Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: finance

Thousands of websites are accidentally broadcasting sensitive data, study finds

Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data and financial records of millions of people. In a paper published on the arXiv preprint server, Nurullah Demir of Stanford University and colleagues analyzed 10 million websites to see how often API (application programming interfaces) credentials are exposed. These are digital keys or tokens that enable different software programs to communicate and are often used to process bank payments and access cloud storage.

The team used a huge database called the HTTP Archive, which tracks how millions of real websites work. They looked at live, running versions of sites to monitor how data is processed as pages load.

By examining the websites while they were active, the researchers identified API credentials that appear only when a user visits a site. These credentials are specific strings of text that a website uses to identify itself to services like banks or cloud providers.

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Construction, non-profits, real estate, manufacturing, financial services, healthcare, legal, and government are some of the prominent sectors targeted as part of the campaign.

“What also makes this campaign unusual is not just the device code phishing techniques involved, but the variety of techniques observed,” the company said. “Construction bid lures, landing page code generation, DocuSign impersonation, voicemail notifications, and abuse of Microsoft Forms pages are all hitting the same victim pool through the same Railway.com IP infrastructure.”

Device code phishing refers to a technique that exploits the OAuth device authorization flow to grant the attacker persistent access tokens, which can then be used to seize control of victim accounts. What’s significant about this attack method is that the tokens remain valid even after the account’s password is reset.

Scientists revive activity in frozen mouse brains for the first time

A familiar trope in science fiction is the cryopreserved time traveller, their body deep-frozen in suspended animation, then thawed and reawakened in another decade or century with all of their mental and physical capabilities intact.

Researchers attempting the cryogenic freezing and thawing of brain tissue from humans and other animals — mostly young vertebrates — have already shown that neuronal tissue can survive freezing on a cellular level and, after thawing, a functional one to some extent. But it has not been possible to fully restore the processes necessary for proper brain functioning — neuronal firing, cell metabolism and brain plasticity.

A team in Germany has now demonstrated a method for cryopreserving and thawing mouse brains that leaves some of this functionality intact. The study, published on 3 March in Proceedings of the National Academy of Sciences 3, details the authors’ use of a method called vitrification, which preserves tissue in a glass-like state, along with a thawing process that preserves living tissue.

“If brain function is an emergent property of its physical structure, how can we recover it from complete shutdown?” asks Alexander German, a neurologist at the University of Erlangen–Nuremberg in Germany and lead author of the study. The findings, he says, hint at the potential to one day protect the brain during disease or in the wake of severe injury, set up organ banks and even achieve whole-body cryopreservation of mammals.

Mrityunjay Kothari, who studies mechanical engineering at the University of New Hampshire in Durham, agrees that the study advances the state of the art in cryopreservation of brain tissue. “This kind of progress is what gradually turns science fiction into scientific possibility,” he says. However, he adds that applications such as the long-term banking of large organs or mammals remain far beyond the capabilities of the study.

Article Featured in Nature.

Continue reading “Scientists revive activity in frozen mouse brains for the first time” | >

New ‘negative light’ technology hides data transfers in plain sight

Engineers at UNSW Sydney and Monash have developed an innovative way of sending hidden information that’s hard to intercept. Using a phenomenon known as “negative luminescence,” the system works by making signals blend perfectly into the background of natural heat radiation, such as can be seen with a thermal camera.

To outside observers, it looks like no data is being sent at all. Only a receiver with the right equipment can pick up the hidden message.

Because the very act of communication is invisible, the method makes signals almost impossible to intercept or hack. That means it could one day offer a powerful new security tool for sensitive communications in fields like defense and finance.

Why Hollywood Is Facing a Very Unhappy Ending

Layoffs, consolidation, streaming losses, artificial intelligence and the rise of the creator economy are reshaping Hollywood, raising questions about whether the industry is just hitting a rough patch or in terminal decline.

#hollywood #film #tv ——– Like this video? Subscribe: https://www.youtube.com/Bloomberg?sub_confirmation=1

Get unlimited access to Bloomberg.com for just $1.99 your first month: https://www.bloomberg.com/subscriptions?in_source=YoutubeOriginals Bloomberg Originals offers bold takes for curious minds on today’s biggest topics. Hosted by experts covering stories you haven’t seen and viewpoints you haven’t heard, you’ll discover cinematic, data-led shows that investigate the intersection of business and culture. Exploring every angle of climate change, technology, finance, sports and beyond, Bloomberg Originals is business as you’ve never seen it.

Subscribe for business news, but not as you’ve known it: exclusive interviews, fascinating profiles, data-driven analysis, and the latest in tech innovation from around the world.

Visit our partner channel Bloomberg News for global news and insight in an instant.

New BeatBanker Android malware poses as Starlink app to hijack devices

A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store.

The malware combines banking trojan functions with Monero mining, and can steal credentials, as well as tamper with cryptocurrency transactions.

Kaspersky researchers discovered BeatBanker in campaigns targeting users in Brazil. They also found that the most recent version of the malware deploys the commodity Android remote access trojan called BTMOB RAT, instead of the banking module.

Microsoft Teams phishing targets employees with A0Backdoor malware

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor.

The attacker relies on social engineering to gain the employee’s trust by first flooding their inbox with spam and then contacting them over Teams, pretending to be the company’s IT staff, offering assistance with the unwanted messages.

To obtain access to the target machine, the threat actor instructs the user to start a Quick Assist remote session, which is used to deploy a malicious toolset that includes digitally signed MSI installers hosted in a personal Microsoft cloud storage account.

Ancient Greece’s most famous oracle was just high on gas fumes

For centuries, people traveled to Delphi in southern Greece hoping for a glimpse of their future. There, at the temple of the god Apollo, a priestess was said to enter a trance and issue prophecies in the voice of Apollo himself. Everyday people, kings, even Alexander the Great traveled for miles to hear the priestess’s input on important decisions, from personal finance to matters of state.

Known as the Pythia or the Oracle of Delphi, the priestess wasn’t believed to be a psychic. Ancient writers like Plutarch, who served as a priest at Delphi in the first and second centuries, described her as a vessel for a power that came from the Earth.

According to Plutarch’s account, the temple of Delphi was constructed around a natural spring, where the water and fissures in the rock produced a sweet-smelling gas called pneuma. On designated days a few times per year, the chosen priestess sat amidst the pneuma on a tripod stool and inhaled enough to enter her trance. This was an exhausting ordeal for the woman. She might cry out, become hysterical, or collapse.

/* */