Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices

The hacker news | March 02, 2020

Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims' knowledge.Called "SurfingAttack," the attack leverages the unique properties of acoustic transmission in solid materials such as tables  to "enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight."In doing so, it's possible for an attacker to interact with the devices using the voice assistants, hijack SMS two-factor authentication codes, and even place fraudulent calls, the researchers outlined in the paper, thus controlling the victim device inconspicuously.

Spotlight

You work to protect your business from the impact of Distributed Denial of Service (DDoS) attacks, as well as other cyberattacks. You want to keep your customers’ trust in your service by maintaining the availability and responsiveness of your application. And you want to avoid unnecessary direct costs when your infrastructure must scale in response to an attack.

Spotlight

You work to protect your business from the impact of Distributed Denial of Service (DDoS) attacks, as well as other cyberattacks. You want to keep your customers’ trust in your service by maintaining the availability and responsiveness of your application. And you want to avoid unnecessary direct costs when your infrastructure must scale in response to an attack.

Related News

DATA SECURITY

Balbix Extends Cyber Security Posture Automation to AWS

Balbix | November 02, 2021

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of the Balbix Connector for AWS. As a result of the new offering, customers gain a comprehensive inventory of their assets spanning on-premises and cloud as well as the ability to discover, prioritize and mitigate unseen risks, including unpatched software vulnerabilities, weak credentials, missing or poor encryption, trust issues and cloud infrastructure misconfigurations. A surge in cloud adoption has made modern IT environments more complex and increased the enterprise attack surface. While gains have been made in cloud security, visibility remains siloed. Proactive cybersecurity tools are typically split into on-premises and cloud silos, making it extremely difficult to get a consolidated view into both environments. In addition, the ability to identify and address the most pressing risks requires the assistance of automation to successfully scale. Improved AWS Security Posture Management The new Connector for AWS provides support for the most popular AWS Cloud services including core services like Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Identity and Access Management (IAM); database and container services like Amazon Relational Database Service (Amazon RDS), and Amazon Elastic Kubernetes Service (Amazon EKS); and analytics services like Amazon OpenSearch Service. As a result, teams overseeing security of their AWS environments can: Get comprehensive visibility into cloud assets and accurately categorize them into compute, storage, network, and containers Discover exposure to common cloud attack vectors, especially misconfigurations – the most exploited attack vector for the cloud Measure risks in terms of the likelihood and monetary impact of them being exploited in order to prioritize risks for remediation and report on the overall security posture Visibility Across the Entire Network With the addition of the Connector for AWS, Balbix merges cloud and on-premises visibility in one view, eliminating the need for security practitioners to look through multiple dashboards and allowing them to work more productively. "With a significant portion of our IT infrastructure already running in AWS alongside a longer-term cloud-first strategy to migrate most workloads to the cloud, the addition of the Balbix Connector for AWS enables us to drive down risk comprehensively across our enterprise," said Nate Miller, Senior IT Manager, Global Cyber Security and IT Compliance at Cooper-Standard. "However, we know some critical IT infrastructure will remain on-premises. The unified visibility provided by Balbix is key to enable our cyber security teams to make the best decisions for the business and most efficiently minimize the risk of breach." Advanced Risk Analysis AWS data is analyzed using purpose-built AI algorithms to produce a comprehensive view of cyber-risk for organizational cloud assets, along with relevant context and recommended action items. Risk is measured in dollars, which provides a common language that organizations can use to prioritize projects, spending and track the effectiveness of their overall cybersecurity program. "Traditionally, cyber posture tools have been siloed, only offering views for cloud or on-premises, never both,We are excited to introduce the Balbix Connector for AWS to break down the siloed approach and offer AWS customers a holistic view of their overall corporate risk, along with new insights to manage security under the shared responsibility model." Gaurav Banga, CEO at Balbix About Balbix Balbix is the world's leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a "Cool Vendor" by Gartner in 2018.

Read More

DATA SECURITY

Hoxhunt and Cyber Intelligence House Announce Partnership to Connect Cyber Threat Exposure With Employee Cyber Awareness

Hoxhunt | November 22, 2021

Hoxhunt, a premium enterprise cybersecurity awareness training platform, and Cyber Intelligence House, a leading provider of cyber intelligence, today announced a first-of-its-kind partnership designed to equip organizations with unprecedented protection from email attacks leveraging advanced insight across their dark-web-to employee-inbox lifecycle. Hoxhunt’s CEO, Mika Aalto stated: “This partnership with Cyber Intelligence House will open a whole new category of proactive cybersecurity awareness. Their industry-leading Cyber Exposure Platform adds a superior breadth and depth of intelligence from the Darkweb, Deep web and cyberspace forums and marketplaces to our dynamic awareness platform, typically 16 times more data than other solutions. By connecting threat intelligence with awareness, we can transform insight into foresight. Just imagine knowing an attack is likely coming and being able to train your employees with simulations of the actual phishing templates hackers purchased for their attack”. “We are very excited to be partnering with Hoxhunt. Their best-in-class Cyber Awareness and Training platform allows organisations to adapt and defend against the ever rising volume of cyber threats that our platform identifies”. Cyber Intelligence House’s CEO, Mikko Niemela About Hoxhunt: Hoxhunt is a People-First Cybersecurity Platform that protects organizations and their employees from the risk of cyber attacks. Hoxhunt’s cognitive automation maps individually adaptive training curriculum to each employee’s skill level for optimal engagement. Hoxhunt empowers individuals with the tools and confidence to recognize and respond to attacks dynamically over time. Hoxhunt enables security teams with real-time visibility into threats so they can react fast and limit their spread. The entire platform is autonomous, freeing up considerable time for security teams to focus on what matters. About Cyber Intelligence House: Cyber Intelligence House is a leading cyber intelligence company specialised in helping cyber security professionals and law enforcement to assess and monitor cyber exposure from the dark web, deep web, data breaches and online-assets. It is the trusted provider to government and law enforcement agencies globally, including Interpol and UNODC. Cyber Intelligence House’s Cyber Exposure Platform (CEP) provides the world’s most comprehensive Cyber Threat database with over 10 years of data. 24/7 and collection and storing of new data at a rate of ~600 pages per second. CEP delivers unrivalled search and alerting performance with Deep scanning of over 250 metadata factors and machine learning enabled categorization of threats to provide deep insights into potential cyber threats.

Read More

DATA SECURITY

SGS Cybersecurity Services can help you take advantage of digital opportunities while also protecting you from cyber threats.

SGS | March 09, 2021

SGS, the world's driving review, confirmation, testing and certificate organization, assists customers with taking advantage of advanced freedoms while alleviating hazards with its SGS Cybersecurity Services, a coordinated cybersecurity arrangement. Innovation has numerous advantages. It makes individuals' lives more secure and more advantageous, expands wellbeing potential, and offers new encounters at work, home and when voyaging. In any case, there are huge difficulties as well. At the point when innovation is abused it can make weaknesses, is difficult to anticipate, and can contrarily affect individuals' regular daily existences. For organizations, cybercrime can have disastrous impacts, for example, information and security breaks, prompting monetary harm and reputational obliteration. To defy this advancing cybersecurity scene, governments and partners around the globe are chipping away at setting up new guidelines and guidelines. It is basic for associations to build their cybersecurity development to support their market position. A digital secure culture should be inserted and cycles and conventions ought to be created to help it. This can require some serious energy, yet hoodlums won't stand by, thus brief activity is required.

Read More