Razzlekhan, the self-proclaimed Crocodile of Wall Street, pleads guilty to the biggest crypto laundering scheme in history, and just how safe are you typing while on a Zoom call?
Meanwhile, Graham rants about public EV chargers.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
It was discovered that PyPDF2 incorrectly handled PDF files with certain
markers. If a user or automated system were tricked into processing a
specially crafted file, an attacker could possibly use this issue to
consume system resources, resulting in a denial of service.
A number of popular crypto wallet providers have been affected by the vulnerabilities, including Coinbase WaaS, Zengo and Binance
You need to account for several factors when building an efficient governance control program. Here’s how CIS SecureSuite can help.
Check Point highlighted the necessity of understanding the the entire attack process of ransomware groups
Information involved in the incident includes names, dates of birth and medical claims information
USN-6243-1 fixed vulnerabilities in Graphite-Web. It was discovered that the
applied fix was incomplete. This update fixes the problem.
Original advisory details:
It was discovered that Graphite-Web incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
server-side request forgery and obtain sensitive information. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638)
It was discovered that Graphite-Web incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
cross site scripting and obtain sensitive information. (CVE-2022-4728,
CVE-2022-4729, CVE-2022-4730)
USN-4336-1 fixed several vulnerabilities in GNU. This update provides
the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that GNU binutils contained a large number of security
issues. If a user or automated system were tricked into processing a
specially-crafted file, a remote attacker could cause GNU binutils to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy.
“A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards”
Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever. This paper presents a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone integrated microphone. When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model. When trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium. Our results prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms. We discuss a series of mitigation methods to protect users against these series of attacks.
News article.
