Tag Archive for: Audio

Should hospital ransomware attackers be locked up for life? [Audio + Text] – Naked Security

/in


Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone?

With Doug Aamoth and Paul Ducklin.

DOUG.  Legal troubles abound, a mysterious iPhone update, and Ada Lovelace.

All that and more on the Naked Security Podcast.

[MUSICAL MODEM]

Welcome to the podcast, everybody.

I am Doug Aamoth; he is Paul Ducklin.

Paul, how do you do today, Sir?

DUCK.  I’m very well, Doug…

…except for some microphone problems, because I’ve been on the road a little bit.

So if the sound quality isn’t perfect this week, it’s because I’ve had to use alternative recording equipment.

DOUG.  Well, that leads us expertly into our Tech History segment about imperfection.

DUCK.  [IRONIC] Ohhhhh, thanks, Doug. [LAUGHS]

DOUG.  On 11 October 1958, NASA launched its first space probe, the Pioneer One.

It was meant to orbit the moon, but failed to reach lunar orbit thanks to a guidance error, fell back to Earth, and burned up upon re-entry.

Though it still collected valuable data during its 43 hour flight.

DUCK.  Yes, I believe it got to 113,000km above the Earth… and the Moon is just shy of 400,000 kilometres away.

My understanding is it went off target a bit and then they tried to correct, but they didn’t have the granularity of control that they do these days, where you run the rocket motor for a little tiny burst.

So they corrected, but they could only correct so much… and in the end they figured, “We’re not going to make it to the moon, but maybe we can get it into a high Earth orbit so it’ll keep going around the Earth and we can keep getting scientific measurements?”

But in the end it was a question of, “What goes up… [LAUGHS] must come down.”

DOUG.  Exactly. [LAUGHS]

DUCK.  And, as you say, it was like shooting a very, very, very powerful bullet way into outer space, well above the Kármán line, which is only 100km, but in such a direction that it didn’t actually escape the influence of the Earth altogether.

DOUG.  Pretty good for a first try, though?

I mean, not bad… that’s 1958, what…

Source…

WhatsApp’s cloned app spying on Indians via recording video, audio

/in


New Delhi: India is among the countries with highest number of Android trojan detections and a cloned, third-party unofficial version of WhatsApp is leading in spying on people’s chats in the country, a new report has warned.

Behind a large portion of Android spyware detection in the past four months was ‘GB WhatsApp’ — a popular but cloned third-party version of WhatsApp, according to the report by cyber-security firm ESET.

Such malicious apps have a wide range of spying capabilities, including recording audio and video.

MS Education Academy

“The cloned app is not available on Google Play and, therefore, there are no security checks in place compared with the legitimate WhatsApp, and versions available on various download websites are riddled with malware,” said the report.

India (35 per cent) was also ranked second after China (53 per cent) as the geolocation for bots making up the largest internet of things (IoT) botnet called ‘Mozi’ from May to August 2022.

The IoT botnet ‘Mozi’ saw the number of bots drop by 23 per cdnt from 500,000 compromised devices to 383,000 in May-August.

However, China and India continued to have the highest number of IoT bots geolocated inside the respective countries.

“These statistics confirm the assumption that the ‘Mozi’ botnet is on autopilot, running without human supervision since its reputed author was arrested in 2021,” said the report.

Even with declining numbers, Russian IP addresses continued to be responsible for the largest portion of remote desktop protocol (RDP) attacks.

“Russia was also the country that was most targeted by ransomware, with some of the attacks being politically or ideologically motivated by the war,” said Roman Kovac, Chief Research Officer at ESET.

The report also examined threats mostly impacting home users.

“In terms of threats directly affecting virtual and physical currencies, a web skimmer known as Magecart remains the leading threat going after online shoppers’ credit card details,” said Kovac.

Source…

This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text] – Naked Security

/in


With Doug Aamoth and Paul Ducklin.

DOUG.  A critical Samba bug, yet another crypto theft, and Happy SysAdmin Day.

All that and more, on the Naked Security podcast.

[MUSICAL MODEM]

Welcome to the podcast, everybody.

I am Doug Aamoth.

With me, as always, is Paul Ducklin… Paul, how do you do today?

DUCK.  Excellent, thank you, Douglas.

DOUG.  We like to start the show with some tech history.

And this week, Paul, we’re going way back to 1858!

This week in 1858, the first transatlantic telegraph cable was completed.

It was spearheaded by American merchant Cyrus Westfield, and the cable ran from Trinity Bay, Newfoundland, to Valencia, Ireland, some 2000 miles across, and more than 2 miles deep.

This would be the fifth attempt, and unfortunately, the cable only worked for about a month.

But it did function long enough for then President James Buchanan and Queen Victoria to exchange pleasantries.

DUCK.  Yes, I believe that it was, how can I put it… faint. [LAUGHTER]

1858!

What hath God wrought?, Doug! [WORDS SENT IN FIRST EVER TELEGRAPH MESSAGE]

DOUG.  [LAUGHS] Speaking of things that have been wrought, there is a critical Samba bug that has since been patched.

I’m not an expert by any means, but this bug would let anyone become a Domain Admin… that sounds bad.

DUCK.  Well, it sounds bad, Doug, mainly for the reason that it *is* rather bad!

DOUG.  There you go!

DUCK.  Samba… just to be clear, before we start, let’s go through the versions you want.

If you’re on the 4.16 flavour, you need 4.16.4 or later; if you’re on 4.15, you need 4.15.9 or later; and if you’re on 4.14, you need 4.14.14 or later.

Those bug fixes, in total, patched six different bugs that were considered serious enough to get CVE numbers – official designators.

The one that stood out is CVE-2022-32744.

And the title of the bug says it all: Samba Active Directory users can forge password change requests for any user.

DOUG.  Yes, that sounds bad.

DUCK.  So, as the full bug report in the security advisory, the change log says, in rather orotund fashion:

“A user could change the password of the administrator account and gain total control over the domain. Full loss of…

Source…

Daily grabs another $40M so developers can add video, audio features to any product – TechCrunch

/in


We’ve all embraced video calls, whether it is with our work colleague or our physician, but for developers, it remains a challenge to build both real-time audio and video features into products.

That’s where Daily comes in. The company provides APIs so developers can add those features into products or websites using just two lines of code. Use cases include video calls, audio-only apps, webinars, live classes, interactive collaboration, e-commerce, customer support, IoT and robotics.

Since being founded in 2015, the company has amassed a customer list that includes AppFolio, HotDoc, Pitch, Kumospace and Teamflow, and its customers report seeing up to 80% fewer video call errors after using Daily, Kwindla Hultman Kramer, co-founder and CEO of Daily, told TechCrunch via email.

Following an 18-month time period of rapid growth, which included seeing from 10 times to 30 times increase in all the metrics the company tracks — overall traffic volume, freemium sign-ups, paid usage and the number of customers scaling applications on top of the platform — Daily today announced $40 million in Series B funding.

“The most interesting trend we’re seeing is that new use cases for video and audio are showing up every week,” Hultman Kramer said. “We’ve seen the growth of events platforms, new social/spatial video environments, live commerce, live classes, fitness and workout applications, and a huge amount of experimentation in education and tutoring, just to name a few.”

Renegade Partners led the round, which included new investors Heritage Group, Cendana Capital and Sean Rose, and participation from existing investors including Lachy Groom, Tiger Global, Freestyle Ventures, Slack Fund, Root VC, Moxxie, Haystack Ventures, Todd & Rahul’s Angel Fund, David Eckstein and Aston Motes.

The latest round brings total funding to over $60 million, which includes a $4.6 million round raised in May 2020. The company is not sharing its valuation, but Hultman Kramer revealed that valuation stepped up three times with each of the three funding rounds the company raised in the last 18 months.

The global video conferencing market was valued at $5.8 billion in 2020 and is expected to…

Source…