News Posts matching "cybersecurity"

Return to Keyword Browsing

NETGEAR Announces Its Armor Cyber Threat Protector in Partnership With Bitdefender

NETGEAR Armor on your Orbi Mesh WiFi Systems is a cybersecurity solution that protects all internet-connected devices in your home from viruses, malware, stolen passwords, identity theft and hacking, whether you're at home or on the go. Many people already have some type of anti-virus software loaded onto their home computers. However, this is often not effective enough for the cyber threats in today's environment. In fact, according to research, 146 billion records of personal information, such as credit card information or national identification / social security numbers, are expected to be stolen by cybercriminals between 2018 to 2023.

Crypto Exchange Head Takes $137 million Cold Wallet Key to his Grave

In a classic case of why businesses should have disaster mitigation plans in place, Vancouver-based crypto-currency exchange QuadrigaCX has potentially lost USD $137 million in assets (customers' money), after its founder's death. Founder and director Gerry Cotten had stored the money in an offline cold wallet on an encrypted laptop and committed its password to memory. In December, Cotten died overseas of Crohn's disease, leaving the company with no other handwritten record of the laptop's password.

Crypto exchanges tend to store assets in cold wallets either on offline computers or plain paper, to avoid the wallets getting stolen on hacked online computers. The company has hired cybersecurity firms to try and decrypt the laptop to no success thus far. Cotten's widow Jennifer Robertson in a sworn affidavit to a court said that she had not found any traces of the password in their residence despite repeated and thorough searches. QuadrigaCX in addition to the $137 million under management, also holds $53 million in disputed assets.

Fortnite is Being used as a Money Laundering Venue

The Independent has conducted an investigative report into the underwold's usage of Fortnite as a venue for money laundering. This likely won't come as a surprise - Fortnite has pretty lax acquisition restrictions for its in-game content and V-bucks, and the world's most popular multiplayer game moves millions of players through its servers daily. with such a deep pool of likely buyers for anything Fortnite at under Fortnite-store pricing, the stage is set for an almost untraceable money laundering scheme.

Touring NETGEAR at CES 2019: Wi-Fi 6 Takes Center Stage!

The gift that is CES keeps on giving! We go over the NETGEAR suite, and it was more of an entire floor, in this article with the company showing off their involvement in every networking sector imaginable- the professional environment, consumer and retail networking solutions, and smart home devices. Indeed, stepping off the elevator itself led to a hallway lined with Meural canvasses, which are very well built frames that have an integrated display to show off images of your choosing. This public hallway had generation 2.0 canvasses, with the new-for-CES generation 3.0 series inside the show room that encompasses four different frame options in two different sizes- the currently available 27" version, and the newer 21.5" size for those wanting something smaller.

Meural canvasses can be used in landscape or portrait configurations, and supports a library of over 30,000 curated art images at an optional membership cost of $49.95/year. The new generation is available from August 2019, with the new screens having a wider color gamut and a truer-to-life display, that was impressive. These are definitely for a niche audience, however, but I can appreciate NETGEAR wanting to provide more use cases for their networking solutions. The current Gen 2.0 27" canvas starts at $595 (dimensions with the frame are larger than 27"), and an optional pivoting stand with more display I/O options is an additional $49.95 for when you want to have your own images connected to it. For the rest of the tour, be sure to read past the break!

ASUS Z390 Motherboards Automatically Push Software into Your Windows Installation

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access). Our Windows 10 image is based on Windows 10 April 2018 Update and lacks in-built drivers for the integrated network controllers.

Upon first boot, with the machine having no LAN or Internet connectivity, we were greeted by an ASUS-specific window in the bottom right corner of our screen, asking whether we'd like to install the network drivers and download "Armoury Crate". This got us curious and we scanned the system for any files that aren't part of the standard MS Windows installation. We discovered three ASUS-signed files in our Windows 10 System32 folder, which, so it seems, magically appeared on our harddrive out of thin air. Upon further investigation we also found a new, already running, system service called "AsusUpdateCheck."

Chinese Government Allegedly Used Supermicro Motherboards to Spy on US Enterprises

In a development that underlines the national security necessity of moving electronics manufacturing out of China, server motherboards made by Supermicro in China, have been found to carry a "spy chip." This startling development is the result of a secret 2015 US Government investigation unearthed by Bloomberg. The Chinese government has allegedly been using hardware-based spyware in Supermicro motherboards that are manufactured in China; to spy on major American enterprises, including (but not limited to) Amazon Web Services and Apple, among others, who use Supermicro motherboards in their data-centers. The level of surveillance includes attempts to steal trade-secrets and intellectual property.

Fearing loss in business, affected cloud-computing providers, including AWS and Apple, have each posted strong denials that their hardware infrastructure is vulnerable to foreign government surveillance. Apple stated: "We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

Intel Gags Customers from Publishing Performance Impact of Microcode Updates

Much of the secret sauce that made Intel processors faster than AMD is going sour, as the cybersecurity community is finding gaping security vulnerabilities by exploiting features such as speculative execution. Intel's microcode updates that mitigate these vulnerabilities impact performance. Intel isn't too happy about public performance numbers put out by its customers, which it fears could blunt the competitive edge of its products. The company has hence updated the license terms governing the microcode update distribution to explicitly forbid its users from publishing comparative "before/after" performance numbers of patched processors.

The updated license for the microcode update has this controversial sentence (pay attention to "v"):
"You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results."

Kaspersky Labs Warns Against Cryptocurrency Social Engineering Schemes

The cryptocurrency phenomenon and the growth of a keen audience of cryptocurrency owners was never going to go unnoticed by cyber-criminals. To achieve their nefarious goals they typically use classical phishing techniques, however these often go beyond the 'ordinary' scenarios we have become familiar with. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto coins, cyber criminals have been able to profit from both avid cryptocurrency owners and rookies alike.

Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future. For this group of people, cyber-criminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to. The most successful attacks use well-known ICO projects. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency after spreading the link through a fake Twitter account.

Intel Announces iGPU-accelerated Threat Detection Technology

Today, Intel is taking another step forward, with two new technology announcements: Intel Threat Detection Technology (Intel TDT), a set of silicon-level capabilities that will help the ecosystem detect new classes of threats, and Intel Security Essentials, a framework that standardizes the built-in security features across Intel processors. We are also announcing a strengthened academic partnership with Purdue University, to help accelerate the development and availability of cybersecurity talent.

Intel Threat Detection Technology leverages silicon-level telemetry and functionality to help our industry partners improve the detection of advanced cyberthreats and exploits. Today we are announcing the first two Intel Threat Detection Technology capabilities, including implementation plans by Microsoft and Cisco.

The first new capability is Accelerated Memory Scanning. Current scanning technologies can detect system memory-based cyberattacks, but at the cost of CPU performance. With Accelerated Memory Scanning, the scanning is handled by Intel's integrated graphics processor, enabling more scanning, while reducing the impact on performance and power consumption. Early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent.

DARPA Believes the Future of Security to be in Additional Processing Hardware

DARPA seems to be taking to heart engineer and cyber-security experts' opinions that hardware-based security would be the best security. The Defense Advanced Research Agency (DARPA), which has appeared in every other sci-fi war movie, has started its System Security Integrated through Hardware and Firmware (SSITH) program, with an initial kick worth $3.6 million to the University of Michigan. The objective? To develop "unhackable" systems, with hardware-based security solutions that become impervious to most software exploits.

Electrical Engineering and Computer Science (EECS) of the University of Michigan Professor Todd Austin, lead researcher on the project, says his team's approach, currently code-named Morpheus, achieves hack-proof hardware by "changing the internal codes once a second". Austin likens Morpheus' defenses to requiring a would-be attacker to solve a new Rubik's Cube every second to crack the chip's security. In this way, the architecture should provide the maximum possible protection against intrusions, including hacks that exploit zero-day vulnerabilities, or those that cybersecurity experts have yet to discover. Morpheus thereby provides a future-proof solution, Austin said. "This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software," SSITH program manager Linton Salmon of the Agency's Microsystems Technology Office.

Weekend Reading 101: On Ransomware's Chains and Carbon Black's Report

Carbon Black, a cybersecurity company that's been founded by former members of the U.S. government's elite team of offensive security hackers, has released a report detailing the continued rise of ransomware's impact, which served as the fire-starter for this piece. Carbon Black's Threat Analysis Unit (TAU) has found that ransomware is an increasingly prolific economical entity, bolstered by a 2,502% increase in sales in the dark web. As with every activity, legal or illegal, the economic footprint follows profit; and in ransomware's case, it's estimated it has yielded around $1 billion just this year. Ransomware even has the advantage of not requiring specialized computer skills, and can be quickly and brainlessly deployed in search of a quick buck.

Carbon Black reports that there are currently more than 6,300 ransomware marketplaces in the dark web, with over 45,000 different product listings, which range in price from $0.5 to $3K (the median price for a DIY ransomware package stands at roughly $10.5). Ransomware sellers are taking advantage of this burgeoning, "quick buck at anyone's expense" reasoning: some ransomware sellers are earning more than six figures yearly, sometimes even more than legitimate software companies. It's no surprise, however that the report points to technologies such as Bitcoin and the Tor network as being two of the most important enablers in this ransomware explosion, besides making it much more difficult for law enforcement agencies to, well, enforce the perpetrators.
To our Forum Dwellers: this piece is marked as an Editorial

Petya/NotPetya: The Ransomware That Wasn't Actually Looking to Ransom Anything

You've heard of the Petya ransomware by now. The surge, which hit around 64 countries by June 27th, infected an estimated 12,500 computers in Ukraine alone, hitting several critical infrastructures in the country (just goes to show how vulnerable our connected systems are, really.) The number one hit country was indeed Ukraine, but the wave expanded to the Russian Federation, Poland, and eventually hit the USA (the joys of globalization, uh?) But now, some interesting details on the purported ransomware attack have come to light, which shed some mystery over the entire endeavor. Could it be that Petya (which is actually being referred to as NotPetya/SortaPetya/Petna as well, for your reference, since it mostly masquerades as that well-known ransomware) wasn't really a ransomware attack?

Intel and TPG to Set Up McAfee as an Independent Company Valued at $4.2 Billion

Intel Corporation and TPG today announced a definitive agreement under which the two parties will establish a newly formed, jointly-owned, independent cybersecurity company. The new company will be called McAfee following transaction close. TPG will own 51 percent of McAfee and Intel will own 49 percent in a transaction valuing the business at approximately $4.2 billion. TPG is making a $1.1 billion equity investment to help drive growth and enhance focus as a standalone business.

Through this transaction, TPG, a leading global alternative asset firm with demonstrated expertise in growing profitable software companies and carve-out investments, and Intel, a global technology leader that powers the cloud and billions of smart, connected computing devices, will work together to position McAfee as a strong independent company with access to significant financial, operational and technology resources. With the new investment from TPG and continued strategic backing of Intel, the new entity is expected to capitalize on significant global growth opportunities through greater focus and targeted investment.

Microsoft Unveils state-of-the-art Cybercrime Center

Microsoft Corp. on Thursday announced the opening of the Microsoft Cybercrime Center, a center of excellence for advancing the global fight against cybercrime. The Cybercrime Center combines Microsoft's legal and technical expertise as well as cutting-edge tools and technology with cross-industry expertise, marking a new era in effectively fighting crime on the Internet.

Each year, cybercrime takes a personal and financial toll on millions of consumers around the globe. The Cybercrime Center will tackle online crimes, including those associated with malware, botnets, intellectual property theft and technology-facilitated child exploitation. The work done at the Cybercrime Center will help ensure that people worldwide can use their computing devices and services with confidence.
Return to Keyword Browsing