Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Technology News. Show all posts
Technology News
Bitcoin Financial Credentials Privacy Technology News

Navigating the Paradox: Bitcoin's Self-Custody and the Privacy Challenge

 

Self-custody in Bitcoin refers to individuals holding and controlling their private keys, which in turn control their bitcoin. This concept is akin to securing physical gold in a personal safe rather than relying on a bank or third-party custodian. Unlike physical assets such as gold, verifying the legitimacy of bitcoin transactions in the digital realm is more straightforward and does not involve the complex process of melting down to authenticate.

While certain regulations require individuals and entities, particularly in financial services, to report their holdings and transactions to regulatory bodies, this obligation aims to prevent illicit activities and ensure tax compliance. While reasonable for businesses in regulated markets, extending these requirements to personal finances, especially for private individuals, seems contradictory in a society that values personal freedom and privacy.

Bitcoin's architecture presents a paradox: it is transparent, allowing verification of the 21 million cap and transaction history, yet remarkably private as the true control lies with the holder of private keys. This duality ensures currency integrity but poses challenges to personal financial privacy under regulatory scrutiny.

To address this, innovative solutions like multi-signature wallets are emerging. Companies like Swan and On-ramp are developing tools focused on multi-signature wallets for individuals and institutions. This approach, such as a ⅔ multi-signature solution, allows a compliant third party to hold a key without compromising individual control, providing a subtle yet effective means of regulatory verification.

Multisig solutions also enhance security against theft while maintaining user control over assets, striking a delicate balance between autonomy and regulatory compliance. As the Bitcoin ecosystem evolves, these solutions become crucial for preserving personal financial freedom while aligning with existing regulatory frameworks.

The regulatory landscape must adapt to Bitcoin's distinct characteristics, leading to the development of refined self-custody approaches that support privacy, autonomy, and regulatory compliance. Advocacy for standardized reporting mechanisms for self-custodied assets can align with regulatory requirements without compromising Bitcoin's foundational tenets.

Balancing innovation and regulation presents challenges, requiring collaborative discourse among all stakeholders. Bitcoin's principles of autonomy and privacy may clash with regulatory transparency efforts, but finding a balance is essential for the cryptocurrency's revolutionary role in finance. Bitcoiners play a crucial role in advocating for their privacy and sovereignty rights, emphasizing that saving within the Bitcoin network is a legitimate exercise of economic liberty and not a criminal act or subject to public disclosure.
Read more »
Technology News
Apple Apple Charging Cables. Apple Devices Cyber Safety Innovation iOS Technology Technology News

A Closer Look At The Future of MagSafe in Apple's Ecosystem

Apple is actively exploring ways to enhance MagSafe, aiming to enable wireless data transfer and seamless recognition and authentication of connected accessories. Currently, placing a MagSafe-compatible iPhone on a MagSafe charger allows for charging, even with an added MagSafe iPhone case. However, Apple acknowledges existing limitations, citing issues such as accessory devices unintentionally creating heat traps and increased heat generation with advancements in processor technology. A newly granted patent application, titled "Accessory Devices That Communicate With Electronic Devices," addresses these challenges and proposes intelligent solutions to refine MagSafe functionality. 

Apple's exploration of MagSafe goes beyond conventional boundaries. It includes more than just data transmission and user authentication. One of the anticipated innovations is the integration of augmented reality (AR) features. In theory, this development translates MagSafe as a platform where connected accessories seamlessly merge with a digital environment, promising users an immersive and interactive experience beyond the device's physical realm. Additionally, there are discussions surrounding MagSafe evolving into a dynamic power-sharing system, enabling wireless charging and effortless power distribution to compatible accessories. This multifaceted approach positions MagSafe as a transformative technology, poised to redefine user interactions and boost the overall functionality of Apple devices.  

In light of this, Apple recognizes that certain electronic devices employ thermal management mechanisms, slowing down processors or even shutting down when reaching specific temperatures. This dilemma forces users to choose between safeguarding their device with an accessory or allowing optimal processing capabilities.  

To address this, Apple proposes placing a magnetic sensor in devices like the iPhone. This sensor detects MagSafe accessories, allowing the device to distinguish between a charger and a case. Based on the type detected, it adjusts the charging process, considering temperature and setting different levels for cases and chargers. 

Apple is thinking of a two-step system. First, a basic identification without specific accessory data, assuming it's a case or charger. Second, a more advanced step where MagSafe accessories send data, authenticating and exchanging information with the device based on the magnetic field.  

To this end, Apple foresees a sophisticated level of recognition within the MagSafe ecosystem. At this advanced stage, MagSafe accessories are envisioned not only as functional components but also as data transmitters through the system. The transformative concept holds the potential for MagSafe accessories to communicate their specific tolerances directly to iOS. The focus of the patent is on data transmission, hinting at exciting possibilities. The significance lies in the prospect of these accessories evolving beyond their traditional roles to become intricate keys, unlocking enhanced functionality and integration with Apple devices. 

This innovation opens doors to a domain where MagSafe accessories go above and beyond, offering a nuanced and personalised interaction with iOS. As these accessories potentially evolve into multifaceted tools, users may experience a seamless integration of technology, where MagSafe becomes more than just a connector but a dynamic interface enriching the overall user experience. With the potential to transmit data via MagSafe, there's a prospect of authentication based on magnetic field vectors, turning MagSafe into an identification tool. For instance, picture an iPhone recognising a nearby MagSafe accessory and utilising its data. 

This innovation may not be exclusive to the iPhone, as there are rumours about the iPad adopting MagSafe. This alludes to a broader synthesis of these advanced features across various Apple devices, ensuring a unified end-user involvement. 

MagSafe's evolution promises more than just seamless connections; it foresees a dynamic relationship between devices and accessories. Envision a world where MagSafe transcends being a mere connector, providing enhanced experiences tailored to each user. Apple's commitment to innovation is paving the way for a new era in technology, where MagSafe is at the forefront of redefining how we interact with our devices. Exciting times lie ahead in the world of Apple technology and connectivity. 


Read more »
Technology News
Android Connectivity Mobile Phones Phone Report Satellite Smartphone Technology Technology News

Report States Many Phones To Soon Get Satellite Connectivity

 

A new partnership between satellite phone company Iridium and chip giant Qualcomm will bring satellite connectivity to premium Android smartphones later this year. It implies that handsets can communicate with passing satellites to send and receive messages even in areas with no mobile coverage.

Qualcomm chips are found in many Android-powered smartphones. Apple announced a satellite feature for the iPhone 14 in September 2022. The service is currently only available for sending and receiving basic text messages in an emergency.

Bullitt, a British smartphone maker, was the first to launch its own satellite service, beating Apple to the punch. It is also intended for emergency use and will initially be available in select areas.

Iridium was the first satellite phone system, launching its first satellite into orbit in 1997. In 2019, it completed a refresh of its 75-spacecraft network.

The satellites cover the entire globe and fly in low orbit, approximately 485 miles (780 kilometres) above the Earth, and groups of them can communicate with one another, passing data between them.

Qualcomm stated that the new feature, dubbed Snapdragon Satellite, will initially be included only in its premium chips and is unlikely to appear in low-cost devices.

However, it will ultimately be rolled out to tablets, laptops, and even vehicles, and will also become a service that is not limited to emergency communication - though there will most probably be a fee for this.

Satellite connectivity is widely regarded as the next frontier for mobile phones because it addresses the issue of "not-spots," or areas with no existing coverage. These are more common in rural or remote areas.

It has already been used to provide broadband coverage by services like Elon Musk's Starlink. Satellite broadband is faster and more reliable than cable or fiber connections but is more expensive.

But since countries such as India and China prohibit the use of satellite phones, the use of the feature will be subject to local government regulations.
Read more »
TikTok
Artifical Inteliigence Artificial Intelligence Google Technology News TikTok

Google Acquires Alter, an AI Avatar Startup Two Months Ago


Tech giant Google has reportedly acquired Alter for around $100m in an effort to boost the content game. Alter is an artificial intelligence (AI) avatar startup that aids brands and creators in expressing their virtual identities. The acquisition also overlaps with Google’s plan of competing more aggressively with the short video platform, TikTok.  
 
Avatar, formerly known as ‘Facemoji’, essentially works with AI to create avatars for its social media users. The company started by assisting developers to create avatars for games and apps, later it rebranded as ‘Alter’ in 2020 and started helping businesses and creators generate avatars so as to build an online identity. Proficient in 3D avatar system designs, Alter empowers creators and businesses to create and monetize new experiences. 
 
The acquisition which was concluded approximately two months ago was made public only now as neither of the companies made an announcement until now. Notably, one of Google's spokespersons confirmed the accession but refused to provide details pertaining to the financial terms of the agreement.
 
With the acquisition, Google is aiming to integrate Alter’s tools to bolster its own arsenal of content, meanwhile providing Alter with new enhanced capabilities. Headquartered in the US and Czech, Alter is an open-source, cross-platform rendering engine that was jointly founded by Jon Slimak and Robin Raszka in 2017, who did not respond to a request for comment put forth by TechCrunch. 
 
The company’s advent marks a progression for web3 interoperability and the open metaverse as it adeptly works with code to modify and develop face recognition technology. 
 
According to the report, a part of Alter’s workforce has updated their new role, announcing that they have joined Google, however, an official public announcement is still pending. 
 
“Alter is an open source, cross-platform [software development kit (SDK)] consisting of a real-time 3D avatar system and motion capture built from scratch for web3 interoperability and the open metaverse. With Alter, developers can easily pipe avatars into their app, game or website,” as per the company’s LinkedIn page. 

Furthermore, in regard Google has also enhanced the emoji experience for its rather wide base of users, now offering personalised experience to them with the newly rolled out custom emojis for the web versions of Chat.
Read more »
Technology News
Cyber Security GitLab Software Supply Chain supply chain security Technology News

GitLab: Security and Governance Solutions Enhanced to Secure Software Supply Chain

 

GitLab has confirmed new security and compliance features and a number of enhancements in its platform to aid organizations to secure their software supply chain. 

A Global DevSecOps Survey by GitLab in 2022 found that security was amongst the highest priority investment areas for an organization, with 57% of security experts’ surveys indicating that their organizations have already shifted security left or plan to this year. 

GitLab has increased its focus on governance to help teams identify risks by offering visibility into their projects' dependencies, security findings, and user activities with increasing regulatory and compliance needs for the organization. 

The new enhancements on the other hand provide developers with tools that could scan any vulnerability and deploy controls in order to secure applications. Additionally, the developers have access to secure coding guidance involved in the GitLab platform. 

The new capabilities include security policy management, compliance management, events auditing, and vulnerability management. A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production, says Gitlab. 

These capabilities, along with a broad range of security testing capabilities such as static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, license compliance, and container scanning, aids the organization to acquire security and compliance of their software supply chain constantly, without giving in on speed and agility. 

In regards to the recent enhancement in the security and compliance features, VP of Product at GitLab David DeSanto says, “To stay competitive and propel digital transformation, organizations need to be great at developing, operating, and securing software. Security needs to be embedded in all stages of the software development lifecycle, not treated as an afterthought.” 

“Our enhanced security and governance capabilities make GitLab a comprehensive DevSecOps solution to help secure an organization’s software supply chain”, he continued.
Read more »
Technology News
Artifical Inteliigence Artificial Intelligence Cybersecurity Technology Technology News

OpenAI : Students are Using AI Tools to Write Paper for Them

 

University students are acing in their examinations through the dedicated hours given to their advanced language generators and AI language tool such as OpenAI playground. 
 
According to Motherboard, these tools help students write their papers effortlessly, as, in these AI-produced responses, it is hard to detect if it is ‘not’ written by the student himself. Since these responses cannot even be detected by plagiarism software, schools and universities may find it challenging to counteract this next-generation subversion. 
 
In an interview with Motherboard, a student who goes by the Reddit username innovative_rye says "It would be simple assignments that included extended responses." 
 
"For biology, we would learn about biotech and write five good and bad things about biotech. I would send a prompt to the AI like, 'what are five good and bad things about biotech?' and it would generate an answer that would get me an A," he added. 
 
In addition to this, innovative_rye also describes how using AI tools helps him in focusing on what he thinks is important. "I still do my homework on things I need to learn to pass, I just use AI to handle the things I don't want to do or find meaningless," While it is still a debated topic whether AI-generated writing should ever be considered an original work or not, since it is undetected in plagiarism software, they see these AI-made prompts as original works.  
 
If only the plagiarism software were capable of generating these AI-generated writings, it would not have been a problem. However, it is still a question of if and when software will be able to catch up with AI.  
 
"[The text] is not copied from somewhere else, it's produced by a machine, so plagiarism checking software is not going to be able to detect it and it's not able to pick it up because the text wasn't copied from anywhere else," says George Veletsianos, Canada Research Chair in Innovative Learning & Technology and associate professor at Royal Roads University. 
 
"Without knowing how all these other plagiarism checking tools quite work and how they might be developed in the future,[...] I don't think that AI text can be detectable in that way." He continued. 
 
While it is truly an issue of concern for the teachers as these students are definitely cheating in their papers, the AI tools also raise questions of whether the learning is moving forward for the generation.
Read more »
Tesla
Cyber Security cybercriminals Cybersecurity Elon Musk Hacked Technology News Tesla

19-Year-Old Claims to Have Hacked Into More Than 25 Teslas

 

A 19-year-old hacker claims to have remotely opened the doors and windows of over 25 Tesla vehicles in 13 countries, as well as turned= on their radios, flash their headlights, and even start their engines and begin "keyless driving." David Colombo, who claims to be an IT specialist based in Germany, also claims to have been able to disable the vehicles' anti-theft systems and determine whether or not a driver is present. 

In a Monday tweet, Colombo claimed to have "complete remote control" of the Teslas, but later explained that he was never able to take over automobiles to "remotely manage steering or acceleration and braking." 

"Yes, I potentially could unlock the doors and start driving the affected Tesla’s," he tweeted. "No I cannot intervene with someone driving (other than starting music at max volume or flashing lights) and I also cannot drive these Tesla’s remotely." Colombo tweeted on Tuesday that his breach was "not a vulnerability in Tesla's system," but rather "it’s the owners faults."

Colombo stated on Twitter that he was able to disable Sentry Mode, an anti-theft feature in which a built-in camera functions as a de facto alarm system. When an alert is triggered, cameras begin filming in the area around the vehicle. The video is then streamed to the vehicle's owner via a mobile app. 

This is not the first time that a Tesla vehicle has been hacked. The Tesla Model X's Autopilot was hacked many times in 2020. In one case, Israeli researchers from Ben Gurion University deceived the car by flashing "phantom" images on a road, wall, or sign, leading it to brake suddenly or steer in the wrong way. A few months later, Wired reported that Lennert Wouters, a researcher at KU Leuven, "stole" a Tesla Model X in 90 seconds. 

Tesla CEO Elon Musk said last fall that he will cooperate with regulators to ensure that electric car drivers' personal data is safe from hackers. With the rapid rise of autonomous driving technology, data security in automobiles is causing more public worry than ever before, he said through remote hook-up at an electric vehicle conference in China. 

By 2025, an estimated 470 million automobiles will be linked to a computerized database, making them prime targets for cybercriminals. According to Tech Monitor, the automobile cybersecurity industry is predicted to be worth $4 billion by that same year.
Read more »
Technology News
Cryptocurrencies Russia Technology Technology News

The Russian billionaire urged the Central Bank to develop cryptocurrencies in Russia

Russian billionaire Oleg Deripaska (Forbes estimates his fortune at $5.1 billion since 2018 Deripaska has been under US sanctions) criticized the Central Bank for allegedly “infantilely closing his eyes to the growing cryptocurrency market.” As an argument, the billionaire cited the actions of the US Treasury, which, according to him, invests in the crypto industry.

“The United States has long understood that uncontrolled digital payments can not only negate the effectiveness of the entire mechanism of economic sanctions but also bring down the dollar,” Deripaska said.

The billionaire referred to the sanctions review issued by the US Treasury. In the document, the regulator claims that the growing possibilities of financial technologies, including those based on cryptocurrency and alternative payment systems, pose a serious threat to the dollar.

According to Deripaska, this means that the development of the cryptocurrency market, uncontrolled by the state, can put the US Treasury in front of the prospect of default on a debt of $30 trillion, which will require $700 billion to service.

“I wonder if anyone has read this document at the Bank of Russia? Or do they work on the principle of “what we don't see doesn't exist?” he says ironically.

Earlier, Deripaska repeatedly criticized the Bank of Russia's policy on digital assets. For example, the billionaire claimed that the regulator should have issued a digital ruble two years ago because it is “more important than Gagarin's flight into space in 61st.”

It is worth noting that the value of bitcoin has updated the historical maximum, reaching $67 thousand. Experts expect cryptocurrency growth to continue.

Read more »
Technology News
Crypto Currency Technology Technology News

Russian oil companies offer to use their fields for mining cryptocurrencies

Russian oil companies have offered to use Russian equipment at their fields for mining cryptocurrencies. They proposed using associated petroleum gas (APG) for these purposes, with the help of which electricity will be generated to supply data centers needed for mining. The project has been sent for consideration to the Ministry of Industry and Trade, the Ministry of Digital Development, Communications and Mass Media and the Central Bank of the Russian Federation.

It is reported that one of the major Russian oil companies would like to scale its cryptocurrency mining project, but this segment is in a legally gray zone, and the company is afraid of a negative reaction from the Central Bank, so it turned to the Ministry of Industry and Trade, which can discuss the risks with the regulator.

The Ministry of Industry and Trade reported that the project is being discussed with regulators. In accordance with the law “On Digital Financial Assets”, the procedure for the circulation of digital currency should be regulated by separate laws. According to the Central Bank, approaches to regulation are currently being discussed.

Experts consider the proposal controversial. On the one hand, there is the gas that is unprofitable for transportation, from which electricity can be obtained. On the other hand, this business is non-core and costly for oil companies, since they will have to pay for the maintenance of data centers.

Although there is no legal ban on mining in Russia, cryptocurrency cannot be exchanged or used as a means of payment. Therefore, according to experts, it is possible that oil companies will provide excess capacity for investors from China, where mining is prohibited.

It is worth noting that officially only Gazprom Neft has a mining project: in 2020, the company launched it at its field in Khanty-Mansiysk JSC. For a month, the company's partners managed to get 1.8 BTC. Gazprom Neft declined to comment.

Read more »
Technology News
Russia Technology Technology News

Customers of Russian banks will be recognized by the veins with the help of a new technology

Russian banks are going to introduce customer identification by the pattern of veins on their hands. It is assumed that this method of authentication will help to prevent unauthorized access to the savings of citizens. Meanwhile, experts were skeptical about the initiative. In their opinion, the system has significant disadvantages which can be used by criminals.

It is worth noting that Russian banks already have biometrics that allow them to identify customers by voice and face. "The palm vein pattern will remove barriers to biometric identification for people with hearing and speech problems due to various reasons," the Central Bank explained.

Nikita Durov, Technical director of Check Point Software Technologies in Russia and the CIS, said that with the introduction of the new identification system there are new risks of data substitution by intruders.

"Recently, we have witnessed how attackers used neural networks to replace people's faces in photos and videos. The same thing can happen with the substitution of the vein pattern," added he.

According to Durov, banks should be prepared for potential attacks.

"Scans should be done with the latest modern scanners to avoid mistakes and distortions," Durov added. He stressed that sometimes companies save money and buy cheaper storage and data protection systems that are not able to provide the necessary level of security.

Martin Hron, a leading cyber threat researcher at Avast, said that hackers always try to be one step ahead and look for ways to bypass even the strongest security systems, including biometrics.

The expert clarified that the creation of a fictitious pattern of veins is a matter of time.

Alexey Kuzmin, an expert of the Jet Infosystems company, agreed with the opinion that it is possible to deceive the identification system by scanning blood vessels, but it is much more difficult than systems with voice, face or finger detection.

Read more »
Technology News
Russia Technology Technology News

Russia has developed a virtual reality helmet for recruitment

Researchers from Samara State University have developed a technology to assess the psychological qualities of a job seeker using a virtual reality helmet. Such an idea will help employers assess the personality of the person when recruiting staff.

It is noted that the tested person gets into a specially created virtual environment, which he perceives as real. At this time, the computer evaluates his physical and emotional state without human assistance.

The cost of such a system, which includes a computer and a VR helmet, will be about 120 thousand rubles ($1,600). The program "Psychodiagnostics in VR" and joysticks that read the micro-movements of fingers are also included. The level of anxiety, the reaction to stress, emotional excitability, as well as the cognitive activity of a person are assessed.

Experts reacted to the initiative ambiguously. Sports psychologist Olga Tiunova noted that for many years there have been attempts to create a psychological portrait of an ideal champion, but so far they have not been crowned with success. Special forces instructor Alexander Lastovina added that "Psychodiagnostics in VR" can be used to test soldiers, but the technology should be verified for effectiveness.

Also, specialists noted that a person is something more than a set of psychological characteristics.

It is interesting to note that earlier Irish scientists recognized that computer games are useful in the fight against a number of mental illnesses: they have a beneficial effect on people with anxiety disorders and depression and may even be more useful than traditional methods of treatment. The researchers concluded that games can be used as an alternative to medical care.

Read more »
Technology News
Technology Technology News

Security Expert explained the threat of blocking Samsung Pay in Russia

The work in Russia of the payment system Samsung Pay, which has a market share of 17%, may be banned because of the patent dispute. The court supported the claims of the copyright holder of a patent for an electronic payment system, who accuses the Korean concern of illegal use of technology. The court decided that Samsung Pay really uses the Squin SA technology.

Thus, the court in fact prohibited the use of the service in Russia. In addition, the importation of devices that support Samsung Pay falls under the ban.

"While the patent is valid, Apple Pay and Google Pay services are also under threat of being banned in the event of a legal dispute," adds Alexandra Kurdyumova, senior partner at law firm Versus.legal.

The South Korean company and its representative office in Russia may appeal the court's decision within a month. Maxim Labzin, senior partner of the law firm Intellect, noted that the company has three ways out of this situation: to challenge the court's verdict in a higher instance, to prove that the patent was not new, and to negotiate with the plaintiff.

If they fail to appeal, the company itself will have to block its payment system on the territory of Russia. Or Roskomnadzor will do it.

Sergey Vakulin, a hacker and expert on information and computer security, noted that if Roskomnadzor starts blocking, then all Samsung resources will be banned because the blocking is carried out by DPI and IP addresses blocking.

Experts are sure that contactless payments are popular among Russians, so the restriction is unlikely to be long-term. Most likely, a compromise will be found, in which Samsung users will be able to use contactless payment with a smartphone.

Read more »
Technology News
Technology Technology News

The work of the Runet was tested in the exercise of disconnection from the global network

 In June—July, regular exercises on the stability of the Runet were held. This time the possibility of working in conditions of physical disconnection of the Russian internet from the global network was tested

Seven main operators of Russia took part in the exercises. The purpose of the exercises was to determine the possibility of the Runet working in the event of external distortions, blockages and other threats. According to preliminary data, the exercises were a success.

Roskomnadzor noted that in accordance with the legislation, such exercises, which are aimed at improving the integrity, stability and security of the Russian Internet infrastructure, are held annually.

In February, the head of the information and analytical agency TelecomDaily, Denis Kuskov, suggested that if Russia is disconnected from the global network, it will be possible to use Runet and domestic resources. At the same time, in the context of sanctions pressure on Russia, disconnection from the global network can be perceived as additional restrictions.

In turn, the deputy head of the Russian Security Council, Dmitry Medvedev, said that disconnecting Russia from the global network is possible, but the authorities have a plan of action for this case. He added that everything is ready for the autonomous operation of the Runet both technologically and at the legislative level.

Recall, on May 1, 2019, Putin signed a law on the isolation of the Runet. The new law determines that Roskomnadzor assumes all the authority for managing networks in case of threats to the Russian Internet. In addition, Roskomnadzor has the right to directly block websites with prohibited information.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

Moreover, representatives of big business warned that banning modern website encryption protocols in Russia is tantamount to disconnecting the country from the global Internet. The adoption of the bill in the proposed form, in their opinion, will formally make it illegal to use smartphones and computers and will entail "catastrophic consequences".

Read more »
Vulnerability and Exploits
Bugs firmware Technology News Vulnerability and Exploits

Industrial Switches Given by the Vendors Affected by a Same Vulnerability

Industrial switches that were given by the vendors have been affected by a same vulnerability, the reason being they all have the same firmware from Korenix Technology, an industrial networking solutions provider based in Taiwan. SEC Consult, an Austrian-based cyber security company revealed the vulnerability. The company (which is owned by Atos) was trying to get the security holes patched since last year, but it took more than an year for Korenix to release security fixes. 

Security Week reports "Properl+Fuchs did release some patches and workarounds last year after being notified about the vulnerabilities, but the company’s response was limited due to the fact that the flaws existed in the Korenix firmware. SEC Consult’s initial attempts to get Korenix to patch the vulnerabilities failed, until late November 2020, when the company had been preparing to make its findings public." Westermo for PMI-110-F2G and Pepperl+Fuchs for Comtrol RocketLinx industrial switches also use the same firmware made for Jetnet Industrial switches by Korenix. Beijer Electronics Group owns both Westermo and Pepperl+Fuchs. 

As per SEC consult, the companies which made these devices have the same firmware base, hence, a single vulnerability affects all of them. SEC Consult found 5 kinds of vulnerabilities, assigned high severity, and critical ratings. It includes unauthorised device administration, cross-site request forgery, authentication command injection, TFTP file/read/write issues, and backdoor accounts. If a hacker has network access, he can attack a device and make unauthorised changes in configuration, steal sensitive data, or make it enter into a DoS state. The affected devices are used in automation, transportation, heavy industry, surveillance, power and energy, and other sectors. 

These switches, according to experts, hold a crucial position in a network and attacker can exploit these vulnerabilities and disruption the connection to the attached network systems.  Apart from releasing firmware updates for the security fixes, Korenix has also suggested some measures to prevent from potential threats. "This vulnerability can also be exploited via Cross-Site Request Forgery attacks as there is no protection for that kind of attack. The NMS (Network Management System) of Korenix, also known as JetView or Korenix NMS, communicates via UDP and triggered all actions without prior authentication," reports Security Week.

Read more »
Technology News
Technology Technology News

The Ministry of Internal Affairs of Russia will launch a program for recognizing deepfakes in the fall of 2022

The scientific and industrial company "High Technologies and Strategic Systems" (HT and SS SIJSC) will develop a computer program for the Ministry of Internal Affairs that recognizes face substitution in videos, the so-called deepfake videos.

It is not the first time that the company has worked with Russian law enforcement agencies. According to the company's website, their specialists participated in the development of products for the Ministry of Emergency Situations and the Ministry of Defense of the Russian Federation.

The amount that the company will receive is set at 3 million 550 thousand rubles ($48,000). The deadline for the completion of research work is scheduled for November 30, 2022. The program for recognizing deepfakes was named "Mirror".

The Ministry of Internal Affairs explained that with the help of deepfakes, scammers can easily substitute any person by inserting his image on a video in which an immoral act or crime is committed. In addition, experts believe that this technology can be very easily used by phone scammers, so it is important to learn how to quickly and effectively detect such fakes as soon as possible.

According to Yuri Zhdanov, Lieutenant General of the Ministry of Internal Affairs, this technology poses a huge threat, and it is extremely difficult to fight it. It is becoming more and more difficult to figure out where the truth is and where the fake is, so powerful systems for protecting a person from deepfakes should come to help here.

Moreover, the technology is widely used to create realistic pornographic videos featuring celebrities in which they have never been filmed, or fake speeches of major political figures.

One of the most popular deepfakes on the Internet was a video with the founder of SpaceX, Elon Musk, in which he allegedly sings the song "Grass at Home", which is actually performed by the group “Zemlyane”  ("Earthlings").

By the way, the use of DeepFake technology is now prohibited by the largest sites, including Reddit and Twitter.


Read more »
Technology News
Crytocurrency Technology Technology News

The sharp drop of the cryptocurrency provokes cyber fraudsters

According to cybersecurity experts, the fall in the cryptocurrency exchange rates may cause another increase in DDoS attacks. The fact is that the same tools are used for conducting attacks as for mining. It becomes more profitable for the owners of the tool to conduct DDoS attacks.

Cybersecurity experts said that the fall of bitcoin from the April historical high of $64.9 thousand to $31.4 thousand, which occurred recently, along with the collapse of other cryptocurrencies, can cause an increase in DDoS attacks.

The fact is that botnets, which are also used for mining cryptocurrency, are used to carry out DDoS attacks, explains Alexander Gutnikov, an analyst at Kaspersky DDoS Prevention. "Attackers usually redirect power to mining when cryptocurrency prices are high, as it is more profitable to use bot farms for this than for DDoS attacks," he said.

Accordingly, the power is reoriented to custom attacks when cryptocurrency prices are low.

According to the report of Kaspersky Lab on attacks for the first quarter of 2021, the exchange rate of cryptocurrencies, in particular bitcoin, declined, for example, in January, and at the same time, there was a surge in DDoS activity. In early March, there was another peak of DDoS attacks, before which there was again a decline in the bitcoin exchange rate.

"DDoS attacks are always activated, when the cryptocurrency exchange rate changes", confirms Alexander Lyamin, CEO of Qrator Labs. According to him, the reason is also that attackers can earn money on the difference in exchange rates, for example, to slow down operations by staging an attack. "Although payments for DDoS attacks are often made in cryptocurrency, their cost is usually set in dollars", says Ramil Khantimirov, CEO and co-founder of StormWall.

"DDoS attacks can be carried out on a specific blockchain to create problems in it and lower the value of coins", adds the technical director of the cryptocurrency exchange CEX.IO Dmitry Volkov. He said that in theory unscrupulous competitors can do this, but in practice such attacks are rare.

Read more »
Technology News
Cyber Risk Cyber Threat Intelligence Russian Security Researchers Technology Technology News

Russian researchers developed methodology to predict cyber risks

 Scientists from St. Petersburg Polytechnic University have developed a methodology for assessing cyber risks in smart city systems. The developed methodology has been tested on the "smart intersection" test bed (a component of smart transport system of smart city).

It should be reminded that St.Petersburg participates in the formation of Smart City program, which will provide new services for the residents of megacities, increasing the safety of citizens. Digital services are an integral part of such system.

Experts explained that cybercriminals have new goals: to disrupt the functioning of large enterprises and urban infrastructure, as well as to intercept control over them. Attackers using wireless channels can remotely penetrate a target subnet or device, intercept traffic, launch DoS attacks and take control of IoT devices to create botnets.

"At present, traditional cyber risk analysis strategies cannot be directly applied to the construction and assessment of smart city digital infrastructures, as the new network infrastructure is heterogeneous and dynamic," said Vasily Krundyshev, a researcher at the Institute of Cybersecurity and Information Protection.

At the same time, he stressed that the purpose of this project is to provide the level of protection of information assets of the smart city taking into account specific features of modern cyber threats.

The methodology of cybersecurity risk analysis of the smart city includes the stages of assets type identification, threat identification, risk calculation and analysis of obtained values. The proposed methodology is based on a quantitative approach. At the same time, according to scientists, it is easily and quickly calculable, which is especially important in conditions of modern dynamic infrastructures.

Experimental studies using a set of developed simulation models of typical digital infrastructures of a smart city (Internet of Things, smart building, smart intersection) have demonstrated superiority over existing Russian and foreign counterparts.

It is interesting to note that earlier St. Petersburg scientists created an innovative installation for cleaning water reservoirs.

Read more »
Technology News
Technology Technology News

A Russian specialist warned of the deadly dangers of the smartphone

 Smartphones of the company Samsung are frequently exploding. There are also known cases when Apple products exploded in the hands of users

The leading analyst of Mobile Research Group Eldar Murtazin warned about the lethal danger that can occur when buying non-original chargers and other accessories for smartphones.

According to him, non-original chargers can ignite during use. So, a charger bought from an unfamiliar seller could turn out to be fake, which could lead not just to battery failure and wear, but also to the device igniting and breaking down.

"These are not empty words, it happens every year, and in Russia, several people die from it every year," warned the specialist.

In addition, the use of a smartphone in a bath, when it is on recharge, poses a danger, the analyst emphasized.

Also, the danger can threaten if the user decides to disassemble his smartphone.

"If you do disassemble the device, never touch the battery, because if you break its shell, it can ignite," said Murtazin.

Cheap smartphone accessories, such as headphones or cases, can also be dangerous to health, as they can cause allergic reactions or skin burns.

At the same time, Mark Sherman, managing partner of the B&C Agency communications agency, stressed that the smartphone itself can not be dangerous, but if it happens, it may be the fault of the user.

"If the smartphone breaks, you need to take it to specialists, rather than trying to fix the device yourself", added Mr. Sherman.

Earlier, Pavel Myasoedov, partner and director of Intellectual Reserve, said that contact with water, a blow or prolonged charging can lead to an explosion. According to him, most often explode smartphones of Samsung, which even had to recall all phones Galaxy Note 7 from sale on a wave of panic. There are also known cases when Apple products exploded in the hands of users.

Read more »
Technology News
Firewall MalwareTech Microsoft Technology Technology News

Hackers Exploit Windows BITS Feature To Launch Malware Attack

Microsoft released the BITS (Background Intelligent Transfer Service) in Windows XP to coordinate and ease uploading and downloading files with large size. Systems and applications component, specifically update in Windows, use this BITS feature to provide application updates and OS so that they can work in minimal user disruption. BITS interact with applications to make jobs with one or more application to download or upload. The BITS feature operates in service and it can make transfers happen at any time. A local database stores file, state and job info.  

How the hackers exploit BITS?

The BITS, like every other technology, is used by applications and exploited by hackers. When harmful apps make BITS jobs, the files are uploaded and downloaded in the service host process context. This helps hackers to avoid firewall detection that may stop suspicious or unusual activities, allowing the attacker to hide the application that requests the transfer. Besides this, the transfers in BITS can be scheduled for later, which allows them to happen at given times, saving the hacker from depending on task-scheduler or long-running processes. 

Transfers in BITS are asynchronous, resulting in a situation where the apps that made jobs may not be working after the transfers that are requested are complete. Addressing this situation, these jobs in BITS can be made through a notification command that is user-specific. The command can be used in case of errors or after a job is complete. The BITS jobs linked with this notification command may authorize any command or executable to run. The hackers have exploited this feature and used it as a technique for continuously launching harmful applications.  

For BITS jobs, the command data is stored in a database rather than the traditional directory register, this helps hackers as the tools that are used to identify persistent executables or commands by unknown actors may overlook it. The jobs in BITS can be made using the BITS-admin command lines tool or via API functions.  Cybersecurity firm FireEye reports, "the Background Intelligent Transfer Service continues to provide utility to applications and attackers alike. The BITS QMGR database can present a useful source of data in an investigation or hunting operation. BitsParser may be utilized with other forensic tools to develop a detailed view of attacker activity." 
Read more »
Technology News
Cyber Fraud Fraud McAfee Money Laundering Technology News

Creator of McAfee Antivirus Software Charged For Conspiracy?

 

Creator of McAfee antivirus software, Businessman John McAfee is charged under a conspiracy to commit fraud and money laundering in the U.S. McAfee and his bodyguard Jimmy Gale Watson Jr are found guilty of advertising cryptocurrencies on Mr. McAfee's huge Twitter follower base to inflate prices. As per prosecutors, these currencies were then sold, earning a total of $2m (€1.45 M). The accused have not issued any response to the charges made.  Currently, McAfee (age 75) is under detention in Spain due to separate charges relating to tax fraud, that he is denying. 

The fresh charges were filed in the Manhattan Federal Court, New York. He is facing potential extradition to the U.S, whereas Watson was captured earlier this week. According to BBC, "in 2012, he made headlines after police in the Central American country of Belize investigated the death of one Mr. McAfee's neighbors and named him as a 'person of interest'. Mr. McAfee left the country saying he feared for his own safety. Officials ultimately said he was not a suspect." McAfee and his bodyguard are accused of buying promoting the cryptocurrency assets on Twitter, where Mr. McAfee has millions of followers. 

As per the US justice department and the Commodity Futures Trading Commission, the plan was to sell these assets the moment the asset's price rose. The pair is said to make $11M (€8m) from the cryptocurrency startup payments via promoting the assets on Twitter, while the investors who bought them were unaware of the payments. As per the federal prosecutor, this equals exploiting a widely used social media platform (in this case Twitter) and the enthusiasm of investors in the growing cryptocurrency sector to profit millions via deceit and lies. In the former case which was disclosed the previous year. 

Mr. McAfee was charged for not filing tax returns from 2014-2018. He is also accused of using different people's names to hide his assets which include a yacht and property. "The entrepreneur, who was born in the UK, also launched unsuccessful bids to become the Libertarian Party's candidate for the US presidential elections in 2016 and 2020. Mr. McAfee has previously expressed his disdain for taxes, tweeting in 2019 that he had not filed tax returns for years because "taxation is illegal", reports BBC.  
Read more »
Subscribe to: Posts (Atom)