The new attack vector allows attackers to infect a victim’s computer without any resistance.
Cybersecurity Researchers at Black Lotus Labs fixed a new vector of compromising Windows computers that includes malicious Linux binaries built for Windows Subsystem for Linux (WSL).
The experts found a number of malicious files written in Python and compiled in the Linux ELF (Executable and Linkable Format) binary for the Debian distribution.
“While this approach was not particularly sophisticated, the novelty of using the ELF loader developed for the WSL environment gave this method a one or zero detection rate in Virus Total,” the researchers said.
Black Lotus believes this is perhaps the first time that attackers have misused WSL to inject malicious data into Windows installations. Researchers discovered malicious binaries in early May this year, which continued to appear every 2-3 weeks until August 22.
Python code acts as a loader and uses various Windows APIs to retrieve a remote file and then inject it into a running process.
Since most endpoint agents designed for Windows systems do not come with signatures to parse ELF files, this attack vector allows attackers to infect a victim’s computer without any resistance.
Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers
Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.
Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.
Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.
Xiaomi has released a profitable set of security camera and smart door locksmart door lock
Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.
The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.
Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.
As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.
In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.
“These are machines for sucking out personal data.” Prayer and mental health apps have poor security
Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.
The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.
The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.
These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.
The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.
They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing
Samsung cheated: the unique S95B QD-OLED TV turned out to be better than the company describes it
Earlier this year, Samsung introduced the S95B QD-OLED TV, which stands out with its new panel and 144Hz support. And...
Xiaomi 12 Ultra camera options have appeared. They are fully consistent with the characteristics of the camera Xiaomi 11 Ultra
It seems that, at least in terms of basic characteristics, the Xiaomi 12 Ultra camera will be completely identical to...
AMOLED screen and no 5G. Motorola Moto G42 is getting ready for release
Motorola seems to have decided to take the bull by the horns and actively expand its smartphone lineup amid impressive...
So who is more popular: Qualcomm or MediaTek? MediaTek leads the market in general, but Qualcomm is much more popular in almost all segments
Counterpoint analysts assessed the Android smartphone platform market in the first quarter of this year. This time, analysts decided to...
Wearables5 days ago
The latest Google Pixel Watch smartwatch may get the Samsung Exynos 9110 platform from 2018
Components6 days ago
AMD will do it again. Ryzen 7000 processors may be 25-35% faster than the current generation
Phones6 days ago
An improved version of the Huawei Mate 40 smartphone went on sale under the name TD Tech M40 in China
Components3 days ago
World’s first 14″ laptop with 75Wh battery and Magic OS. Honor MagicBook 14 unveiled with 2K screen, Intel Core 12 processors and GeForce RTX 2050 GPU