News

The ultrasonic fingerprint scanner feature in the Samsung Galaxy S10 can be duped into unlocking the device with the help of a 3D printed fingerprint stolen from its owner as shown by Reddit user darkshark9.According to Samsung's description, to use the in-screen fingerprint scanner one only has to "Simply touch the glass to unlock. We've moved security from the back of the phone to the front, fusing the Ultrasonic Fingerprint directly into the screen." Source:...

The smartphone video game Flappy Bird was removed from smartphones in 2014 by its creator, Dong Nguyen, because it was too addictive. But the program lives on as an inspiration to deep learning researchers. Specifically, International Business Machines scientists this week unveiled research into how machines can continually learn tasks, including playing Flappy Bird, improving over time rather than learning one level of play and stopping at that.Known as lifelong learning, or continuous learning, the...

NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository.GHIDRA is agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications.GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS,...

Over the past five months, the London Blue cybercriminal group has been running business email compromise (BEC) scams against employees in Asia working for companies based mostly in the United States, Australia or Europe.The corporate fraudsters rely on a new database of about 8,500 financial executives from close to 7,800 different companies in the world (most of them in the U.S.). This is almost six times smaller than the previous collection of targets, which contained...

Xiaomi has patched a security flaw in Guard Provider, the default security app included with all recent Xiaomi smartphones. The vulnerability would have allowed attackers to inject traffic heading towards the Guard Provider app, and insert malicious commands that would have allowed a threat actor to run malicious code to take over the phone, install malware, or steal users' data. Source: ZDNet

Over 58,000 Android users had "stalkerware" installed on their phones last year, researchers from Kaspersky Lab have revealed today. Of these, more than 35,000 had no idea about stalkerware being present on their Android devices until they installed Kasperksy's mobile antivirus, which flagged the infection.Kaspersky's findings come to confirm a growing trend in the information security industry, where security researchers are seeing an increase in the use of stalkerware-like products, from both normal users and...

Researchers are presenting with a malware that not only modifies CT scan results, it also does them with such realism that it manages to fool professionals into misdiagnosing the presence or absence of cancer. A blind study that involved 70 altered CT lung scans showed proved that both radiologists and a lung-cancer screening software were consistently duped into thinking there were cancerous nodes in a scan when the original actually had none. Conversely, scans that...

The number of medium and large businesses with cyber insurance policies is increasing, as a new government report revealed the average cost of a cyber breach increased by a third.The Cyber Breaches Survey 2019 found where an attack resulted in the loss of data or assets, the average cost rose by more than £1,000 since 2018 to £4,180.The average was over £9,000 for larger organisations. Source: InsuranceTimes

Two Secaucus, N.J., high school freshmen have been accused of allegedly knocking their school’s WiFi system offline possibly using a malware as a service deal to create the situation.The two 14-year-old boys were arrested last week and charged with computer criminal activity and conspiracy to commit computer criminal activity, according to CBS New York. School officials confirmed to CBS the WiFi system was down and although the details on how this was accomplished are not...

The Bashlight IoT malware has been updated with cryptomining and backdoor commands targeting WeMo devices.The malware initially gained notoriety for its use in large scale DDoS attacks in 2014 but has recently switched over to infecting IoT devices and has even been known to exploit Shellshock to gain a foothold into vulnerable devices.Bashlight only needs to check if the device is enabled with the WeMo UPnP API to target the device and doesn’t need to...