‘ShrinkLocker’ ransomware uses BitLocker against you — encryption-craving malware has already been used against governments


BitLocker has been weaponized again by the new “ShrinkLocker” ransomware attack. The attack uses novel methods to make a classic BitLocker attack more pervasive and dangerous than ever before, and it has already been used against governments and manufacturing industries. 

Kaspersky, known for its Kaspersky Anti-Virus and class-leading malware research, identified the new strain in Mexico, Indonesia, and Jordan, so far only against enterprise PCs. Attacks using BitLocker, an optional Windows feature that encrypts PC hard drives commonly used in the enterprise world, are not new. But ShrinkLocker is unique thanks to new innovations.

Source…

Ebury Botnet Expanding: Malware Continues to Steal Cryptocurrency – News Bytes Bitcoin News – Bitcoin.com News



Ebury Botnet Expanding: Malware Continues to Steal Cryptocurrency – News Bytes Bitcoin News  Bitcoin.com News

Source…

Hacking phones is too easy. Time to make it harder


In the mid-1960s enterprising hackers realised that if they blew a particular toy whistle down the phone, they could trick the network into routing their call anywhere, free. When phone networks got wind of this, they changed how the system worked by splitting the channel carrying the voice signal from the one managing the call. One result was the Signalling System 7, which became a global standard in 1980. ss7 stopped “phone phreaks”, as they were known. But the system, built when there were only a handful of state-controlled telecoms companies, has become woefully inadequate for the mobile age, leaving dangerous vulnerabilities at the heart of international phone networks. It is time to fix them.

For more than 15 years experts have known that SS7 (or, occasionally, a later system called Diameter) could be abused to locate a phone user, intercept their text or voice data, or send texts or spyware to a device. Russia has exploited SS7 to track dissidents abroad. In 2018 the United Arab Emirates is thought to have used it to find and then abduct a fugitive princess. Earlier this year an American cyber-security official told the Federal Communications Commission (FCC), a regulator, that similar attacks had taken place in America.

Source…

How Secure Is The Metaverse? (A Look At Cyber Threats And Defenses)


The Metaverse represents the next evolution of the internet, where people can interact with other people and a computer-generated environment in real time. It is a blend of various virtual worlds, augmented reality, and digital spaces, creating a seamless digital universe. Key players like Facebook (Meta), Google, and Microsoft are heavily investing in this space, signaling its vast potential.

As the Metaverse grows, it brings along several cybersecurity challenges. Privacy concerns are paramount, with users’ personal data at risk of being exposed. Data breaches pose a major threat, leading to the misuse and theft of sensitive information. In the Metaverse, identity theft can result in serious repercussions, such as financial losses and damage to one’s reputation.

In “Once Upon Tomorrow,” Shurick Agapitov, founder of Xsolla and a visionary in the digital space, points to the lessons learned from Web 2.0’s privacy and security missteps and notes the rise in cybersecurity spending as an indicator of the critical need for secure digital spaces. He notes a trend toward more transparent customer data handling, with businesses increasingly committing not to sell user information. This shift is crucial for building trust in the Metaverse, where users will seek assurances that their data and interactions are protected.

Once Upon Tomorrow” serves as a call to action for the tech industry to prioritize security and trust in the development of the Metaverse. Agapitov envisions a future where these elements are not afterthoughts but foundational components of digital innovation. His book challenges developers, policymakers, and stakeholders to consider cybersecurity a cornerstone of Metaverse development, ensuring it becomes a safe, inclusive, and empowering space for all users.

Current regulations are struggling to keep up with the fast evolution of the Metaverse. There is an urgent need for new regulatory frameworks to tackle the distinct challenges of the digital world. Future regulations must consider the protection of digital identities, virtual…

Source…