Author: Charley Nash

The UK government has reportedly acquired its first quantum computer with the aim to help boost research capabilities in cyber-defence and other national security fields.

The BBC have reported that The Ministry of Defence (MoD) is set to work with Orca Computing, a UK company, to explore the potential of quantum to enhance the nation’s defence systems.

The scheme was born out of research developed at the University of Oxford. Orca Computing’s aim is to develop scalable quantum computers that integrate with real-world technologies. Current prototypes find this challenging because they have to keep the qubits on which they run at very cold temperatures, else they become unstable.

Orca Computing, however, claims to have found a way to utilise quantum computing without needing to run at extremely low temperatures. To enhance scale and reliability, optical fibre can be used for networks rather than silicon.

The uses of quantum are nearly limitless. The time it takes to process data and make calculations is shorter than that of conventional supercomputers. This has caused some concern in cybersecurity circles as it is thought that Shor’s algorithm may be cracked within the next 10 years. This would render asymmetric (PKI) encryption useless.

Cryptographic expert and chief strategy officer at Sectigo, David Mahdi, urged governments and organisations to begin preparing for the new quantum age of computing now.

He said, “for more than fifty years, public key infrastructure, or PKI, has been relied upon by almost all organizations to provide the cryptographic backbone which secures devices and the humans using them.”

“Like most things, nothing lasts, and the PKI we all rely upon to maintain digital trust is severely threatened by quantum computing.”

The MoD will be hoping that this will give them an advantage in the quantum arms race.

The post UK Government Acquires Its First Quantum Computer appeared first on IT Security Guru.

A large-scale phishing operation held on Facebook and Messenger to lure millions of users onto phishing pages has been uncovered by researchers. The aim of the operation was to trick victims into entering their credentials and see adverts.

These stolen account details were used to send further phishing messages to victim’s friends. The aim being to generate significant online advertising commission revenue.

The New-York based AI-focused cybersecurity firm, PIXM, said that the campaign, despite being active since September 2021, peaked in April/May 2022.

PIXM traced the threat actor and was able to map the campaign due to one of the identified phishing pages hosting a link to a publicly accessible traffic monitoring app (whos.amung.us).

PIXM said that victims arrived at phishing pages after being redirected from Facebook Messenger. Automated tools helped the threat actors send further phishing links to the compromised account’s friends. This created a massive growth in stolen accounts.

The threat actors used a trick to bypass Facebook’s anti-phishing protection measures. The phishing messages used legitimate URL generation services, such as famous.co, amaze.co, and litch.me. These are used by legitimate apps so would be hard for Facebook to block. In 2021, 2.7 million users had visited one of the phishing portals, researchers found. In 2022, this figure increased to 8.5 million.

The researchers further identified 405 unique usernames used as campaign identifiers, linked to separate Facebook phishing pages. However, the researchers suspect that these usernames only represent a fraction of the accounts used for the campaign.

The threat actors receive referral revenue from redirects after victims enter their credentials on phishing landing pages. The revenue is estimated to be millions of USD.

PIXM was able to find a common code snippet on all of the landing pages it identified. These pages contained a shared reference to a previously seized website that constitutes part of an investigation against a Colombian man identified as Rafael Dorado. It is unknown who placed the notice on the site and seized the domain. PIXM shared the results of its investigation with the Colombian police and Interpol.

The phishing campaign is still ongoing.

The post Large Scale Phishing Campaign on Facebook Messenger Generates Millions in Ad Revenue appeared first on IT Security Guru.

As the Follina flaw continues to be exploited in the wild, an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Diagnostic Tool (MSDT) has been made available.

Referenced as DogWalk, the issue relates to a path traversal flaw that, when a potential target opens a specially created “.diagcab” archive file that contains a diagnostics configuration file, can be exploited to stash a malicious executable file to the Windows Start-up folder.

The idea is that the payload would get executed the next time the victim restarts the system and logs in. This vulnerability affects all Windows versions, starting from Windows 7 and Server Server 2008.

The security researcher Imre Rad first disclosed the issue in January 2020 after Microsoft said that it was not a security issue.

Microsoft stated: “There are a number of file types that can execute code in such a way but aren’t technically ‘executables’ and a number of these are considered unsafe for users to download/receive in email, even ‘.diagcab’ is blocked by default in Outlook on the web and other places.”

Typically, all files downloaded and received via email include a Mark-of-the-Web (MOTW) tag that determines the emails origin and triggers an appropriate security response. The MSDT application allows the .digacab file to be opened without warning, as the MSDT application is not designed to check this flag, according to 0patch’s Mitja Kolsek.

Kolsek said, “outlook is not the only delivery vehicle: such file is cheerfully downloaded by all major browsers including Microsoft Edge by simply visiting(!) a website, and it only takes a single click (or mis-click) in the browser’s downloads list to have it opened.”

“No warning is shown in the process, in contrast to downloading and opening any other known file capable of executing [the] attacker’s code.”

This renewed interest in the zero-day bug follows active exploitation of the “Follina” remote code execution vulnerability by using malware-laced Word documents that exploit the “ms-msdt:’ protocol URI system.

 

 

The post Unofficial Security Patch Released For Microsoft Zero-Day Vulnerability appeared first on IT Security Guru.