TOPIC: CYBERSECURITY



 


SOURCE:  securitymagazine.com

Wearable devices can give away your passwords, according to new research.

In the paper "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN" scientists from the Stevens Institute of Technology and Binghamton University combined data from embedded sensors in wearable technologies, such as smartwatches and fitness trackers, along with a computer algorithm to crack private PINs and passwords with 80-percent accuracy on the first try and more than 90-percent accuracy after three tries.

Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University is a co-author of the study along with the lead researcher, his advisor Yingying Chen, from the Stevens Institute of Technology.

"Wearable devices can be exploited," said Wang. "Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers."

"This was surprising, even to those of us already working in this area," says the lead researcher Chen, a multiple time National Science Foundation (NSF) awardee. "It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques.

TOPIC: HACKERS


 

SOURCE:  cyberdefensemagazine.com

Security experts from ESET security firm have spotted an espionage toolkit dubbed SBDH that was used by threat actors in hacking operations targeting government organizations in Europe.

The research observed infections in many countries, including the Czech Republic, Hungary, Poland and Slovakia, and Ukraine.

The SBDH toolkit was designed to steal sensitive data from victim’s machines, experts from ESET have already detected other sample of the toolkit over the past year, hackers exploited it in attacks against government and public institutions.

Threat actors targeted organizations focused that specialize in economic growth and cooperation.

“Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit. Using powerful filters, various methods of communication with its operators and an interesting persistence technique, it aims to exfiltrate selected files from governmental and public institutions, which are mostly focused on economic growth and cooperation in Central and Eastern Europe.” reported ESET in a blog post.

TOPIC: OH, SO COOL!

 

 

 

SOURCE:  defenseone.com

Analysts are using what they call a ’tangible landscape' to predict the path of everything from forest fires and floods to movement of adversaries in war games.

The Defense Department is playing around with a shape-shifting, color-changing sandbox to limit the carnage from the next deadly flood, wildfire or other catastrophe. 

That is the promise behind the “Tangible Landscape.” 

Made up of kinetic sand, a toy that feels like the stuff on the beach but has the consistency of Silly Putty, the system’s miniature bridges, lakes and other structures morph—or disappear—when a finger crushes critical infrastructure. 

Our goal is to provide planners with an intuitive, collaborative tool to design more resilient environments, identify and better understand where the critical, high-risk locations are,” said Helena Mitasova, associate director of geovisualization at North Carolina State University.

NC State supplied the Tangible Landscape system that now sits inside the military’s spy mapping agency. The university’s free GRASS computer program combines changes in the playdough with sets of geospatial data, like population density and pipeline locations, to predict a change’s influence on surroundings.

TOPIC: HACKING & MALWARE

 

 

 

SOURCE: threatpost.com

Ransomware called Zepto is raising concerns with security experts because of its close ties to the more mature and prolific Locky ransomware. Zepto was spotted about a month ago but a recent wave of spam containing Zepto-laced attachments detected on June 27 is heightening fears of widespread infections.

“We are watching Zepto very carefully. It’s closely tied to Locky, sharing many of the same attributes,” said Craig Williams, senior technical leader and global outreach manager at Cisco Talos.  “There is still a lot to learn about Zepto. As far as we can tell, it’s either a new variant of Locky or an entirely new ransomware with many copycat Locky features,” he said. Related Posts 655,000 Healthcare Records Being Sold on Dark Web June 28, 2016 , 10:00 am New CryptXXX Can Evade Detection, Outsmart Decryption Tools June 27, 2016 , 11:24 am Threatpost News Wrap, June 24, 2016 June 24, 2016 , 9:00 am

Cisco Talos, which published its findings on the ransomware Thursday, said 137,731 spam messages have been found this week that contain the Zepto malicious attachment. The Zepto name comes from the .zepto suffix used as the extension for encrypted files.

Technical details of Zepto are similar to Locky in many ways, said Warren Mercer, security researcher for Cisco Talos. Comparisons include the type of RSA encryption keys used by Locky, the types of files Zepto and Locky leave behind and similarities to the ransom text.

“We are moving quickly and pulling apart as many samples as we can to understand if this is still Locky or something unique,” Mercer said.