Lifeboat Foundation

A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA.

It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by allowing mission-critical devices (like flight controls and life support systems) and less important devices (like passenger WiFi or data collection) to coexist on the same network hardware. This blend of devices on a single network arose as part of a push by many industries to reduce network costs and boost efficiency.

Continue reading “Cyber vulnerability discovered in networks used by spacecraft, aircraft and energy generation systems” »

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware.

“Xenomorph is a trojan that steals credentials from banking applications on users’ devices,” Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

“It is also capable of intercepting users’ SMS messages and notifications, enabling it to steal one-time passwords and multi-factor authentication requests.”

He added: “Being asked to sign up for a mortgage when you have no interest in that whatsoever is annoying and spam.”

The Tesla CEO went on to describe his own penchant for social-media shopping and his targeted product advertising strategy would facilitate it.

“I’d love to see ads for gizmos. If I saw ads for gizmos, I love gizmos, of course, I’d buy them all in a click,” he said. “Even if they’re not that great, I’ll still buy gizmos. I love technology. I’ll see content for gizmos but not an ad or an ability to actually buy the gizmo.”

SAN FRANCISCO — Two weeks after closing a $44 billion deal to buy Twitter, Elon Musk painted a bleak financial picture for the social media company and outlined a series of changes for employees in his first companywide emails to staff.

In two emails sent to workers late on Wednesday, Mr. Musk said the economy was challenging. He added that he planned to end Twitter’s remote work policy and wanted employees to renew their focus on generating revenue and fighting spam.

“Sorry that this is my first email to the company, but there is no way to sugarcoat the message,” Mr. Musk, 51, wrote in one email. “The economic picture ahead is dire.” Twitter was too heavily dependent on advertising and vulnerable to pullbacks in brand spending, he added, and would need to bolster the revenue it gets from subscriptions.

Experts do not want to hack it.

Juan Gilbert, a professor of computer science at the University of Florida, has claimed that he has built the ultimate unhackable voting machine that can put concerns to rest over machine-related voting, Undark.

Continue reading “Scientist claims he has made the ultimate unhackable voting machine” »

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer.

“The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22,” software supply chain security company Phylum said in a report published this week.

The list of offending packages is as follows: typesutil, typestring, sutiltype, duonet, fatnoob, strinfer, pydprotect, incrivelsim, twyne, pyptext, installpy, faq, colorwin, requests-httpx, colorsama, shaasigma, stringe, felpesviadinho, cypress, pystyte, pyslyte, pystyle, pyurllib, algorithmic, oiu, iao, curlapi, type-color, and pyhints.

Researchers detail a new malware campaign by Pakistani hackers targeting Indian government organizations, revealing their new tools and techniques.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation.

Prominent among them is a set of three flaws affecting ETIC Telecom’s Remote Access Server (RAS), which “could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines,” CISA said.

Bias in AI systems is proving to be a major stumbling block in efforts to more broadly integrate the technology into our society.

A new initiative that will reward researchers for finding any prejudices in AI systems could help solve the problem.

The effort is modeled on the bug bounties that software companies pay to cybersecurity experts who alert them of any potential security flaws in their products.