Chinese researchers crack fingerprint scanners on smartphones

Recent research has spotlighted vulnerabilities in the fingerprint authentication systems of smartphones from leading manufacturers. Leveraging Artificial Intelligence (AI), these vulnerabilities were identified and exploited, raising concerns about the security of biometric verification systems.

HTNet Chinese researchers crack fingerprint scanners on smartphones

Fingerprint authentication, a cornerstone of modern device security, is not as infallible as once believed. Recent investigations have illuminated substantial susceptibilities within the software frameworks of devices manufactured by premier companies, including Samsung, Xiaomi, HUAWEI, Vivo, OnePlus, and OPPO. These vulnerabilities were not only identified but also manipulated, utilizing sophisticated Artificial Intelligence (AI) methodologies, thereby accentuating the imperative for the fortification of security protocols. (more…)

Continue ReadingChinese researchers crack fingerprint scanners on smartphones

Search Marquis malware easily bypasses built-in Mac defenses

Back in the day, when malware makers capitalized on eroding the PC landscape, the Mac was a godsend for the average security-minded user. Things have changed, though, and so has the status quo in the cybercrime arena. Over the past few years, threats targeting computers with macOS under their hoods have seen a dramatic spike. Here we are now – adware, rogue optimizers, ransomware, and crypto-miners have gone from marginal to commonplace in this once-safe environment. Moreover, some of these culprits are treacherous enough to survive major system security updates as well as the native malware countermeasures for an insanely long time. A prolific browser hijacker called Search Marquis is a prime example of such a threat.

This piece of malicious code shows its sharp fangs by repeatedly redirecting a victim’s web sessions in Safari, Chrome, and Firefox to searchmarquis.com. From there, the traffic wanders through interstitial domains such as searchbaron.com, nearbyme.io, and r.a9g.io until it hits Bing. As odd as it may sound, Microsoft’s search engine has been an element of similar browser manipulation schemes for quite a while. Why? Probably because it works well as a red herring in such chicanery. It smokescreens everything that happens before the victim reaches the landing page, including ad networks that fit the profit model of Search Marquis masters. (more…)

Continue ReadingSearch Marquis malware easily bypasses built-in Mac defenses

Online extortionists going after HPE iLO interfaces

Internet threat actors are constantly diversifying their portfolio of attack mechanisms and targets. When it comes to the extortion vector, things no longer boil down to attacking individual computers or enterprise IT networks. In a recent defiant move, a group of hackers have been targeting HPE iLO 4 interfaces. This technology stands for HPE Integrated Lights-Out, a proprietary framework by Hewlett-Packard that allows administrators to access and manage some HP servers remotely. The admin can use their regular web browser to log in and do their settings tweaking or maintenance job, for instance, reboot the server and view details on its current status.

Security analysts have stumbled upon incidents where malefactors replaced HPE iLO 4 login screen with a ransom note named “Security Notice: Basic principles of Data Anonymization”. It says the server’s hard disk is encrypted using RSA-2048 asymmetric cipher, and to decrypt the data the victim needs to obtain the private key. In order to get this secret code, the plagued user is instructed to contact the attacker at 15fd9ngtetwjtdc@yopmail.com and follow the steps provided in a reply. Ultimately, the recover process is a matter of paying 2 BTC (about $19,000) to the crooks’ Bitcoin address. (more…)

Continue ReadingOnline extortionists going after HPE iLO interfaces

The New Wave of MongoDB Attacks – Bigger Than Before

IT specialists warn about the resumption of extortion attacks aimed at misconfigured MongoDB servers.

The first wave of MongoDB attacks was observed in late 2016. Dozens of criminal groups hacked vulnerable MongoDB servers that time. After that, they also targeted ElasticSearch, Hadoop, CouchDB, Cassandra, and MySQL.

Cybercriminals used to erase all information from the databases and demanded a ransom from the owners of the servers. Importantly this was a bluff as criminals were not able to get the data back because and as stated earlier they completely delete all data during the attack.

This week extortionists stepped up again. Although the number of attackers is small compared to the cases occurred in the beginning of the year, new criminal groups involved have approached the situation on a grand scale. New attacks cause much more damage. For example, if in winter criminals managed to compromise 45,000 databases per month, now the Cru3lty group broke 22,449 databases in one week. (more…)

Continue ReadingThe New Wave of MongoDB Attacks – Bigger Than Before

BlackBerry Z10: Well or Over-Priced?

BlackBerry Z10

Smartphone users are willing to pay top ringgit for their handsets because in today’s world, our phones are capable of everything from streaming music and movie content to navigating your route and even translating a foreign language. Of course, when we shell out our hard-earned cash for a new handset, we expect it to offer the most-up-to date technology on the market. The new BlackBerry Z10 device has been touted as a worthy competitor to phones from manufacturers like

Samsung and Android, and its recommended retail price reflects that notion. But is the Z10 really worth its high price tag? Read on to find out: (more…)

Continue ReadingBlackBerry Z10: Well or Over-Priced?

National Instruments, TPM and SME Corp. Malaysia Set-up Academy and Innovation Nucleus for Malaysian SMEs

PUTRAJAYA, Malaysia, 13 September 2012 – National Instruments (NI) announced the establishment of the National Instruments Academy & Innovation Nucleus (NI-AIN), in collaboration with Technology Park Malaysia Corporation Sdn Bhd (TPM) and SME Corp. Malaysia The three parties signed a Memorandum of Understanding (MoU) witnessed by YB Datuk Seri Panglima Dr Maximus Johnity Ongkili today in Putrajaya. (more…)

Continue ReadingNational Instruments, TPM and SME Corp. Malaysia Set-up Academy and Innovation Nucleus for Malaysian SMEs

Protecting Your Tablet from Viruses

Readers of HTNet would probably notice that I’ve not been updating as frequently as I used to. Well, due to tons of changes in my life (mostly positive ones), updating this blog is not one of my top priorities right now.

Therefore, I am accepting guest blogging on HTNet and the first one will be this post from dailysmartphone.net

Azmeen

Rapidly growing sales of tablet PCs and Samsung Galaxy S3 in Poland – this year, 300000 new devices of this type could hit our market. Not surprisingly, there are also safety packages for tablets. (more…)

Continue ReadingProtecting Your Tablet from Viruses