Research | SC Media

Research

Remote workers’ lack of corporate firewalls blamed for rise in malicious device activity

Since the coronavirus pandemic forced companies to enact sweeping work-from-home policies, the number of organizations whose devices have been compromised and forced to engage in malicious activity have at least doubled, according to new research released today. The researchers behind the study – conducted jointly by Arctic Security and Team Cymru – believe many of the affected…

Security in 2015: Biometrics

Researchers fool devices’ biometric scanners with replicated fingerprints

Researchers at Cisco Talos said they were able to fool biometrics-based user authentication technology on eight mobile devices by using 3D-printed molds to create replicates of users’ fingerprints. The process Talos researchers developed to fabricate a user’s biometric signature required a painstaking effort, and in real life would require either direct or indirect access to…

Every presidential campaign website executes suspicious third-party code

An analysis of 11 presidential campaign websites performed last September and again in December found multiple instances of potentially risky third-party code, unwanted code execution and unauthorized data tracking. According to a new report from The Media Trust, 81 percent of executing code on these websites was not internally developed, but rather from external third-party…

FBI tallied 467K cybercrime complaints in 2019, totaling $3.5B in losses

The FBI’s Internet Crime Complaint Center (IC3) last year fielded 467,361 complaints related to cybercrime activity that collectively cost victims $3.5 billion in losses, according the agency’s just released 2019 Internet Crime Report. The 2019 complaint count represents a nearly 33 percent increase from the 2018 total of 351,937, and the $3.5 billion figure also…

CISOs burdened by unhealthy stress levels, survey study finds

In a recent survey of 400 U.S.- and UK-based chief information security officers, an overwhelming number, 88 percent, said they find themselves under a moderate or high amount of job-related stress. Moreover, 48 percent admitted that the stress has affected their mental health, while 31 percent said their job performance has suffered, according to .uk…

Billie Eilish sweeps Grammys, but Taylor Swift leads with most malware files

Being nominated for a Grammy doesn’t not raise your Q-rating; it also, apparently, increases the likelihood that cybercriminals will appropriate your name or song tracks to trick targets into opening malicious files. Researchers at Kaspersky looked at 14 musical artists who were nominated this year for a major Grammy award and determined that in 2019…

Imaginative attack scenarios elicit intrigue at NYU’s CSAW cyber event

Using AI to create artificial fingerprints that can unlock strangers’ phones… abusing electric vehicle charging stations to overwhelm the power grid… exploiting 3D printer technology to execute an all-new form of supply chain attack… These may have once sounded like far-flung ideas, but top cyber minds at New York University have been actively exploring such…

We interviewed cyber experts on a Vegas ferris wheel. Then ride security showed up…

In the film “Ocean’s 11,” Danny Ocean and his team of expert cybercriminals execute a daring casino heist in glitzy Las Vegas. This past summer at the Black Hat and DEF CON conferences in Sin City, the editorial staff at SC Media attempted to pull off a less ambitious – and decidedly more legal –…

Metasploit Project publishes exploit for Bluekeep bug

Coders late last week publicly released a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft’s Remote Desktop Protocol implementation. Designated as CVE-2019-0708, BlueKeep is a remote Windows kernel use-after-free vulnerability that could be used to create wormable attacks similar to the WannaCry ransomware incident of May…

Next post in Research