Alena Zburnikova’s Post

New ‘Brokewell’ Smartphone Attack Drains Bank Accounts and Leaks Location, Posing ‘Significant Threat to Banking Industry’: Report ----------------------------------------------------------------------------------- Security researchers are issuing an urgent alert about a new malware attack that’s targeting Android users’ bank accounts. The malware, which has been nicknamed “Brokewell,” takes the form of a fake Google Chrome browser update webpage that mimics Google’s own messaging style... When users are directed to the page, they see a message stating that Chrome needs to be updated. If users fall for the fake ad, criminals gain full control of the device, allowing them to capture banking credentials as they’re entered on screen as well as record audio, collect information about the device, access call history and track geolocation data. ...the malicious application is a previously unknown malware family with a wide range of capabilities. ...We believe that only a comprehensive, multi-layered fraud detection solution—based on a combination of indicators, including device, behavior, and identity risks for each customer—can effectively identify and prevent potential fraud from malware families like the newly discovered Brokewell. Among other things, the agency recommends that people download well-known software directly from the source, avoid clicking potentially suspicious links, ignore pop ups, read browser security alerts and scan devices for malicious activity.

New Cuttlefish malware infects routers to monitor traffic for credentials ------------------------------------------------------------------------------- A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. ....Cuttlefish creates a proxy or VPN tunnel on the compromised router to exfiltrate data discreetly while bypassing security measures that detect unusual sign-ins. The malware can also perform DNS and HTTP hijacking within private IP spaces, interfering with internal communications and possibly introducing more payloads. ...corporate network admins eliminate weak credentials, monitor for unusual logins from residential IPs, secure traffic with TLS/SSL, inspect devices for rogue iptables or other abnormal files, and routinely reboot them. When establishing remote connections to high-value assets, it is advisable to use certificate pinning to prevent hijacking. For SOHO router users, it is recommended to reboot the devices regularly, apply the latest available firmware updates, change default passwords, block remote access to the management interface, and replace them when they reach end-of-life (EoL). https://lnkd.in/e85UMbhb.

Cool or creepy? Microsoft's VASA-1 is a new AI model that turns photos into 'talking faces' ------------------------------------------------------------------------------------- A new AI research paper from Microsoft promises a future where you can upload a photo, a sample of your voice and create a live, animated talking head of your own face. VASA-1 takes in a single portrait photo and an audio file and converts it into a hyper realistic talking face video complete with lip sync, realistic facial features and head movement. In the demo we see people talking as if they were being filmed, with slightly jerky but otherwise natural-looking movement. The lip sync is very impressive, with natural movement and no artefacts around the top and bottom of the mouth seen in other tools. One of the most impressive things about VASA-1 seems to be the fact it doesn't require a face-forward portrait style image to make it work.

Google Invests $1B in NoVA Data Centers, Starts New AI Course ------------------------------------------------------------------------ Google will invest $1 billion to expand its Virginia data centers while also launching an artificial intelligence fund that will help people learn essential AI skills, the company and Virginia’s governor announced Friday in Reston.  Google has two Loudoun County data center locations and a Prince William County campus. Its investment in Virginia now tops more than $4.2 billion. The company’s investment in technical infrastructure supports AI innovations and will help grow Google Cloud business, said Gov. Glenn Youngkin’s office. The NoVA data centers help power not only Google Cloud, but also Workspace. Workspace includes many services you may use: Gmail, Google Docs, Sheets, searching, and maps. https://lnkd.in/eA9MZpJE

Amazon Bets Big With CrowdStrike on Cybersecurity Products ---------------------------------------------------------------------- Amazon’s profit-driving cloud computing business, Amazon Web Services, has dropped other security products in favor of CrowdStrike’s cyber threat protection and response offerings, the two companies announced Thursday. https://lnkd.in/enr9ffj6

View my verified achievement from Proofpoint. Proofpoint Certified Email Authentication Specialists learn how email authentication can improve security, deliverability and help protect their brands, partners, and customers.

Google Chrome's new post-quantum cryptography may break TLS connections ------------------------------------------------------------------------------------- Some Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. ...since Google Chrome 124 and Microsoft Edge 124 started rolling out on desktop platforms last week, some web applications, firewalls, and servers will drop connections after the ClientHello TLS handshake. The issue also affects security appliances, firewalls, networking middleware, and various network devices from multiple vendors (e.g., Fortinet, SonicWall, Palo Alto Networks, AWS). These errors are not caused by a bug in Google Chrome but instead caused by web servers failing to properly implement Transport Layer Security (TLS) and not being able to handle larger ClientHello messages for post-quantum cryptography. A website named tldr.fail was created to share additional information on how large post-quantum ClientHello messages can break connections in buggy web servers, with details on how developers can fix the bug. Website admins can also test their own servers by manually enabling the feature in Google Chrome 124 using the chrome://flags/#enable-tls13-kyber flag. Once enabled, admins can connect to their servers and see if the connection causes an "ERR_CONNECTION_RESET" error. Affected Google Chrome users can mitigate the issue by going to chrome://flags/#enable-tls13-kyber and disabling the TLS 1.3 hybridized Kyber support in Chrome. Administrators can also disable it by toggling off the PostQuantumKeyAgreementEnabled enterprise policy under Software > Policies > Google > Chrome or contacting the vendors to get an update for servers or middleboxes on their networks that aren't post-quantum-ready. Microsoft has also released information on how to control this feature via the Edge group policies. However, it's important to note that long-term, post-quantum secure ciphers will be required in TLS, and the Chrome enterprise policy allowing disabling it will be removed in the future. https://lnkd.in/e2QnctqG.

IBM Confirms: It’s Buying HashiCorp ------------------------------------------ In the hybrid-cloud world, we all knew that HashiCorp, makers of the popular infrastructure as code (IaC) tool Terraform, was looking to be acquired. We also knew that switching Terraform’s open source Mozilla license for the Business Source License (BSL 1.1) had left plenty of unhappy Terraform developers and partners in its wake. Those open source users created a Terraform fork called OpenTofu. OpenTofu took off quickly, causing lawyers to get involved. But that kerfuffle didn’t stop IBM from announcing it was buying HashiCorp for a cool $35 per share, a deal adding up to a premium value of $6.4 billion. IBM chairman and CEO Arvind Krishna announced the acquisition in a Q1 financial call. Krishna remarked, “As generative AI continues to evolve, the complexities in tech strategies have significantly increased. HashiCorp’s stellar record in simplifying this modern infrastructure sprawl makes them an ideal addition to IBM’s hybrid cloud vision.” https://lnkd.in/eMtuhfvV

Another point of view on using biometrics on your phone...also there is interesting point in the comments to weight the risk. "I don’t engage in criminal activity, so I think the odds are more likely someone will try to sneak my passcode while entering it in public and take my phone than being in a situation where a cop will seize my phone and that will somehow lead to my arrest and criminal prosecution." -------------------------------------------- Stop Using Your Face or Thumb to Unlock Your Phone Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint. The court panel admitted from the outset “neither the Supreme Court nor any of our sister circuits have addressed whether the compelled use of a biometric to unlock an electronic device is testimonial.” The Electronic Frontier Foundation, a digital rights group, has offered guides for best practices when attending protests, and one of those is to turn off your thumbprint or face unlock before you hit the street. “The general consensus has been that there is more Fifth Amendment protection for passwords than there is for biometrics,”... “The 5th Amendment is centered on whether you have to use the contents of your mind when you’re being asked to do something by the police and turning over your password telling them your password is pretty obviously revealing what’s in your mind.” If your apps and messages aren’t already encrypted, it’s best to start considering services that are.

CISA Opens Its Internal Malware Analysis Tool For Public Use ------------------------------------------------------------------ The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its latest initiative: opening its advanced malware analysis system, Malware Next-Gen, to the public. Malware Next-Gen is a revolutionary approach to detecting and mitigating cyber threats and malicious software. With scalability and efficiency in mind, this next-generation platform allows governmental bodies, private organizations, security researchers, and individuals to submit malware samples and suspicious artifacts for comprehensive analysis. https://lnkd.in/ekDhgC26.