Tag Archive for: warned

Hackers break into Fred Hutch computer network, patients warned to watch accounts


Hackers broke into the computer networks at Fred Hutchinson Cancer Center two weeks ago.

The cancer center says it detected unauthorized activity Nov. 19. It’s now telling patients to monitor their bank statements and credit reports.

The breach happened on the clinical network. Fred Hutch has not revealed more details about what data was hacked, but says it will notify people whose information was involved.

The incident is being treated as a possible federal crime. The center has called in a forensic security firm to investigate, and notified federal law enforcement.

Clinics remain open but the clinical computer network used by personnel was taken offline for security.

The center tells patients to report any suspicious bank activity and to review identity theft prevention tips by the Federal Trade Commission.

Source…

Android Users Warned Of 2 Zero-Day Exploits, Including Spy-On-Phone Attack


Google has announced an October security update for all Android users that addresses more than 50 vulnerabilities and includes fixes for two zero-days already known to be exploited by malicious attackers.

CVE-2023-4863 Is The Same Vulnerability That Led To Zero-click iPhone Spyware Attacks

The first of the zero-day vulnerabilities may sound familiar to regular readers, as well it might. CVE-2023-4863 is none other than the same one impacting the libwebp open-source library that led to recent emergency updates for 1Password, Signal, Chrome, Edge and Firefox, among others.

MORE FROM FORBESCritical New 1Password, Signal, Chrome, Edge, Firefox Emergency Security Updates

This critical buffer overflow vulnerability can lead to remote code execution and appears to be the same flaw that is addressed as CVE-2023-41064 by Apple and used in a zero-click iMessage exploit chain to install spyware onto previously fully patched iPhones.

Although there is currently no evidence that Android users are being targeted by the same iPhone spyware attack, as identified by Citizen Lab and Google’s Threat Analysis Group in September, it remains flagged as exploited in the wild. As such, all users of Android devices are urged to install the October security update as a matter of some urgency.

MORE FROM FORBESNew Critical Security Warning For iPhone, iPad, Watch, Mac-Attacks Underway

CVE-2023-4211 Known To Be Under Targeted Attack

The second zero-day vulnerability, CVE-2023-4211, included within the October security update, is stated, along with CVE-2023-4863, as potentially being “under limited, targeted attack,” according to the Google security advisory. Arm also points to there being evidence of the same targeted attack in a security advisory to users.

There’s a lack of detailed technical information regarding CVE-2023-4211 beyond the fact that it resides in the Arm Mali GPU driver and is a use-after-free issue that could allow for data manipulation.

As Ionut Arghire reports, however, such vulnerabilities have previously been known to be connected with…

Source…

I’m a security expert – Android, iPhone users warned they ‘can’t trust their ears’ as eerie AI call raids bank accounts


CYBERSECURITY experts have warned billions of Android and iPhone users that they might not be able to trust their own ears from scammers looking to raid their banks. 

As artificial intelligence continues to develop, cybersecurity and anti-virus software provider Kaspersky Lab is warning people of scammers using deep-fake technology in phone calls. 

Cybersecurity experts are warning smartphone users of scammers using voice deepfakesCredit: Getty
The scams use fake audio recordings in an attempt to steal money and personal dataCredit: Getty
The technology compresses two recordings togetherCredit: Niral Shah/Stanford/K. Qian, Y. Zhang, S. Chang, et al

Also known as voice cloning or voice conversion, the cyber security company highlighted voice deep fakes in a recent blog post. 

According to the company, this technology is based on autoencoders, which compresses input data into a compact internal representation before learning to decompress it back, restoring the original data. 

In other words, the AI program will first be given data such as two audio recordings – one with the original audio and words, and the other with the voice it wants to use instead. 

Next, the system determines what was said in the first recording and how the voice in the second recording speaks – such as various inflections or accents. 

Read More on Artificial Intelligence

Then, the system will combine these two compressed representations together to then generate the voice in the second recording saying the words from the first. 

While this technology might seem harmless to some – or the foundations of a good prank – it can be very dangerous when put in the wrong hands. 

Kaspersky Lab detailed that scammers have been using this technology for years to target companies and individuals worldwide. 

In 2019, for example, criminals used AI software to create fraudulent money transfer requests supposedly from the chief executive officers of an energy firm in the United Kingdom. 

Not only did the scammers use the technology to make the initial request over the phone, they also falsified two additional phone calls to confirm the first transfer and request a second. 

Because the AI program had used a…

Source…

Billions of Android owners warned of ‘bank-raiding’ attack that can even get around security checks


ALL Android owners have been warned over a new strain of malware that can hide from antivirus programmes.

It is reportedly capable of stealing sensitive data, such as banking information and also deploying nasty ransomware.

It can record all ongoing calls and steal contacts from the victim’s deviceCredit: Getty Images – Getty

Ransomware is a type of virus which stops users from being able to access their own devices – as well as everything that’s stored on it.

It encrypts files and leaves the device essentially useless and the user locked out.

Criminal cyber gangs use this as a ploy to demand ransom from their victim.

Cybersecurity experts at CloudSEK’s threat intelligence research team rang the alarm on this new form of virus.

The malware, which researchers have dubbed Daam, is targeting Android phones as well as Windows PCs.

But Daam was found to be particularly invasive on mobile phones.

It has the ability to record audio from an Android device, without any action from the owner of the phone.

Not only can it also read call logs, but it can record all ongoing calls and steal contacts from the victim’s device.

Most read in Phones & Gadgets

Even WhatsApp calls – or audio conversations via other messaging apps – aren’t safe.

This means that if Android owners disclose any sensitive information in those calls – such as banking details – it could be used against them.

The malware is being downloaded accidentally by unsuspecting Android owners when they visit third-party sites, according to researchers.

To stay safe, it’s important Android owners make sure they only download apps from legitimate sources.

It’s also helpful to check reviews before downloading anything, and to make sure the phone’s operating and security systems are up to date.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]


Source…