Hacking the Business Email Compromise

March 28th, 2017
by The Feeder
BEC attacks are on the rise, but plain-old spoofing of business executives' email accounts remains more prevalent.

Posted in Uncategorized | Comments (0)

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

March 28th, 2017
by The Feeder

(credit: Lookout)

Ransomware scammers have been exploiting a flaw in Apple's Mobile Safari browser in a campaign to extort fees from uninformed users. The scammers particularly target those who viewed porn or other controversial content. Apple patched the vulnerability on Monday with the release of iOS version 10.3.

The flaw involved the way that Safari displayed JavaScript pop-up windows. In a blog post published Monday afternoon, researchers from mobile-security provider Lookout described how exploit code surreptitiously planted on multiple websites caused an endless loop of windows to be displayed in a way that prevented the browser from being used. The attacker websites posed as law-enforcement actions and falsely claimed that the only way users could regain use of their browser was to pay a fine in the form of an iTunes gift card code to be delivered by text message. In fact, recovering from the pop-up loop was as easy as going into the device settings and clearing the browser cache. This simple fix was possibly lost on some uninformed targets who were too uncomfortable to ask for outside help.

"The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk," Lookout researchers Andrew Blaich and Jeremy Richards wrote in Monday's post.

Read 3 remaining paragraphs | Comments

Posted in exploits, Infinite Loop, ios, Law & Disorder, ransomware, Risk Assessment, Safari, vulnerabilities | Comments (0)

Elon Musk is setting up a company that will link brains and computers

March 28th, 2017
by The Feeder

Get ready to plug in. (credit: Village Roadshow Pictures)

Billionaire futurist space explorer Elon Musk has a new project: a "medical research company" called Neuralink that will make brain-computer interfaces. Musk's projects are frequently inspired by science fiction, and this one is a direct reference to a device called a "neural lace," invented by the late British novelist Iain M. Banks for his Culture series. In those books, characters grow a semi-organic mesh on their cerebral cortexes, which allows them to interface wirelessly with AIs and create backups of their minds.

Having a neural lace, in Banks' fiction, makes people essentially immortal—if they die, they're revived from the last backup. Musk isn't seeking immortality just yet, however. Though he's said publicly several times that he'd like to upload and download thoughts, possibly to fight against evil AI, he imagines that Neuralink's proof-of-concept products will be implanted electrodes for treating epilepsy and depression. They will be much like current implants for treating Parkinson's, which work by regulating electrical activity in the brain.

According to The Wall Street Journal, the company will likely be funded entirely by Musk or by the Founders Fund, a VC firm founded by Peter Thiel. The Journal also reports that the company has hired three people already: "Vanessa Tolosa, an engineer at the Lawrence Livermore National Laboratory and an expert in flexible electrodes; Philip Sabes, a professor at the University of California in San Francisco, who studies how the brain controls movement; and Timothy Gardner, a professor at Boston University who is known for implanting tiny electrodes in the brains of finches to study how the birds sing."

Read 3 remaining paragraphs | Comments

Posted in Elon Musk, Ministry of Innovation | Comments (0)

Despite what Mylan said, its price hikes hit patients’ wallets hard

March 27th, 2017
by The Feeder

Enlarge (credit: Getty | Joe Raedle)

While facing intense outrage for repeatedly jacking up the price of their life-saving epinephrine auto-injectors, Mylan continually argued that patients were shielded from the soaring list price—thanks to insurance coverage, discounts, and rebates. But a new study looking into insurance claims casts doubt on that defense.

Between 2007 and 2014, the average out-of-pocket spending per insured EpiPen-user jumped 123 percent. During that time, Mylan raised the list price of EpiPens from around $50 per pen to a whopping $609 per two-pack. In 2007, the year Mylan obtained the rights to EpiPen, the average patient spent around $33.8 out-of-pocket for a two-pack. By 2014, the average spending rose to $75.5 per two-pack, according to the new analysis published Monday in JAMA Internal Medicine.

The figures don’t square neatly with Mylan’s assurances. The company repeatedly claimed that most most patients weren’t significantly affected by the price hikes and pay only $50 out-of-pocket or less. Reuters reports that Mylan even claimed that about 90 percent of patients paid that little.

Read 7 remaining paragraphs | Comments

Posted in drug pricing, EpiPen, Mylan, Scientific Method | Comments (0)

Microsoft sued for millions over Windows 10 upgrades

March 27th, 2017
by The Feeder

Enlarge / The upgrade arc of Windows 10. It now has more than 400 million users, regardless of problems. (credit: Microsoft)

Unhappy Windows 10 users in Illinois are taking Microsoft to court, claiming that problems caused by the Windows 10 upgrade show that it was negligently designed, that Microsoft fraudulently failed to disclose its defects, and that the upgrade is unfit for purpose.

In a break from tradition, Microsoft offered Windows 10 as a free upgrade to Windows 7 and 8.1 for the first year of its release. This unusual offer was matched with a set of increasingly aggressive promotions within Windows itself. In the early days of the upgrade offer, there were even some users reporting that it installed automatically.

Three plaintiffs claim specific harm was caused by the operating system. Stephanie Watson claims that Windows 10 installed without her choosing to accept it. The upgrade destroyed some data, caused such harm that Geek Squad was unable to fully repair the machine, and forced the purchase of a new system.The suit claims that "many" consumers have had their hard drives fail because of the Windows 10 installation, and that the operating system does not check "whether or not the hard drive can withstand the stress of the Windows 10 installation."

Read 6 remaining paragraphs | Comments

Posted in class action, Law & Disorder, Microsoft, Technology Lab, upgrades, Windows 10 | Comments (0)

Activists want to know why feds are searching more devices at the border

March 27th, 2017
by The Feeder

Enlarge (credit: William Hook)

A free speech advocacy organization sued the Department of Homeland Security and Immigration and Customs Enforcement on Monday, seeking "statistical, policy, and assessment records regarding the government’s searches" of digital devices at the United States border.

The group, the Knight First Amendment Institute based at Columbia University, said on Twitter that the lawsuit came about as a result of recent journalism on the issue.

Ars and other media reported that there has been a rapid uptick in the number of such incidents: February 2017 alone had more border searches of phones, tablets, and computers than all of 2015.

Read 4 remaining paragraphs | Comments

Posted in cbp, DHS, Law & Disorder | Comments (0)

New Clues Surface on Shamoon 2’s Destructive Behavior

March 27th, 2017
by The Feeder
Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks.

Posted in Disttrack, exec-template.txt, hacks, malware, metasploit, ok.bat, PAExec, privacy, Saudi Arabia, Shamoon 2, Shamoon2, vulnerabilities, Web Security | Comments (0)

FBI: Attackers Targeting Anonymous FTP Servers in Healthcare

March 27th, 2017
by The Feeder
The FBI warns medical and dental organizations of cybercriminals targeting anonymous FTP servers to steal personal health data.

Posted in Uncategorized | Comments (0)

APT29 Used Domain Fronting, Tor to Execute Backdoor

March 27th, 2017
by The Feeder
APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running.

Posted in APT29, backdoor, backdoors, Cozy Bear, FireEye, malware, mandiant, Tor, Tor Hidden Service | Comments (0)

Brad Haines (a.k.a. Render Man) on Internet of Dongs – Paul’s Security Weekly #505

March 27th, 2017
by The Feeder
Brad Haines (aka Render Man) is security enthusiast with a focus on security threats of all sorts. He is the person your sysadmin warned you about. Brad spearheads the Internet of Dongs Project, an endeavor focusing on the security of internet-connected sex toys. Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us

Posted in Brad Haines, computer, data, Episode 505, ethical hacking, hacker, Hacking, Information Security, infosec, Internet of Dongs, Interview, Interviews, IoD, larry pesce, Life Hack, network security, Paul, paul asadoorian, Paul's Security Weekly, Render Man, security, Security Weekly, SecurityWeekly | Comments (0)