Microsoft’s Windows Client and Server builds are not hit with a nasty bug, causing some apps to stop responding. The software giant has recently confirmed the issue and promised to bring a fix in an upcoming software update. Microsoft also has a hack to identify if users are currently using any affected apps.
It is common to hear news reports about large data breaches, but what happens once your personal data is stolen? Our research shows that, like most legal commodities, stolen data products flow through a supply chain consisting of producers, wholesalers and consumers. But this supply chain involves the interconnection of multiple criminal organizations operating in illicit underground marketplaces.
The stolen data supply chain begins with producers—hackers who exploit vulnerable systems and steal sensitive information such as credit card numbers, bank account information and Social Security numbers. Next, the stolen data is advertised by wholesalers and distributors who sell the data. Finally, the data is purchased by consumers who use it to commit various forms of fraud, including fraudulent credit card transactions, identity theft and phishing attacks.
This trafficking of stolen data between producers, wholesalers and consumers is enabled by darknet markets, which are websites that resemble ordinary e-commerce websites but are accessible only using special browsers or authorization codes.
Google is shutting down Duplex on the Web, its AI-powered set of services that navigated sites to simplify the process of ordering food, purchasing movie tickets and more. According to a note on a Google support page, Google on the Web and any automation features enabled by it will no longer be supported as of this month.
“As we continue to improve the Duplex experience, we’re responding to the feedback we’ve heard from users and developers about how to make it even better,” a Google spokesperson told TechCrunch via email, adding that Duplex on the Web partners have been notified to help them prepare for the shutdown. “By the end of this year, we’ll turn down Duplex on the Web and fully focus on making AI advancements to the Duplex voice technology that helps people most every day.”
Google introduced Duplex on the Web, an outgrowth of its call-automating Duplex technology, during its 2019 Google I/O developer conference. To start, it was focused on a couple of narrow use cases, including opening a movie theater chain’s website to fill out all of the necessary information on a user’s behalf — pausing to prompt for choices like seats. But Duplex on the Web later expanded to passwords, helping users automatically change passwords exposed in a data breach, as well as assist with checkout for e-commerce retailers, flight check-in for airline sites and automatic discount finding.
The central government has started a drive to upgrade its IT equipment and infrastructure so that all electronic, data storage and communication devices used in government departments and agencies remain within the life span specified by the manufacturer and remain immune to cyber threats.
The move comes in the wake of a large number of cyber security incidents reported by Cert-In, a nodal agency for responding to such incidents and a recent ransomware attack at country’s top medical institute All India Institute of Medical Sciences (AIIMS), New Delhi on 23 November.
The ministry of electronics and information technology (Meity) has directed all secretaries of central ministries to actively take actions with regards to cyber security. Use of out-of-date operating systems and IT equipment must be discontinued, Meity said in a communication reviewed by Mint.
Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems.
The Secure Boot security feature blocks untrusted operating systems bootloaders on computers with a Trusted Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware to prevent malicious code like rootkits and bootkits from loading during the startup process.
Reported by ESET malware researcher Martin Smolar, the security flaw (CVE-2022–4020) was discovered in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices.
Boa, an open-source web server suitable for embedded applications that was discontinued since 2005 is now becoming a security threat because of the complex nature of how it was built into the internet of things (IoT) device supply chain. A recent report by tech major Microsoft said that hackers are exploiting vulnerabilities in the software to target organizations in the energy sector.
Microsoft researchers revealed in an analysis that a vulnerable open-source component in the Boa web server, is used widely in a range of routers and security cameras as well as popular software development kits (SDKs), a set of tools that allow developers to write or use an existing framework to develop applications for a given platform.
Despite the software being discontinued a nearly two decades ago, Microsoft reports that attackers are continuing their attempts to exploit the flaws of the Boa web servers which include a high-severity information disclosure bug (CVE-2021–33558) and another arbitrary file access flaw (CVE-2017–9833). An unauthenticated attacker could exploit these vulnerabilities to obtain user credentials and leverage them for remote code execution.
By Chuck Brooks
There are many other interesting trends to look out for in 2023. These trends will include the expansion of use of a Software Bill of Materials (SBOM), the integration of more 5G networks to bring down latency of data delivery, more Deep Fakes being used for fraud, low code for citizen coding, more computing at the edge, and the development of initial stages of the implementation of quantum technologies and algorithms.
When all is said and done, 2023 will face a boiling concoction of new and old cyber-threats. It will be an especially challenging year for all those involved trying to protect their data and for geopolitical stability.
Continue reading “A Boiling Cauldron: Cybersecurity Trends, Threats, And Predictions For 2023” »
Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.
Today, with the rampant spread of cybercrime, there is a tremendous amount of work being done to protect our computer networks — to secure our bits and bytes. At the same time, however, there is not nearly enough work being done to secure our atoms — namely, the hard physical infrastructure that runs the world economy.
Nations are now teeming with operational technology (OT) platforms that have essentially computerized their entire physical infrastructures, whether it’s buildings and bridges, trains and automobiles or the industrial equipment and assembly lines that keep economies humming. But the notion that a hospital bed can be hacked — or a plane or a bridge — is still a very new concept. We need to start taking such threats very seriously because they can cause catastrophic damage.
Researchers warn against the Windows malware ViperSoftX, which infects users’ Chromium-based web browsers with malicious extensions.
SharkBot Android banking fraud malware has resurfaced on the official Google Play Store and pretends to be a file manager app.
