Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Covid. Show all posts
Vulnerability and Exploits.
Covid IT Breach malicious Software USB User Privacy Vulnerability and Exploits.

Hackers can Overcome Air-Gapped Systems to Steal Data


What are air gaped systems?

An air gap is a safety feature that isolates a computer or network and prevents it from connecting to the outside world. A computer that is physically isolated and air-gapped is unable to communicate wirelessly or physically with some other computers or network components. 

Data must first be copied on a removable media device, like a USB drive, and then physically transported to the air-gapped system from the computer or network. Only a select group of trusted users should be able to access the air-gapped system in situations where security is of the utmost importance.

New Technique 

Researchers at Ben-Gurion University of the Negev's Department of Software and Information Systems Engineering have developed a novel method for breaching air-gapped systems that takes advantage of the computer's low-frequency electromagnetic radiation.

According to Mordechai Guri, director of research and development at the Cyber Security Research Center at Ben Gurion University, "the attack is very evasive because it executes from a regular user-level process, does not require root capabilities, and is successful even within a Virtual Machine."

The COVID-bit technique makes use of on-device malware to produce electromagnetic radiation in the 0–60 kHz frequency region, which is then transmitted and detected by a covert receiving device in close vicinity.

After SATAn, GAIROSCOPE, and ETHERLED, which are intended to hop across air-gaps and extract private data, COVID-bit is the most recent method developed by Dr. Guri this year.

By utilizing electromagnetic emissions from a component known as a switched-mode power supply (SMPS) and encoding the binary data using a technique known as frequency-shift keying (FSK), the virus uses the COVID-bit, one of these covert channels, to communicate information.

The research article advises employing antivirus software that can recognize strange CPU patterns in addition to limiting the frequencies that some CPUs can use in order to protect air-gapped computers from this kind of attack.

Read more »
Technology
Covid Digital Tools Technology

Identity Verification Platform Troolio Closes a $394 Million Deal

Id verification online platform Trulioo lands a $394 Million series  D round of funding at a $1.75 Billion valuation after the Covid-19 pandemic compelled business across multiple platforms to adapt to digital transformations. Due to most of the work done online in the past year, the need for digital signatures also increased. Organizations had to change to platforms that could let them verify user identities. The task has become particularly important in the financial services sector which is highly regulated. 

Venture Beat says "Trulioo had previously raised around $81 million, and with its latest $394 million cash injection, which was led by growth equity firm TCV, the company is well-financed to capitalize on the burgeoning identity verification needs of businesses across industries." Vancouver, a Canada-based company was established in 2011. The company offers verification tools that the organizations use to verify their customer identity of online users, it may include general id verification data that sees user's data against third-party sources, like government databases, mobile carriers, or credit bureau. 

Troolio says it helps organizations authenticate and verify online customers to allow easy and safe online onboarding that is according to compliance requirements. Besides this, the company offers 'document verification' that lets organizations cross-check used document information with myriad databases and data operators across the globe. For instance, if a bank wants to admit a new customer by remotely checking their identification, it can do it with the help of Trulioo.  In the present scenario, the biggest issue that companies have to face is that different countries have a unique set of rules and laws, and the documents also change from country to country. 

To counter this, Trulioo's API feature helps gives companies a global Id verification system via a direct artery.  "Online fraud is growing at alarming rates, and the regulatory environment is changing constantly. Anyone who has a stake in onboarding users and transacting online needs to be both incredibly strategic and judicious about how they approach identity verification, as bad actors continue to grow more and more sophisticated," says Zac Cohen, Chief Operating Officer, Trulioo.    

Read more »
Subscribe to: Posts (Atom)