Cryptojacking malware discovered running on critical infrastructure control systems

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest

A working modem using HTML5 sound

Martin Kirkholt Melhus's workplace bans connecting his development computer to the internet, so he hacked together a modem using HTML5: by plugging over-the-ear headphones into his laptop's 3.5mm audio jack and then placing the headphones over a network-connected built-in mic, he is able to tunnel a network connection outside the firewall (or that's the theory; as he notes, "This was only ever intended as a gimmick and a proof of concept - not something that I would actually use at work.") Read the rest

Fansmitter: malware that exfiltrates data from airgapped computers by varying the sound of their fans

In a new paper, researchers from Ben-Gurion University demonstrate a fiendishly clever procedure for getting data off of airgapped computers that have had their speakers removed to prevent acoustic data-transmission: instead of playing sound through the target computer's speakers, they attack its fans, varying their speeds to produce subtle sounds that humans can barely notice, but which nearby devices can pick up through their microphones. Read the rest