-
The government of Ukraine supported the legalization of marijuana in the country
The Cabinet of Ministers of Ukraine supported the bill on the legalization of medical cannabis, it will also be used for post-traumatic stress disorders resulting from the armed conflict, said the head of the country's Ministry of Health Viktor Liashko."The Cabinet of Ministers supported the bill "On regulating the circulation of plants of the hemp genus (Cannabis) for medical, industrial purposes, scientific and scientific and technical activities to create conditions for expanding patients' access to the necessary treatment for oncological diseases and post-traumatic stress disorders resulting from the war," the minister said. He stressed that...
-
Security Researcher Discovers Vulnerability in Tesla Keycards
A security researcher has discovered a vulnerability in Tesla's NFC (Near-Field Communication) keycard system that allows attackers to add their own keycards without the knowledge of the victim. Last year, there was an undocumented change to the way the key card worked, after which users no longer had to put the card on the center console to change gear and go about their business. The only catch was the timer, set to 130 seconds, during which the gear had to be shifted.According to Austrian security researcher Martin Herfurt, the timer allowed not only to start...
-
Chinese hackers pose a growing threat
The Chinese APT group Aoqin Dragon has been known for its cyberattacks on government, educational and telecommunications organizations in Southeast Asia and Australia since 2013.According to the researchers, Aoqin Dragon may be related to the Naikon (Override Panda) faction. Both campaigns target users in Australia, Cambodia, Hong Kong, Singapore and Vietnam. The Aoqin Dragon campaign influences Asia-Pacific politics and contains a pornographic decoy document, as well as USB shortcuts to deploy the Mongall and Heyoka backdoors.Since 2018, Aoqin Dragon has been using a fake .LNK removable device shortcut that, when clicked, launches the RemovableDisc.exe executable....
-
Cloudflare repelled the most powerful DDoS attack
According to Cloudflare, the attack targeted an unnamed website for a customer using a free plan. The DDoS attack was carried out by a powerful botnet of 5067 devices, each node of which generated about 5200 RPS (requests per second) at its peak.The botnet created a stream of over 212 million HTTPS requests in less than 30 seconds. Attackers used more than 1500 networks in 121 countries. Approximately 3% of the attack went through Tor nodes.According to Cloudflare's Omer Joachimik, the hackers used hacked virtual machines and powerful servers from cloud service providers to carry...
-
Microsoft is working on a musical "doomsday vault"
Microsoft is working on a worldwide music vault that will store music for thousands of years. The Music Vault will be located in the same place as the World Seed Vault, in Svalbard.The Microsoft project is called Project Silica and is a glass hard drive capable of holding up to 100 GB of digital data. Quartz glass has a symmetrical molecular structure, which makes it more resistant to high temperatures and pressures."These discs will store the most important music files. They will go to storage and remain forever in history," says storage design firm Elire...
-
Vulnerabilities in HID Mercury access controllers allow attackers to remotely break into doors
Researchers at XDR company Trellix have discovered vulnerabilities in LenelS2, a physical security subsidiary of HVAC Carrier. However, HID Global has confirmed that all OEMs using certain hardware controllers are affected.Trellix researchers identified a total of 8 vulnerabilities, 7 of which were critical. The vulnerabilities can be exploited for RCE attacks, arbitrary command injection, DoS attacks, information substitution, and arbitrary file writing. Most of these vulnerabilities can be exploited without authorization, but they require a direct connection to the target system to exploit. According to Sam Quinn, senior security researcher at Trellix, such systems should...
-
Summer is the time for vacations and new phishing campaigns
According to Bitdefender security analysts, the spate of travel-themed phishing campaigns began in March and will continue throughout the summer.Phishing emails contain various promotional offers:· free air tickets;· gift cards;· discounts for renting an apartment or car;· all-inclusive offers.In phishing messages, scammers pose as well-known airlines (Delta, American Airlines, and United Airlines) or travel companies (Accor Hotels, Panorama Tours, and Meritus Hotels). On phishing sites, the user is strongly encouraged to complete a questionnaire and enter their personal data. The victim is also prompted to download an invoice for payment, which is actually malware. The...
-
The amount of the ransom to extortionists reached almost $1 million
According to experts, this year the average amount of ransom increased by 71% and reached almost $1 million. Unit 42 specialists said that the ransom paid for 5 months of 2022 averaged about $925 thousand.“This represents a rapid increase from previous years, when average ransom payments were $570,000 in 2021 and $310,000 in 2020,” Unit 42 said in a report.In 2016, companies were paying just $500 to cybersecurity professionals, and now organizations are paying large ransoms to ransomware. Attackers infect the corporate network with ransomware and block user access to computers. Cybercriminals encrypt confidential information...
-
Hackers remove iPhone activation lock for a small fee
The Checkm8.info hacker forum offers users a convenient way to remove iPhone activation lock using a paid service. However, iOS security analysts believe that the service is being used by thieves to unlock stolen Apple devices.Activation Lock is enabled when you start Find My and prevents anyone from activating the device until the owner enters the requested credentials. To bypass such protection, hackers use checkra1n, an open source jailbreak tool released in 2019. Checkra1n uses an exploit called Checkm8, developed by security researcher Axi0mX. According to information from the cybercriminals' website, the exploit is only...
-
Microsoft foiled a dangerous attack by Iranian hackers Bohrium
Microsoft's Digital Crimes Unit (DCU) thwarted a phishing campaign by Iranian hacker group Bohrium that targeted users in the US, India and the Middle East. According to Microsoft DCU CEO Amy Hogan-Burney, Bohrium has carried out attacks on governments and organizations in technology, transportation, and education.Microsoft has disabled 41 domains used in the campaign to build a command and control infrastructure so attackers can deploy malware. Hackers gained access to targeted devices and stole information from compromised systems.According to Microsoft's evidence, Iranian hackers accessed and sent malware without authorization to secure computers of Microsoft customers,...
