Category Archives: Security Research

Hacker vs. machine at DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas

Posted on by

The first-of-its-kind hacking contest will challenge security researchers to infiltrate and potentially compromise AI chatbots.

The post Hacker vs. machine at DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas appeared first on CyberScoop.

Continue reading Hacker vs. machine at DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas

Can a White House initiative compel tech companies to write safer code?

Posted on by

Software liability reform is a centerpiece of the Biden’s recent national cybersecurity strategy. Implementing it will be a challenge.

The post Can a White House initiative compel tech companies to write safer code? appeared first on CyberScoop.

Continue reading Can a White House initiative compel tech companies to write safer code?

Car hackers discover vulnerabilities that could let them hijack millions of vehicles

Posted on by

Security researchers spent months diving into vehicles and found multiple vulnerabilities impacting everything from safety to personal data.

The post Car hackers discover vulnerabilities that could let them hijack millions of vehicles appeared first on CyberScoop.

Continue reading Car hackers discover vulnerabilities that could let them hijack millions of vehicles

Patreon security team layoffs cause backlash in creator community

Posted on by

A former Patreon employee told CyberScoop that after the layoffs “there are no qualified security personnel” at the company.

The post Patreon security team layoffs cause backlash in creator community appeared first on CyberScoop.

Continue reading Patreon security team layoffs cause backlash in creator community

DOJ changes to CFAA guidance are overhyped, lawyers say

Posted on by

The Department of Justice’s guidance on when and how to charge defendants for violating CFAA remains ambiguous, lawyers say.

The post DOJ changes to CFAA guidance are overhyped, lawyers say appeared first on CyberScoop.

Continue reading DOJ changes to CFAA guidance are overhyped, lawyers say

DOJ revises computer fraud prosecution standards to ease off ‘good-faith’ research

Posted on by

The policy revision instructs prosecutors not to target good-faith security research under the historically fraught law.

The post DOJ revises computer fraud prosecution standards to ease off ‘good-faith’ research appeared first on CyberScoop.

Continue reading DOJ revises computer fraud prosecution standards to ease off ‘good-faith’ research

New details emerge on prolific Conti-linked cybercrime group

Posted on by

Google’s Threat Analysis Group is calling the hackers Exotic Lily, and it says they employed relatively novel tactics.

The post New details emerge on prolific Conti-linked cybercrime group appeared first on CyberScoop.

Continue reading New details emerge on prolific Conti-linked cybercrime group

Sandworm-linked botnet has another piece of hardware in its sights

Posted on by

The CyclopsBlink botnet is now targeting internet routers from hardware maker ASUS, Trend Micro researchers said.

The post Sandworm-linked botnet has another piece of hardware in its sights appeared first on CyberScoop.

Continue reading Sandworm-linked botnet has another piece of hardware in its sights

Researchers show how to tamper with medication in popular infusion pumps using software flaws

Posted on by

McAfee security researchers on Tuesday said they had found multiple vulnerabilities in infusion pump software that, under certain conditions, a skilled hacker could use to alter a patient’s medication dose to a potentially unsafe level. The vulnerabilities are in equipment made by multinational vendor B. Braun that are used in pediatric and adult health care facilities in the United States. While there are no reports of malicious exploitation of the flaws, the research illustrates the challenge of securing devices conceived decades ago from 21st-century digital threats. The findings come as the health care sector reckons with a series of ransomware attacks that hit aging hospital computer networks during the pandemic. Medical devices “remain vulnerable to legacy issues that have persisted for many years and have exceptionally slow update or upgrade cycles,” said Steve Povolny, who heads the Advanced Threat Research team at McAfee. In a statement, B. Braun said the […]

The post Researchers show how to tamper with medication in popular infusion pumps using software flaws appeared first on CyberScoop.

Continue reading Researchers show how to tamper with medication in popular infusion pumps using software flaws

Mozi botnet gets stealthier in infecting Huawei network gateways and other gear

Posted on by

The authors of a prolific internet-of-things botnet called Mozi have developed new capabilities for their malicious software to linger on infected device and avoid detection, Microsoft researchers said Thursday. A botnet is a horde of compromised computers that attackers use to distribute spam or ransomware, or conduct distributed denial of service (DDoS) attacks. The Mozi botnet’s malware now has features catered to networking equipment made by popular vendors Netgear, Huawei and ZTE so that the malicious code lives on when the device is rebooted, according to the research. The features could also make it harder for other malicious hackers to wipe code off of infected devices — malicious-on-malicious activity that is a feature of the scamming ecosystem. For network defenders, it’s an unwelcome development from a botnet that has been used to steal data and conduct DDoS attacks since surfacing in 2019. IBM researchers said last year that Mozi accounted […]

The post Mozi botnet gets stealthier in infecting Huawei network gateways and other gear appeared first on CyberScoop.

Continue reading Mozi botnet gets stealthier in infecting Huawei network gateways and other gear