Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 85

Google deals a deadly blow to passwords, switches to passkey

The tech giant is following Uber and eBay’s lead in ditching passwords and could have the greatest impact in making it happen.

The death of passwords is imminent and Google has taken a giant step in ensuring it by suggesting users switch to an easier option – passkeys. Starting immediately, Google users will be able to create passkeys and use them to sign in to their accounts, avoiding passwords when possible, the company said in a recent blog post.

Since the advent of the internet passwords have been the most hated component of the entire experience. Early on, users could get away with using simpler combinations of letters and numbers but as cybersecurity risks grew, passwords started becoming longer, tougher, and harder to remember.

Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX

SQL Injection is still popular, but attackers are now leaning towards Traversal techniques!

Fastly’s Network Effect Threat Report sheds light on the latest attack traffic patterns & tactics.

Read:

Dive into the world of cyber threats with our Network Effect Threat Report. Learn about multi-customer attacks and which industries are most targeted.

Adobe Acrobat Reader Vuln Now Under Attack

Patch now if you haven’t already: Adobe Acrobat Reader exploits are in the wild. #Adobe

The Cybersecurity Infrastructure & Security Agency (CISA) this week added to its catalog of known exploited vulnerabilities an Adobe Acrobat Reader use-after-free bug.

Adobe Acrobat and Reader Document Cloud Versions 22.003.20282 and 22.003.20281 and earlier contain the flaw (CVE-2023–21608), as do Adobe Acrobat and Reader 20.005.30418 and earlier. The use-after-free vuln allows an attacker to remotely execute malicious code on a compromised account, and execute the exploit when a victim opens the rigged PDF file.

CISA recommends applying the latest updates to the affected software, which was patched in January of this year. Researchers who discovered and reported the vuln shared details of their findings in a February 2023 blog post.

New cyber algorithm shuts down malicious robotic attack

Australian researchers have designed an algorithm that can intercept a man-in-the-middle (MitM) cyberattack on an unmanned military robot and shut it down in seconds.

In an experiment using deep learning to simulate the behavior of the human brain, artificial intelligence experts from Charles Sturt University and the University of South Australia (UniSA) trained the robot’s operating system to learn the signature of a MitM eavesdropping cyberattack. This is where attackers interrupt an existing conversation or .

The algorithm, tested in real time on a replica of a United States army combat ground vehicle, was 99% successful in preventing a malicious attack. False positive rates of less than 2% validated the system, demonstrating its effectiveness.

Internet companies report biggest-ever denial of service operation

WASHINGTON, Oct 11 (Reuters) — Internet companies Google, Amazon and Cloudflare say they have weathered the internet’s largest-known denial of service attack and are sounding the alarm over a new technique they warn could easily cause widespread disruption.

Alphabet Inc-owned Google (GOOGL.O)said in a blog post published Tuesday that its cloud services had parried an avalanche of rogue traffic more than seven times the size of the previous record-breaking attack thwarted last year.

Internet protection company Cloudflare Inc (NET.N)said the attack was “three times larger than any previous attack we’ve observed.” Amazon.com Inc’s (AMZN.O) web services division also confirmed being hit by “a new type of distributed denial of service (DDoS) event.”

/* */