More results...
You don’t have to be visited by multiple spirits on Christmas Eve to know the technologies of eDiscovery Days past, present and future have changed and continue to do so at an increasingly rapid pace. In the spirit of eDiscovery Day (see what we did there), TCDI’s Caragh Landry and David York will reflect on […]
The post AI and Emerging Technologies of eDiscovery Days Past, Present and Future appeared first on TCDI.
In 2019, Collin Meisel and Jonathan D. Moyer wrote “Preparing for China’s Rapid Rise and Decline” for War on the Rocks, looking at how “China’s rapid transition toward a downward trajectory will pose a unique set of national security …
December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, …
December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, …
El Hierro, a tiny island in the Canaries, is halfway to the UN goal of ditching fossil fuels. But finding just the right renewable energy mix is proving tough.
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning
is a Security, AI, and Meaning-focused podcast that looks at how best to
thrive as humans in a post-AI world. It combines original ideas,…
It’s been another bad week in security.Not only do we learn that so-called “friendly” governments are quietly requesting surveillance data concerning push notifications, but Apple tells us more than 2.6 billion personal records have already been com…
Videos featuring Elijah Wood, Mike Tyson, and Priscilla Presley have been edited to push anti-Ukraine disinformation, according to Microsoft researchers.
Sri Lanka and Bangladesh have a successful history of co-hosting the Cricket World Cup, but today the two countries’ governments have found themselves on a sticky wicket by co-hosting a phishing attack that targets UK banking customers.
Victims lured to a certain page on the Lanka Government Network website at lgn2.gov.lk will be swiftly redirected to a phishing site hosted by the Rajshahi Metropolitan Police in Bangladesh (rmp.gov.bd).
The phishing site hosted on a Bangladesh Police website.
It is unlikely that either government is consciously hosting a phishing attack in unison like this, especially on a website belonging to a police force – although this should certainly make the crime easier to investigate.
Many phishing sites and other web-based types of cybercrime are hosted on compromised servers, and that looks likely to be the case in this instance. Last month, the homepage of lgn2.gov.lk was defaced by a group identifying itself as Cyb3r Drag0nz, indicating that they had gained unauthorised access to the web server.
Things seem to have spiralled out of control ever since. The Lanka Government Network website is now heavily compromised and currently hosts multiple web shells in addition to being involved in this phishing attack.
The PHP web shells hosted on lgn2.gov.lk include variants of the mini shell, including 1337 3YP455 and CasperSecurity. These allow files to be uploaded to the web server, which may have been how the phishing content – and other web shells – have been placed on the site.
Other web shells found on the Lanka Government Network site include variants of the WSO web shell (such as YANZ bypass and V3n0m), which let attackers run arbitrary commands on the web server, manage files, and carry out attacks against other servers.
The LGN website promotes a secure government network for Sri
…
Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.