Posts

Intel, IBM, Google, Microsoft & others join new security-focused industry group

Image
  New Confidential Computing Consortium will promote the use of TEEs (trusted execution environments). Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices. Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. Named the  Confidential Computing Consortium , this industry group's goals will be to come up with strategies and tools to accelerate the adoption of "confidential computing." By confidential computing, the group is referring to hardware and software-based technical solutions for isolating user data inside a computer's memory while it's being processed, to avoid exposing it to other applications, the operating system, or other cloud server tenants. The easiest way of supporting confidential computing practices is through the use of  trusted execution environments (TEEs) , also known as enclaves. These a...

Citrix Managed Desktops moves into general availability

Image
  The Desktop as a Service offering simplifies the delivery of Windows apps and desktops from Azure to devices. Citrix Managed Desktops  will be generally available on August 26, Citrix said Tuesday. The desktop-as-a-service offering simplifies the delivery of Microsoft Windows apps and desktops from Microsoft Azure to devices.  Compared with  Citrix Virtual Apps and Desktops , Citrix Managed Desktop is designed to offer a "turnkey service" for any organization, regardless of their size or IT expertise. Customers can provision Windows-based applications and desktops from the cloud to any device, and the service can be purchased on a monthly or term basis.  It's designed to streamline provisioning for internal or external users, such as a contract or seasonal workers, or to scale virtual desktops to respond to changing demands, like an influx of workers from an acquisition. Users should be able to easily integrate Azure-hosted virtual desktops with on-premises Ac...

This new cryptojacking malware uses a sneaky trick to remain hidden

Image
  'Norman' cryptomining malware was found to have infected almost every system in one organisation during an investigation by security researchers. A newly-discovered form of  cryptocurrency-mining malware  is capable of remaining so well-hidden that researchers investigating it found that it had spread to almost every computer at a company that had become infected. Dubbed 'Norman' due to references in the backend of the malware, the cryptojacker has been detailed by cybersecurity researchers at Varonis. The Monero-cryptomining campaign was uncovered after Varonis' security platform spotted suspicious network alerts and abnormal file activity on systems within organisations that had reported unstable applications and network slowdown. Cryptojacking malware exploits the processing power of an infected computer to mine for cryptocurrency – which can cause the system to slow down, even to the point of becoming unusable. Researchers found that several variants of cr...

Apple offers $1 million if you can hack an iPhone

Image
  The iPhone-maker will also began offering a 50 percent bonus for bugs discovered in Apple’s pre-release builds. Tech giant Apple has confirmed that the company is offering hackers $1 million reward if they manage to hack into their iPhones and explain to the tech how they did it. The bounty was announced by the company at the annual Black Hat hacker convention in Las Vegas last week. It is said to be the biggest ever payout by the iPhone-maker. Apple had rolled out its bug bounty programme in 2016 with rewards up to $200,000 for finding vulnerabilities on the iOS platform which would let an attacker gain full control of the device, without needing the user’s consent. Expanding its bug bounty program to all Apple’s platforms such as iOS, iCloud, iPadOS, macOS, tvOS andwatchOS Apple’s $1 million reward is five times larger than the previous one and is open to everyone. However, those wanting to win the top prize must note that that the prize will be given only for the very specific...

Google discovered several iPhone security flaws, and Apple still hasn’t patched one

Image
  A further five vulnerabilities were patched last week Google security researchers have discovered a total of six vulnerabilities in Apple’s iOS software, one of which the iPhone manufacturer has yet to successfully patch. Tech News reports  that the flaws were discovered by two Google Project Zero researchers, Natalie Silvanovich and Samuel Groß, and five of them were patched with  last week’s iOS 12.4 update , which contained several security fixes. All of the vulnerabilities discovered by the researchers are “interactionless,” meaning they can be run without any interaction from a user, and they exploit a vulnerability in the iMessage client. Four of them (including the as-yet-unpatched vulnerability) rely on an attacker sending a message containing malicious code to an unpatched phone and can execute as soon as a user opens the message. The remaining two rely on a memory exploit. Details of the five patched bugs have been published online, but the final bug will rema...

How cybercriminals are still snaring victims using seven-year-old malware

Image
  Researchers analysed millions of posts made on dark web forums over a 12-month period -- here's what they found out and what it means for your security. Some of the most popular strains of malware on underground forums are open-source or cracked versions of malicious software that use exploits that are years old, but still effective. Cybersecurity researchers at Recorded Future analyzed almost four million posts made on dark web forums in several languages between May 2018 and May 2019, and set out their findings in a new report:  Bestsellers in the Underground Economy . The languages analysed include English, Russian, Chinese, Spanish, Arabic and others. Across the different forums, many of the forms of malware discussed were universally popular. The top choices were simple-to-use, readily-available forms of malware, suggesting that for many cybercriminals, getting their hands on malware is the main goal -- it doesn't necessarily have to be sophisticated. Some of the most p...

Hacker steals data of millions of Bulgarians, emails it to local media

Image
  Source of the data breach appears to be the country's National Revenue Agency A mysterious hacker has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications. The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. In a  message posted on its website  on Monday, the NRA said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack. "We are currently verifying whether the data is real," said the NRA. Hours after this article's publication, the Bulgarian Ministry of the Interior  confirmed the hack . HACKER STOLE 110 DATABASES, LEAKED 57 According to reports from local media [ 1 ,  2 ,  3 ,  4 ,  5 ], who received part of the data, the hacker said they stole the personal details of over five million Bulgarians, of the country's total ...

Huawei CEO: Our 'Plan B' OS is likely to be 60% faster than Android

Image
  Huawei sets to work on creating an app store alternative to Google Play. Despite  recent talk by US President Donald Trump  that Huawei's ban on US tech would be lifted, the Chinese tech giant appears ready to move ahead with its  Hong Meng OS alternative to Android . Speaking with French news site Le Point, Huawei CEO and founder, Ren Zhengfei, said Hong Meng is likely to be 60% faster than Android, citing a story from  Chinese media about Chinese handset brands Oppo and Vivo testing the new OS .   Zhengfei admitted that the company currently lacked an alternative to the Google Play app store and Apple's App Store, but that it is working on one.   Huawei told potential partners last year that by the end of 2018 it planned to have 50 million Europeans using its own app store, according to documents seen by Bloomberg in May, shortly after the Department of Commerce added Huawei to its entities list, banning US firms from supplying tech to th...

Mozilla: Want ad-free news on Firefox? That'll cost you $5 a month

Image
  Would you pay $5 to get news online without seeing ads, asks Mozilla. Mozilla is teasing the launch of a new $5 monthly subscription to a variety of online news publishers that involves no ads. Mozilla is currently only running an online survey to see whether consumers would take up its $5 Firefox offer but it seems far enough into its plan to at least have a  button offering users to 'Sign up now, for $4.99 per month' . Clicking it leads to the survey and a confession that the product isn't actually available yet.  Should Mozilla launch the service, it seems likely to be provided in partnership with Scroll, which has an ad-free news subscription service with 12 media partners, including Slate, The Atlantic, BuzzFeed, USA Today, and Vox.  It's not a new idea but a particular take on one of many challenges that companies like Google, Facebook, and Apple are attempting to crack in various ways. In Mozilla's case, the main proposition is to offer users no ads on news...

New Silex malware is bricking IoT devices, has scary plans

Image
  Over 2,000 devices have been bricked in the span of a few hours. Attacks still ongoing. A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017. Named Silex, this malware began operating earlier today, about three-four hours before this article's publication. The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later. Attacks are still ongoing, and according to an interview with the malware's creator, they are about to intensify in the coming days. HOW THE SILEX MALWARE WORKS According to Akamai researcher  Larry Cashdollar , who  first spotted the malware earlier today , Silex works by trashing an IoT device's storage, dropping firewall rules, removing the network configuration, and then halting the device. It's as destructive as it...