Researchers track hacking ‘fingerprints,’ link Russian attackers to Windows exploit sellers

Researchers have developed a new technique to “fingerprint” cybercriminals, including two prolific sellers of Windows exploits. 

On Friday, researchers from Check Point said the “fingerprinting” technique has been used to link Windows local privilege escalation (LPE) exploits to two different authors, believed to have sold their creations previously to Russian advanced persistent threat (APT) groups as well as other clients. 

In a blog post, the cybersecurity firm said that the technique was developed off the back of a customer response incident, in which a small 64-bit executable was found during an attack.

After analyzing the file, the team found unusual debug strings that pointed to an attempt to exploit a vulnerability on one of the target machines. The file contained a leftover PDB path — “…cve-2019-0859x64ReleaseCmdTest.pdb” — which indicated the use of a real-world exploit tool. 

Digging further, Check Point decided to try and “fingerprint” unique identifiers recognizable as

Read More

New Ucam security camera is powered by the blockchain

Silicon Valley,CA-based open source platform IoTeX wants to extend the concept of the Internet of Things and bring its vision alive for the Internet of Trusted Things. And it is using the blockchain to bring privacy to your security.

Hacks of internet connected devices such as Ring and Nest have made consumers increasingly wary of adequate security due to insufficient emphasis on security and privacy for these types of devices

It has partnered with Shenzen, China-based specialist camera manufacturer Tenvis to co-develop the Ucam security camera.

The Ucam applies blockchain, end-to-end encryption, and edge computing technology so that users can own, control, and share the videos captured by their Ucam to guarantee that access to their camera is impossible.

With Ucam, all computing is done locally on the Ucam device or the user’s mobile phone, removing the need for centralized servers. When in transit, data is end-to-end encrypted using

Read More

NE US regional contact-tracing app network adds New York, New Jersey states

Just a week after nearby Pennsylvania announcing its own mobile technology solution to aid in its fight to prevent the spread of Covid-19, the states of New York and New Jersey have launched their own contact-tracing apps.

Governor Andrew M. Cuomo and New Jersey Governor Phil Murphy officially launched the Covid Alert NY and Covid Alert NJ exposure notification mobile apps in their respective states that they will serve as crucial tools to supplement the effort to trace and contact individuals subject to a Covid exposure.

With the launch, New York and New Jersey join Pennsylvania and Delaware in creating a regional Covid Alert app network that the states say will now operate across state lines. Connecticut has also announced it will launch the Exposure Notification System in the coming weeks.

The app uses Bluetooth Low Energy (BTE) and API technology from Google and Apple to allow mobile phones with

Read More

A look at Arise, which offers work-from-home call center contractors to companies like Disney, Airbnb, and Apple, and how it strips workers of legal protections (ProPublica)


ProPublica:

A look at Arise, which offers work-from-home call center contractors to companies like Disney, Airbnb, and Apple, and how it strips workers of legal protections  —  Arise Virtual Solutions, part of the secretive world of work-at-home customer service, helps large corporations shed costs at the expense of workers.… Read More