers were able to monitor internal emails at US federal departments, including the Treasury, for months. There is concern officials have only scratched the surface of understanding the hack’s effects.

Read more | >

Best bug tracking software tools and systems: track defects efficiently with these top tools.

We are testers – in other words, bug finders. Defect/Bug/Issue/Fault/Failure/Incident – whatever we choose to call – our primary job description revolves around finding, recording, reporting, managing and tracking these. There is no harm in using an excel sheet to record/track and emails to report/alert/communicate.

Read more | >

Circa 2015

At the Association for Computing Machinery’s Programming Language Design and Implementation conference this month, MIT researchers presented a new system that repairs dangerous software bugs by automatically importing functionality from other, more secure applications.

Remarkably, the system, dubbed CodePhage, doesn’t require access to the source code of the applications whose functionality it’s borrowing. Instead, it analyzes the applications’ execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it’s repairing was written.

Once it’s imported code into a vulnerable application, CodePhage can provide a further layer of analysis that guarantees that the bug has been repaired.

Continue reading “Automatic bug repair” | >