Tag: vulnerable | Page 4

Virtual realty headsets are vulnerable to hackers

August 8, 2023/in Computer Security

While Augmented Reality (AR) and Virtual Reality (VR) are envisioned as the next iteration of the internet immersing us in new digital worlds, the associated headset hardware and virtual keyboard interfaces create new opportunities for hackers.

UCR tem — Nael Abu-Ghazaleh, Jiasi Chen, Yicheng Zhang, and Carter Slocum

Such are the findings of computer scientists at the University of California, Riverside, which are detailed in two papers to be presented this week at the annual Usenix Security Symposium in Anaheim, a leading national conference on cyber security.

The emerging metaverse technology, now under intensive development by Facebook’s Mark Zuckerberg and other tech titans, relies on headsets that interpret our bodily motions — reaches, nods, steps, and blinks — to navigate new worlds of AR and VR to play games, socialize, meet co-workers, and perhaps shop or conduct other forms of business.

A computer science team at UCR’s Bourns College of Engineering led by professors Jiasi Chen and Nael Abu-Ghazaleh, however, has demonstrated that spyware can watch and record our every motion and then use artificial intelligence to translate those movements into words with 90 percent or better accuracy.

“Basically, we show that if you run multiple applications, and one of them is malicious, it can spy on the other applications,” Abu-Ghazaleh said. “It can spy on the environment around you, for example showing people are around you and how far they are. And it can also expose to the attacker your interactions with the headset.”

For instance, if you take a break from a virtual game to check your Facebook messages by air typing the password on a virtual keyboard generated by the headset, the spyware could capture your password. Similarly, spies could potentially interpret your body movements to gain access to your actions during a virtual meeting in which confidential information is disclosed and discussed.

The two papers to be presented at the cybersecurity conference are co-authored Abu-Ghazaleh and Chen toether with Yicheng Zhang, a UCR computer science doctoral student, and Carter Slocum, a visiting Assistant Professor at Harvey Mudd College who earned his docorate at…

Source…

Medical Institutions Remain One of the Most Vulnerable Sectors to Ransomware Attacks

July 30, 2023/in Internet Security

London, United Kingdom, July 30, 2023 –(PR.com)– Experts weigh in on why the health is sector so vulnerable.

The healthcare sector experienced 64 ransomware attacks last year alone, according to research by NordLocker.

According to recent data, the belief that ransomware attacks only target wealthy organizations is a myth. In 2022, healthcare companies with annual profits ranging from $25-50 million experienced four ransomware attacks, while medical companies with profits between $11-25 million encountered 14 attacks. Medical institutions with profits of $1-5 million were not exempt because they also suffered four attacks. It is crucial to highlight that ransomware poses a greater threat to institutions with lower profits because cyberattacks can often lead to severe financial repercussions, including bankruptcy.

Ransomware attacks target large public hospitals and small private practices alike. The report reveals that even one-person private consultation offices are not immune to these attacks. In the year prior, healthcare institutions with 1,000-5,000 employees experienced four attacks, while those with 1-11 and 11-50 employees encountered 13 attacks.

It is important to note that ransomware attacks extend beyond hospitals and healthcare facilities. Biotech companies, pharmaceutical companies, social services, medical factories, and other organizations in the healthcare sector are also susceptible to such attacks.

As usual, most attacks target American businesses — 61% of all attacks are against the US healthcare sector. Spain and Canada are the other countries most affected by ransomware attacks, with almost 8% and 4.7% of attacks retrospectively.

Why is the health sector so vulnerable?

Experts agree that there are a variety of different reasons why healthcare is such a lucrative industry for cybercriminals.

“In general, hospitals and other medical institutions are a great target due to outdated systems, and lack of choice in solution providers because not all vendors can offer solutions for the medical field. Lack of investment is another factor,” says Aivaras Vencevicius, head of product for NordLocker.

The health care sector is also particularly vulnerable because of the…

Source…

Cybersecurity labeling for smart devices aims to help people choose those less vulnerable to hacking

July 27, 2023/in Internet Security

WASHINGTON — The Biden administration and major consumer technology players on Tuesday launched an effort to put a nationwide cybersecurity certification and labeling program in place to help consumers choose smart devices that are less vulnerable to hacking.

Officials likened the new U.S. Cyber Trust Mark initiative — to be overseen by the Federal Communications Commission, with industry participation voluntary — to the Energy Star program, which rates appliances’ energy efficiency.

“It will allow Americans to confidently identify which internet- and Bluetooth-connected devices are cybersecure,” deputy national security adviser Anne Neuberger told reporters in a pre-announcement briefing.

Amazon, Best Buy, Google, LG Electronics USA, Logitech and Samsung are among industry participants.

Devices including baby monitors, home security cameras, fitness trackers, TVs, refrigerators and smart climate control systems that meet the U.S. government’s cybersecurity requirements will bear the “Cyber Trust” label, a shield logo, as early as next year, officials said.

FCC Chairwoman Jessica Rosenworcel said the mark will give consumers “peace of mind” and benefit manufacturers, whose products would need to adhere to criteria set by the National Institute of Standards and Technology to qualify.

The FCC was launching a rule-making process to set the standards and seek public comment. Besides carrying logos, participating devices would have QR codes that could be scanned for updated security information.

In a statement, the Consumer Technology Association said consumers could expect to see certification-ready products at the industry’s annual January show, CES 2024, once the FCC adopts final rules. A senior Biden administration official said it was expected that products that qualify for the logo would undergo an annual re-certification.

The director of technology policy at Consumer Reports, Justin Brookman, welcomed the White House proposal but cautioned in a statement that “a long road remains” to its effective adoption.

“Our hope is that this label will ignite a healthy sense of competition in the marketplace, compelling manufacturers to safeguard both the security and…

Source…

Ransomware Trends Say Dallas Was Vulnerable Target

June 13, 2023/in Internet Security

(TNS) — Dogged police work into ransomware hacks rarely ends with authorities slapping handcuffs on thieves. The attackers are likely sophisticated foreign nationals operating out of Eastern Europe, perhaps under state protection. The culprits may never be brought to justice.

That’s why cybercrime experts say municipalities should spend money up front to protect computer systems and educate employees about the risks — or pay millions after a crippling computer attack.

“When you get hit with ransomware, law enforcement cannot come in with a magic wand and fix the problem,” said Scott Augenbaum, a retired FBI agent and current cybersecurity expert. “This needs to be a wakeup call that we have to start focusing on the prevention side.”

Dallas has been in the grip of a computer crisis since hackers broke into its system last month. The city’s computer data has been held hostage, literally, to the demands of unknown cybercriminals. The attack hampered public-facing services like the 311 complaint system, municipal courts and online water bill payments.

The Dallas Morning News talked to cybercrime experts and pored through federal court records and FBI testimony before Congress to understand the chances of catching such hackers and how to prevent the attacks.

Experts say organized criminal groups increasingly target underfunded American city and county governments, which tend to lag behind private companies in computer security. The hackers’ goal is not to steal data but to disrupt key government services until a ransom is paid.

“Most of this stuff could have been prevented,” said Augenbaum, who wrote a book, The Secret to Cybersecurity. “We’ve got to get people to take it seriously.”

Augenbaum said ransomware is not a technology arms race between the good guys and criminals. Most cyber fraud, he said, is committed using low-tech social engineering methods: emails, social media messages, spoof phone calls and texts.

A city or company could spend millions on the best security systems, and all it takes is a careless employee clicking on a bad link to put everything at risk, he said. One stolen…

Source…

Tag Archive for: vulnerable