"Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS"

"Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS"

Mustang Panda, a China-linked threat actor, has targeted Asian countries with a variant of the PlugX backdoor called DOPLUGS. DOPLUGS has primarily targeted people in Taiwan and Vietnam. Other targets have been in Hong Kong, India, Japan, Malaysia, Mongolia, and China. Mustang Panda, also known as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and TEMP.Hex, relies heavily on PlugX. This article continues to discuss the PlugX variant used by Mustang Panda.

Submitted by Gregory Rigby on

"Biden Executive Order to Bolster US Maritime Cybersecurity"

"Biden Executive Order to Bolster US Maritime Cybersecurity"

President Joe Biden will be issuing an Executive Order (EO) to strengthen US maritime cybersecurity amid increased reliance on digital technology in the shipping sector.  The Order is part of the White House’s ambition to bolster the nation’s supply chains and critical infrastructure, as set out in the Administration’s National Cybersecurity Strategy published in March 2023.  The new EO will give new powers to the Department of Homeland Security to directly address maritime cyber threats.

Submitted by Adam Ekwall on

"Your Fingerprints Can Be Recreated From the Sounds Made When You Swipe on a Touchscreen — Chinese and US Researchers Show New Side Channel Can Reproduce Fingerprints to Enable Attacks"

"Your Fingerprints Can Be Recreated From the Sounds Made When You Swipe on a Touchscreen — Chinese and US Researchers Show New Side Channel Can Reproduce Fingerprints to Enable Attacks"

A team of researchers from China and the US have discovered a new potential attack on biometric security. Their paper titled "PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound" describes a side-channel attack on the Automatic Fingerprint Identification System (AFIS). The attack exploits the sound characteristics of a user's finger swiping on a touchscreen to pull fingerprint pattern details.

Submitted by Gregory Rigby on

"'Virtually Unhackable' Chip Could Make GPU More Power Efficient and Much Faster at AI - By Combining Light and Silicon for a Fundamental Mathematical Operation"

"'Virtually Unhackable' Chip Could Make GPU More Power Efficient and Much Faster at AI - By Combining Light and Silicon for a Fundamental Mathematical Operation"

Penn Engineers' groundbreaking new chip provides faster performance, lower energy consumption, and enhanced privacy. Since many computations can take place at the same time, sensitive information does not need to be stored in a computer's working memory, making a computer with such technology nearly unhackable. The new chip performs Artificial Intelligence (AI) computations using light waves rather than electricity, potentially resulting in significant increases in processing speed and energy efficiency. This article continues to discuss the new chip said to be virtually unhackable.

Submitted by Gregory Rigby on

"Apple Adds Post-Quantum Encryption to iMessage"

"Apple Adds Post-Quantum Encryption to iMessage"

Apple recently unveiled PQ3, a new post-quantum cryptographic protocol for iMessage that is designed to protect encrypted communications even against future quantum computing attacks.  End-to-end encryption is present by default in many popular messaging applications, but the actual level of protection depends on the cryptographic protocols they use and how they are implemented.

Submitted by Adam Ekwall on

"VoltSchemer Attacks Use Wireless Chargers to Inject Voice Commands, Fry Phones"

"VoltSchemer Attacks Use Wireless Chargers to Inject Voice Commands, Fry Phones"

Researchers from the University of Florida and CertiK have demonstrated a new set of attacks dubbed VoltSchemer that can inject voice commands to manipulate a smartphone's voice assistant via the magnetic field emitted by an off-the-shelf wireless charger. VoltSchemer can also be used to physically damage a mobile device or to heat items near the charger to a high temperature. The attack manipulates the charger's behavior using electromagnetic interference. The team tested nine of the world's best-selling wireless chargers, exposing security flaws in these products.

Submitted by Gregory Rigby on

"Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities"

"Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities"

Google and Mozilla recently released Chrome and Firefox software updates to resolve multiple vulnerabilities in both browsers, including high-severity memory safety bugs. On Tuesday, Chrome 122 was released in the stable channel with patches for 12 security defects, including eight that were reported by external researchers. Two of these are high-severity flaws, the most severe of them, based on the paid bug bounty reward, being an out-of-bounds memory access bug in Blink.

Submitted by Adam Ekwall on

"Hybrid Security in the Cloud - Improving Cloud Security Model for Web Applications Using Hybrid Encryption Techniques"

"Hybrid Security in the Cloud - Improving Cloud Security Model for Web Applications Using Hybrid Encryption Techniques"

A team of researchers in India developed a hybrid approach to improving the security of online applications, particularly within cloud computing. They have showed that merging two techniques, homomorphic encryption and the Squirrel Search Algorithm (SSA), significantly enhances the security of cloud computing models. Encryption is essential in protecting data from unauthorized access or breaches. The team assessed the effectiveness of their approach by measuring upload and download times, as well as encryption and decryption times.

Submitted by Gregory Rigby on

"'KeyTrap' DNS Bug Threatens Widespread Internet Outages"

"'KeyTrap' DNS Bug Threatens Widespread Internet Outages"

Researchers recently discovered a fundamental design flaw in a Domain Name System (DNS) security extension that could lead to widespread Internet outages. The security vulnerability, called KeyTrap and tracked as CVE-2023-50387, was discovered by a team from the Germany-based ATHENE National Research Center for Applied Cybersecurity. According to the team, a single packet sent to a DNS server implementation using the DNSSEC extension to validate traffic could cause the server to enter a resolution loop, consuming all of its own computing power and stalling.

Submitted by Gregory Rigby on

"36% of Code Generated by GitHub CoPilot Contains Security Flaws"

"36% of Code Generated by GitHub CoPilot Contains Security Flaws"

According to Veracode, 42 percent of applications and 71 percent of organizations have security debt, which is defined as flaws that have gone unfixed for more than a year. Forty-six percent of organizations have critical security flaws that risk confidentiality, integrity, and availability. Veracode found that 63 percent of applications have flaws in first-party code, and 70 percent have flaws in third-party code imported through third-party libraries. These findings emphasize the importance of testing both types throughout the Software Development Life Cycle (SDLC).

Submitted by Gregory Rigby on
Subscribe to