North Korean-backed hackers are targeting hospitals and healthcare organizations in the U.S. with ransomware, a trio of government agencies that includes the Federal Bureau of Investigation warn in a cybersecurity alert.
Category: cybercrime/malcode – Page 175
Finding and fixing software bugs automatically with SapFix and Sapienz
Circa 2018
Debugging code is drudgery. But SapFix, a new AI hybrid tool created by Facebook engineers, can significantly reduce the amount of time engineers spend on debugging, while also speeding up the process of rolling out new software. SapFix can automatically generate fixes for specific bugs, and then propose them to engineers for approval and deployment to production.
SapFix has been used to accelerate the process of shipping robust, stable code updates to millions of devices using the Facebook Android app — the first such use of AI-powered testing and debugging tools in production at this scale. We intend to share SapFix with the engineering community, as it is the next step in the evolution of automating debugging, with the potential to boost the production and stability of new code for a wide range of companies and research organizations.
SapFix is designed to operate as an independent tool, able to run either with or without Sapienz, Facebook’s intelligent automated software testing tool, which was announced at F8 and has already been deployed to production. In its current, proof-of-concept state, SapFix is focused on fixing bugs found by Sapienz before they reach production. The process starts with Sapienz, along with Facebook’s Infer static analysis tool, helping localize the point in the code to patch. Once Sapienz and Infer pinpoint a specific portion of code associated with a crash, it can pass that information to SapFix, which automatically picks from a few strategies to generate a patch.
In the Brain, Function Follows Form
Interpreting magnetic resonance images in the context of network control theory, researchers seek to explain the brain’s dynamics in terms of its structure, information content, and energetics.
Zero-Day vulnerability in Chrome, Edge, Brave, Opera, Vivaldi browsers allow taking control of your laptop or mobile — Vulnerabilities — Information Security Newspaper | Hacking News.
Brainwashing & Mind Control
The CCP
Use my link http://www.audible.com/isaac or text “ISAAC” to 500–500 to get a free book including a copy of George Orwell’s “1984” and a 30-day free trial of Audible.
We often worry about the possibility of a civilization developing methods of brainwashing to indoctrinate its population and turning into a totalitarian dictatorship. We will examine both existing and possible future methods and technologies for mind control, such as neuro-hacking and genetic programming, as well as the possible defenses against such brainwashing or conditioning and implications it has for civilization.
Visit our Website: http://www.isaacarthur.net.
Support us on Patreon: https://www.patreon.com/IsaacArthur.
SFIA Merchandise available: https://www.signil.com/sfia.
Social Media:
Facebook Group: https://www.facebook.com/groups/1583992725237264/
Reddit: https://www.reddit.com/r/IsaacArthur/
Twitter: https://twitter.com/Isaac_A_Arthur on Twitter and RT our future content.
SFIA Discord Server: https://discord.gg/v5UKTsz.
Listen or Download the audio of this episode from Soundcloud: Episode’s Audio-only version:
Google blocked dozens of domains used by hack-for-hire groups
Google’s Threat Analysis Group (TAG) has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide.
Unlike commercial surveillance vendors whose tools are deployed in attacks by clients, hack-for-hire operators are directly involved in attacks and are usually employed by a firm offering such services. In some cases, they can also be “freelance” threat actors.
They’re hired for their hacking skills by clients who lack them or who want to conceal their identity if the attacks are detected and investigated.
Toll fraud malware disables your WiFi to force premium subscriptions
Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services.
Toll fraud is a subset of billing fraud, where the threat actor tricks victims into calling or sending an SMS to a premium number.
The difference is that toll fraud does not work over WiFi and forces the devices to connect to the mobile operator’s network.
CISA orders agencies to patch Windows LSA bug exploited in the wild
CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft’s May 2022 updates.
The flaw is an actively exploited Windows LSA (Local Security Authority) spoofing vulnerability tracked as CVE-2022–26925 and confirmed to be a new PetitPotam Windows NTLM Relay attack vector.
Unauthenticated attackers can exploit this bug to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTLM) security protocol and, likely, take over the entire Windows domain.