SlideShare uma empresa Scribd logo

NULL Mumbai NewsBytes

Transferir como PPTX, PDF
V
VirajThakkar4

March 2020. Only contains a sliver of security events in the past month.

Tecnologia
1 de 15
News Bytes March 2020
A glimpse of the past month • Scammers are Exploiting Coronavirus Fears • Chrome Extensions caught Stealing Data • Microsoft defender on Linux • The Wifi Encryption Vulnerability • CPI Ransomware Attack • Ultrasonic waves to control Audio devices • AMD Processors vulnerable to 2 new side-channel attacks • Intel Chip flaw is unfixable • Necurs Takedown
Scammers exploiting Coronavirus Just check out the links, both are clearly fake
Chrome extensions stealing data • 500 apps were taken down • One of the weaker links of a browser is an extension, it allows for data access to the extension and can be misused. That happened. • These apps used a C2 (Command and Control) server – (A C2 server is basically a machine that allows to send and receive commands or data). • These C2 servers are used for ad-fraud and maladvertising. • Research done using CRXcavator (https://crxcavator.io/)
Microsoft defender on Linux
WiFi encryption Vulnerability • Kr00k • https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf • A really bad short explanation is: – It uses an all zero key. So, there is something called as a nonce, its purpose is to avoid any old communication to be reused. – If the key and nonce end up being identical, and if a counter is used to generate the keystream (a keystream is basically what will encrypt a message, a key is the tool that creates a keystream) – Now, we have everything as an attacker and can basically decrypt all communication without needing the wifi password
CPI Ransomware Attack • Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. • They were hacked, 500,000 USD Ransom • According to sources: – domain-admin clicked a malicious link triggering file-encrypting malware – 150 computers were still using Windows XP – retired 2014 – Hope we can grasp the rest…
Ultrasonic waves to control Audio Devices • So, sound needs a medium to be transmitted. • This leverages the very same. It uses the acoustic properties of solids (like tables). • Piezoelectric transmitters – They use ultrasonic waves • Basically attackers send data to the MEMS recievers and with any eavesdropping tech can easily extract info. MEMS (microelectro-mechanical systems)
AMD Processors vulnerable to 2 side channel attacks • Just like Meltdown and Spectre? But less serious (lesser information is compromised) • Name of Take-a-way leak
Intel Chip Flaw is unfixable • The problem lies in the Converged Security and Management Engine (CSME). • There are no active exploits and exploitation is difficult.
Necurs Takedown
Necurs Takedown • MSFT broke the domain generation algorithm (DGA) • Were able to accurately predict over six million unique domains that would be created in the next 25 months
Sources Scammers are Exploiting Coronavirus Fears • https://www.vox.com/recode/2020/3/5/21164745/coronavirus-phishing-email-scams • https://www.kaspersky.com/blog/coronavirus-phishing/32395/ Chrome Extensions caught Stealing Data • https://thehackernews.com/2020/02/chrome-extension-malware.html Microsoft Bitdefender on Linux • https://www.av-test.org/en/antivirus/home-windows/ The Wifi Encryption Vulnerability • https://www.eset.com/int/kr00k/ • https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf • https://crypto.stackexchange.com/questions/54897/how-can-an-all-zero-encryption-key-result-in- plaintext
Sources CPI Ransomware Attack • https://techcrunch.com/2020/03/05/cpi-ransomware-defense-contractor/ Ultrasonic waves to control Audio devices • https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html • https://www.edn.com/basic-principles-of-mems-microphones/ AMD Processors vulnerable to 2 new side-channel attacks • https://www.engadget.com/2020/03/08/amd-cpu-take-a-way-data-leak-security-flaw/ Intel Chip flaw is unfixable • https://www.sans.org/newsletters/newsbites/xxii/19 Necurs Takedown • https://thehackernews.com/2020/03/necurs-botnet-takedown.html
Thank You

Recomendados

Leone ct#2 presentation rev
Leone ct#2 presentation revLeone ct#2 presentation rev
Leone ct#2 presentation revvincentleone
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
System Vulnerability and Abuse
System Vulnerability and AbuseSystem Vulnerability and Abuse
System Vulnerability and AbuseAlbrecht Jones
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer FCA - Future Chartered Accountants
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Computer securety
Computer securetyComputer securety
Computer securetyrushil ahmed
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusinessWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 

Recomendados

Leone ct#2 presentation rev
Leone ct#2 presentation revLeone ct#2 presentation rev
Leone ct#2 presentation revvincentleone
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
System Vulnerability and Abuse
System Vulnerability and AbuseSystem Vulnerability and Abuse
System Vulnerability and AbuseAlbrecht Jones
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer FCA - Future Chartered Accountants
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Computer securety
Computer securetyComputer securety
Computer securetyrushil ahmed
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusinessWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer wormSumaiya Ismail
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
9 - Security
9 - Security9 - Security
9 - SecurityRaymond Gao
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security riskshazirma
 
Slideshare is
Slideshare isSlideshare is
Slideshare isAshu Pandita Kaul
 
BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors SeminarChaitali Patel
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer SystemFaruk_Hossen
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
Computer Security
Computer SecurityComputer Security
Computer Securityvishal purkuti
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 

Mais conteúdo relacionado

Mais procurados

Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer wormSumaiya Ismail
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security riskshazirma
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer SystemFaruk_Hossen
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 

Mais procurados (20)

Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer worm
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
 
9 - Security
9 - Security9 - Security
9 - Security
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security risks
 
Slideshare is
Slideshare isSlideshare is
Slideshare is
 
BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors Seminar
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer System
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Computer security and
Computer security andComputer security and
Computer security and
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
 

Semelhante a NULL Mumbai NewsBytes

CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESSumit Pandey
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Advanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxAdvanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxFrancesco Faenzi
 
Avast @ Machine Learning
Avast @ Machine LearningAvast @ Machine Learning
Avast @ Machine LearningAvast
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Dawn Yankeelov
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 

Semelhante a NULL Mumbai NewsBytes (20)

CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Why Risk Management Fails
Why Risk Management FailsWhy Risk Management Fails
Why Risk Management Fails
 
Advanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxAdvanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptx
 
Avast @ Machine Learning
Avast @ Machine LearningAvast @ Machine Learning
Avast @ Machine Learning
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 
News Bytes
News BytesNews Bytes
News Bytes
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

NULL Mumbai NewsBytes

  • 2. A glimpse of the past month • Scammers are Exploiting Coronavirus Fears • Chrome Extensions caught Stealing Data • Microsoft defender on Linux • The Wifi Encryption Vulnerability • CPI Ransomware Attack • Ultrasonic waves to control Audio devices • AMD Processors vulnerable to 2 new side-channel attacks • Intel Chip flaw is unfixable • Necurs Takedown
  • 3. Scammers exploiting Coronavirus Just check out the links, both are clearly fake
  • 4. Chrome extensions stealing data • 500 apps were taken down • One of the weaker links of a browser is an extension, it allows for data access to the extension and can be misused. That happened. • These apps used a C2 (Command and Control) server – (A C2 server is basically a machine that allows to send and receive commands or data). • These C2 servers are used for ad-fraud and maladvertising. • Research done using CRXcavator (https://crxcavator.io/)
  • 6. WiFi encryption Vulnerability • Kr00k • https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf • A really bad short explanation is: – It uses an all zero key. So, there is something called as a nonce, its purpose is to avoid any old communication to be reused. – If the key and nonce end up being identical, and if a counter is used to generate the keystream (a keystream is basically what will encrypt a message, a key is the tool that creates a keystream) – Now, we have everything as an attacker and can basically decrypt all communication without needing the wifi password
  • 7. CPI Ransomware Attack • Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. • They were hacked, 500,000 USD Ransom • According to sources: – domain-admin clicked a malicious link triggering file-encrypting malware – 150 computers were still using Windows XP – retired 2014 – Hope we can grasp the rest…
  • 8. Ultrasonic waves to control Audio Devices • So, sound needs a medium to be transmitted. • This leverages the very same. It uses the acoustic properties of solids (like tables). • Piezoelectric transmitters – They use ultrasonic waves • Basically attackers send data to the MEMS recievers and with any eavesdropping tech can easily extract info. MEMS (microelectro-mechanical systems)
  • 9. AMD Processors vulnerable to 2 side channel attacks • Just like Meltdown and Spectre? But less serious (lesser information is compromised) • Name of Take-a-way leak
  • 10. Intel Chip Flaw is unfixable • The problem lies in the Converged Security and Management Engine (CSME). • There are no active exploits and exploitation is difficult.
  • 12. Necurs Takedown • MSFT broke the domain generation algorithm (DGA) • Were able to accurately predict over six million unique domains that would be created in the next 25 months
  • 13. Sources Scammers are Exploiting Coronavirus Fears • https://www.vox.com/recode/2020/3/5/21164745/coronavirus-phishing-email-scams • https://www.kaspersky.com/blog/coronavirus-phishing/32395/ Chrome Extensions caught Stealing Data • https://thehackernews.com/2020/02/chrome-extension-malware.html Microsoft Bitdefender on Linux • https://www.av-test.org/en/antivirus/home-windows/ The Wifi Encryption Vulnerability • https://www.eset.com/int/kr00k/ • https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf • https://crypto.stackexchange.com/questions/54897/how-can-an-all-zero-encryption-key-result-in- plaintext
  • 14. Sources CPI Ransomware Attack • https://techcrunch.com/2020/03/05/cpi-ransomware-defense-contractor/ Ultrasonic waves to control Audio devices • https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html • https://www.edn.com/basic-principles-of-mems-microphones/ AMD Processors vulnerable to 2 new side-channel attacks • https://www.engadget.com/2020/03/08/amd-cpu-take-a-way-data-leak-security-flaw/ Intel Chip flaw is unfixable • https://www.sans.org/newsletters/newsbites/xxii/19 Necurs Takedown • https://thehackernews.com/2020/03/necurs-botnet-takedown.html