Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.
A roundup of Microsoft’s recent security news and updates that focus on protecting identity.
As domains get cheaper, account takeovers get easier, and cloud computing usage expands, email-borne attacks will take advantage.
Cybercriminals are preparing to use computing performance innovations to launch new types of attacks.
Rule number one of sausage club: never ask what goes into the sausage
Bork!Bork!Bork! ATMs are like sausages. Everyone likes them, but nobody wants to know what lurks inside. Come take a peak with another edition of The Register‘s look at computers behaving badly.…
The United States and international partners shut down three bulletproof hosting services used to facilitate criminal activity.
Hundreds of millions of pounds’ worth of consultancy work farmed out
Deloitte, Atos, and Phoenix Software are among the 29 organisations who’ve been picked to provide a whopping £200m worth of IT consultancy services to the National Health Service in the north of England.…
The microphones on voice assistants are very sensitive, and can snoop on all sorts of data:
In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity. We assess the risk and show that a lot more work is needed to understand the privacy implications of the always-on microphones that are increasingly infesting our work spaces and our homes.
From the paper:
Abstract: Voice assistants are now ubiquitous and listen in on our everyday lives. Ever since they became commercially available, privacy advocates worried that the data they collect can be abused: might private conversations be extracted by third parties? In this paper we show that privacy threats go beyond spoken conversations and include sensitive data typed on nearby smartphones. Using two different smartphones and a tablet we demonstrate that the attacker can extract PIN codes and text messages from recordings collected by a voice assistant located up to half a meter away. This shows that remote keyboard-inference attacks are not limited to physical keyboards but extend to virtual keyboards too. As our homes become full of always-on microphones, we need to work through the implications.