Scientists from Google and its health-tech subsidiary Verily have discovered a new way to assess a person’s risk of heart disease using machine learning.
By analyzing scans of the back of a patient’s eye, the company’s software is able to accurately deduce data, including an individual’s age, blood pressure, and whether or not they smoke. This can then be used to predict their risk of suffering a major cardiac event — such as a heart attack — with roughly the same accuracy as current leading methods. The algorithm potentially makes it quicker and easier for doctors to analyze a patient’s cardiovascular risk, as it doesn’t require a blood test.Read more
Google's Project Zero initiative tasks its security researchers with finding flaws in various software products developed by the company itself as well as other firms. Back in 2016, it revealed a serious vulnerability present in Windows 10, and reported a "crazy bad vulnerability" in Windows in 2017.
Now, the firm has disclosed another security flaw in Microsoft Edge, after the Redmond giant failed to fix it in the allotted time. Back in February 2017, Microsoft stated that it would be using Arbitrary Code Guard (ACG) in Microsoft Edge with the Windows 10 Creators Update to mitigate arbitrary native code execution.Read more
India’s City Union Bank said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Chief Executive Officer N. Kamakodi called it a “conspiracy” involving multiple countries, and added the lender was still investigating how it had happened. “This is basically a cyber attack by international cyber criminals,” he told.Read more
Under certain conditions, macOS may copy data into the void, leading to data loss of important files, all due to a bug in how the operating system handles APFS sparse disk images. The issue was discovered and reported to Apple this past week by Mike Bombich, the creator of a Mac backup application named Carbon Copy Cloner.
Bombich says the bug affects only "sparse disk images" formatted in Apple's new filesystem format APFS, first deployed macOS High Sierra in March 2017. A "disk image" is a file format that contains the entire contents and structure of a disk volume, such as USB, CD, DVD, hard disk drive, or network share.Read more
Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free.
The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to research published Wednesday by Trustwave’s SpiderLabs. When opening attachments, there are no warnings or pop-ups alerting victims, researchers said. The attack uses malicious Word attachments.Read more
FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password. The discovery was made by security researchers at the Kromtech Security Center, which posted details of the exposure. The data, hosted on a password-less Amazon S3 storage server, was secured Tuesday after efforts were made to contact FedEx.
The server belonged to Bongo International, a company specializing in helping US retailers sell products online to consumers around the world by calculating shipping and duty calculations and currency conversions, among other things.Read more
A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer. The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.
But Microsoft, which owns the voice- and video-calling service, said it won't immediately fix the flaw, because the bug would require too much work. Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library.Read more
In the past few weeks, the entire information security industry has grown very anxious about Meltdown and Spectre, two classes of exploits that can be used to manipulate vulnerabilities in the way many varieties of modern processors handle a performance-improving technique called speculative execution and extract hidden system data.
While numerous platforms have rushed to roll out patches, and Meltdown appears to be less of an issue than Spectre, it’s still unclear just how badly this situation could go. Unfortunately, researchers are already coming up with ways to exploit the vulnerabilities that go beyond the proof-of-concept stage.Read more
Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants.
A reader, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage company used by Western Union was compromised: a database full of the wire-transfer giant's customer records was vulnerable to plundering, and hackers were quick to oblige. In other words, it sounds as though a cloud-based or off-site backup storage provider was hacked. Now that system has been shut down, the cops alerted, and digital forensics teams are probing the network intrusion.Read more
Cyber thugs have been exploiting a zero-day flaw in the Telegram Messenger desktop app in order to mine for cryptocurrencies or to install a backdoor to remotely control victims’ computers. Kaspersky Lab discovered “in the wild” attacks on Telegram Messenger’s Windows desktop client back in October 2017.
The vulnerability in the popular Telegram app had been actively exploited since March 2017 to mine a variety of cryptocurrencies, such as Monero, Zcash, Fantomcoin and others. Yet the multi-purpose malware being delivered was capable of doing more than secretly use the computing power of victims’ machines to mine cryptocurrencies.Read more