Tesla posts a Q4 loss but the company’s revenue grows amid acquisitions

February 23rd, 2017
by The Feeder

Enlarge / This is what every Tesla driver wants to see upon arrival at a Supercharger station. (credit: Tesla)

On Wednesday, Tesla posted a Q4 2016 loss of $121.3 million, but the loss was narrower than the $320 million net loss from the year earlier. The company said it made $2.28 billion in revenue in the quarter, up from $1.24 billion in Q4 the year before. Tesla reported $7 billion in annual gross revenue in 2016.

All that comes on the heels of a Q3 in which the company posted a rare profitable quarter that CEO Elon Musk called Tesla’s “best quarter ever.”

The company said its gross margin fell between the third and fourth quarters of 2016 due to lower Zero Emissions Vehicle credit sales in Q4 compared to the quarter before. In the last three months of the year, Tesla completed its acquisition of SolarCity as well as Grohmann Engineering, which will become Tesla Advanced Automation Germany.

Read 7 remaining paragraphs | Comments

Posted in Cars Technica, financials, Ministry of Innovation, SolarCity, Tesla | Comments (0)

Spora Ransomware Infects ‘Offline’—Without Talking to Control Server

February 22nd, 2017
by The Feeder

Spora is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. It has a very special feature—to work offline.

Propagation vector

The spam campaign carries a .zip file, which contains an HTA (HTML Application) file to evade detection from some email scanners and maximize its outreach. The contents of the email are carefully crafted to lure victims using social engineering techniques. This HTA file also tricks users by using the double extensions rtf.hta and doc.hta. If file extensions are hidden on victim’s machines, then they will see only the first extension and might be fooled into opening the file.

The spam email looks like this:

The contents of HTA file:

At runtime the HTA file drops a JavaScript file in the %Temp% folder. Further JavaScript extracts an executable with a random name (in this case: goodtdeaasdbg54.exe) in %TEMP% and executes.

The HTA file also extracts and executes a .docx file that is corrupted and returns an error to distract the victims:

Analysis

Goodtdeaasdbg54.exe is packed using the UPX packer and contains the payload (Spora). It first checks whether a copy of this file is running in memory. If not, it creates a mutex. Spora uses mutex objects to avoid infecting the system more than once.

Spora checks for the logical drives available in the system:

Once a resource is available, Spora searches for files to encrypt but avoids “windows,” “Program files,” and “games.”

Spora removes the volume shadow copies from the target’s system, thereby preventing the user from restoring the encrypted files. (A shadow copy is a Windows feature that helps users make backup copies (snapshots) of computer files or volumes.) To delete the shadow volume copies, Spora uses the command “vssadmin.exe Delete Shadows /All /Quiet.” This ransomware uses the vssadmin.exe utility to quietly delete all the shadow volume copies on the computer.

It also creates .lnk files along with .key and .lst files in the root drive.

Spora also deletes the registry value to remove the shortcut icons.

Encryption process

Step 1: It generates a random “per file AES” symmetric key for each file.

Step 2: Spora generates a local public-private key pair.

Step 3: The public key generated from Step 2 will encrypt the “per file AES” key and append it to the encrypted file.

Step 4: After encrypting all the files, Spora generates a unique AES symmetric key.

Step 5: The private key generated in Step 2 is copied into the .key file and encrypted by the unique AES key generated in Step 4.

Step 6: Finally the unique AES key is encrypted by decrypting the public key (explained below) and appending it to the .key file.

The malware author’s public key is embedded in the malware executable using a hardcoded AES key. The decrypted public key:

The decryption is possible only by the private key held by the malware author. Once the payment is done, the author may provide victims with the private RSA key to decrypt the encrypted AES key appended in the .key file. The decrypted AES key will decrypt the remaining .key file, which contains the user’s private RSA key.

The whole process is bit complex and lengthy but using this scheme Spora successfully avoids the dependency of obtaining a key from a control server and can work offline.

Key file

Spora encrypts six types of file extensions:

The .key filename contains information in the following format:

And encodes all this information with a substitution method.

In our case US736-C9XZT-RTZTZ-TRHTX-HYYYY.KEY translates to:

  • USA as locale.
  • The characters “736C9” for the beginning of the MD5 hash.
  • 10 encrypted office documents (Type 1).
  • Two encrypted PDF (Type 2).
  • Zero encrypted CorelDraw/AutoCAD/Photoshop files (Type 3).
  • Zero encrypted database files (Type 4).
  • 25 encrypted images (Type 5).
  • 15 encrypted archives (Type 6).

The decoding mechanism of .key file:

Ransom message

The ransom note is written in Russian, here with our translation:

The Spora payment site provides several packages for victims with different prices with a deadline.

The hashes used in the analysis:

  • a159ef758075c9fb64d3f06ff4b40a72e1be3061
  • 0c1007ba3ef9255c004ea1ef983e02efe918ee59

Intel Security advises users to keep their antimalware signatures up to date at all times. Intel Security products detect the malicious HTA file and Spora binary as JS/Spora.a and Ransom-Spora! [Partial hash], respectively, with DAT Versions 8435 and later.

This post was prepared with the invaluable assistance of Sourabh Kadam. 

 

The post Spora Ransomware Infects ‘Offline’—Without Talking to Control Server appeared first on McAfee Blogs.

Posted in computer security, Cybercrime, endpoint protection, malware, McAfee Labs, ransomware | Comments (0)

How Blizzard distilled Overwatch’s hope from Project Titan’s failure

February 22nd, 2017
by The Feeder

Enlarge / Blizzard's Jeff Kaplan says he thinks they did a good job capturing the feel of this very early concept art for Overwatch in the final product. We have to agree. (credit: Kyle Orland)

LAS VEGAS—May of 2013 was not a very fun time to be at Blizzard if you hear Game Director and Vice President Jeff Kaplan tell it. After years of work on Project Titan, the massive MMO that was to be Blizzard's big follow-up to World of Warcraft, the game had been unceremoniously canceled (though official confirmation of that cancellation wouldn't come for another year). "For various reasons, we ran into a lot of trouble on the project," as Kaplan put it on stage at Las Vegas' DICE Summit today.

In the wake of the cancellation, most of the 140-person Project Titan team was forced to relocate with Blizzard's existing projects or put on "long-term loan" with those franchises. Forty of the remaining team members, however, were tasked with coming up with a brand-new, Titan-replacing idea in order to avoid the same ignominious relocation as their colleagues.

After years working on Titan, they were given just six weeks to craft this new game concept.

Read 13 remaining paragraphs | Comments

Posted in Blizzard, dice2017, Opposable Thumbs, overwatch, Project Titan | Comments (0)

Fewer Than One-Fourth Of Cybersecurity Job Candidates Are Qualified

February 22nd, 2017
by The Feeder
ISACA report finds that 55% of security jobs take three- to six months to fill, and under 25% of candidates are qualified for the jobs they apply for.

Posted in Uncategorized | Comments (0)

Criminals Monetizing Attacks Against Unpatched WordPress Sites

February 22nd, 2017
by The Feeder
Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit.

Posted in Logan Kipp, pharmaceutical spam, SiteLock, WordPress, WordPress REST API endpoint vulnerability, WordPress Vulnerability | Comments (0)

Marathon runner’s tracked data exposes phony time, cover-up attempt

February 22nd, 2017
by The Feeder

Hot tip: If you're going to cheat while running a marathon, don't wear a fitness tracking band.

A New York food writer found this out the hard way on Tuesday after she was busted for an elaborate run-faking scheme, in which she attempted to use doctored data to back up an illegitimate finish time. In an apologetic Instagram post that was eventually deleted, 24-year-old runner Jane Seo admitted to cutting the course at the Fort Lauderdale A1A Half Marathon.

An independent marathon-running investigator (yes, that's a thing) named Derek Murphy posted his elaborate analysis of Seo's scheme, and the findings revolved almost entirely around data derived from Seo's Garmin 235 fitness tracker. Suspicions over her second-place finish in the half marathon began after very limited data about her podium-placing run was posted to the Strava fitness-tracking service. The data only listed a distance and completion time, as opposed to more granular statistics. (This followed the release of Seo's official completion times, which showed her running remarkably faster in the half marathon's later stages.)

Read 4 remaining paragraphs | Comments

Posted in fitness tracker, Garmin, Gear & Gadgets | Comments (0)

T-Mobile promises big LTE boost from 5GHz Wi-Fi frequencies

February 22nd, 2017
by The Feeder

Enlarge (credit: T-Mobile USA)

T-Mobile USA is ready to deploy a new LTE technology over the same 5GHz frequencies used by Wi-Fi following US government approval of the first "LTE-U" devices.

The Federal Communications Commission today authorized the first LTE-U (LTE for unlicensed spectrum) devices after a controversial process designed to ensure that cellular network use of the 5GHz band won't interfere with Wi-Fi networks.

"With LTE-U, starting this spring, T-Mobile customers will be able to tap into the first 20MHz of underutilized unlicensed spectrum on the 5GHz band and use it for additional LTE capacity," T-Mobile said immediately after the FCC decision. T-Mobile is deploying LTE-U technology from Ericsson and Nokia, who had their equipment certified by the FCC today.

Read 8 remaining paragraphs | Comments

Posted in 5GHz, lte-u, Ministry of Innovation, t-mobile, Technology Lab, wi-fi | Comments (0)

Eating an Elephant: How the ESM 10 UX team reenergized SecOps

February 22nd, 2017
by The Feeder

The first of a two-part series

For some reason, elephants figure frequently in our conversations – “seeing different parts of the elephant”, “memory like an elephant,” and now, “eating an elephant.” This phrase, definitely meant as an analogy, expresses the lengthy, enormous, and daunting task that our development team faced in reimagining the user experience in our McAfee Enterprise Security Manager (ESM) SIEM solution. To succeed, they needed a vision, strategy, and plan.

The new ESM 10.0 user interface has been designed to reduce cognitive strain – providing content in context as the user goes about tasks

First, a vision. In the last few years, driven by increasingly complex incidents, the security operations mantra has shifted to real-time analysis coupled with individual and team efficiency. Countless research studies document the shortage of skilled security analysts and researchers. Time clearly needed to be a part of the vision.

But for the user experience team, productivity isn’t just about elapsed time. It also includes the cognitive workload that can subtly wear down and exhaust the analyst. You probably experience cognitive overload today. You walk from the kitchen into the bedroom and stand there wondering why you came in. This is true when we move between physical rooms, and it’s true when we move between virtual rooms, such as in a video game or user interface. In this context switch, it turns out we are 2-3 times more likely to forget! And it gets worse. This memory lapse is aggravated if you are sleep deprived or over-stressed, like new parents, air traffic controllers, and security analysts.

Once we hit our cognitive threshold, we have only emotion to fall back on. So the typical analyst has faulty memory plus frustration. This combination makes for poor security decisions. It is why we design for “high context” UIs. We are striving for one room with all the relevant data so the analyst can focus on making good decisions.

From a design perspective, here are some specific cognitive workload tests:

  • The “data fragmentation” load: How much data does the user have to keep in his memory as he changes screens, modes, and tasks, or retain over a series of tasks?
  • The “navigation” burden: How many times does the user traverse up and down task flows and screens in pursuit of a task?
  • The “mind-numbing” factor: How many times does that task need to be repeated per hour/day/week?
  • The “clutter” factor: How much data is displayed all at once? How hard is it to identify and navigate relationships?

Instead of simply looking at faster functioning of the same processes, we wanted to reduce the cognitive burden of the user – to keep them as effective as possible for as many hours of their day as possible. This “save time, save mental energy” approach formed the core of our vision. Our logic was this: Anything we could do to improve their productivity and enhance concentration would pay off in speed of results, capacity of analysts, and quality of life for them and their management team.

This illustrates the complexity of SIEM, showing first and second level nodes in the ESM 9.X user interface.

Next, a strategy. As the epicenter of security operations, a SIEM is a complex animal, and the UI and user design can mask or multiply this complexity. The graphic gives you an idea of the scope of this effort, the first and second level nodes in the ESM 9.X user interface. Every node has multiple screens under it.

Lots to do, clearly, but where could we best affect time spent? After dozens of site visits and in-depth, interactive usage interviews, we discovered more than half of the users were security operations, and another 29% were Infrastructure Operations. Given these day-to-day jobs, the majority of user time is spent in analysis and research.

In the second part of this series, we’ll continue the user experience journey with the ESM 10.0 UX design team as they build out the plan for the new ESM 10.0 solution.

The post Eating an Elephant: How the ESM 10 UX team reenergized SecOps appeared first on McAfee Blogs.

Posted in Business, Cybersecurity, Optimize Operations, SIEM | Comments (0)

Threat via Whisper prompts FBI to show up: “holy f**k I’m… going to get raided”

February 22nd, 2017
by The Feeder

Enlarge

If we’ve said it once, we’ve said it 1,000 times: these so-called "anonymous" messaging apps simply aren’t anonymous. To put it another way, if you’re dumb enough to make violent threats on them, you’ll get caught.

According to a newly released federal criminal complaint, Garrett Grimsley of Cary, North Carolina, allegedly used the Whisper app to make such remarks on February 19. Hours later, local police and the FBI arrived at his door to search his apartment.

As per an FBI affidavit, Grimsley (under the name "Spark_Pure") wrote in a public post: "Salam, some of you are alright, don't go to Cary tomorrow." Another Whisper user, who was not named in the affidavit but is referred to as an unnamed "cooperating witness (CW)," responded: "Why—what's happening in Cary tomorrow?"

Read 7 remaining paragraphs | Comments

Posted in garrett grimsley, Law & Disorder, Whisper | Comments (0)

New Pruitt e-mails surface, automakers ask EPA to soften fuel economy rules

February 22nd, 2017
by The Feeder

Enlarge (credit: Gage Skidmore)

Former Oklahoma Attorney General Scott Pruitt was confirmed to be administrator for the Environmental Protection Agency (EPA) last week in a 52-46 Senate vote. His narrow confirmation is secure—Pruitt addressed EPA employees as their new boss just yesterday—but a trove of e-mails sent from Pruitt's office during his tenure as Oklahoma attorney general was released yesterday evening. Collectively, they could shed light on how closely Pruitt may be willing to work with the industries he’s now in charge of regulating.

On Tuesday evening, the Center for Media and Democracy (CMD) received 2,500 e-mails from the Oklahoma AG’s office that had been sent during Pruitt’s tenure. The CMD had asked for the e-mails in an open records request made in 2015, but the AG’s office only turned over 411 of 3,000 e-mails initially. This month, with Pruitt's confirmation vote just days away, the CMD requested that a judge order the missing documents finally be turned over. The judge gave the Oklahoma AG's office until February 21 to share the remaining e-mails, which comprised more than 7,500 pages. Senate democrats tried to stall the vote on Pruitt’s nomination until the remaining e-mails were released, but they were unsuccessful.

The New York Times, which had been able to see some of the e-mails ahead of time due to records requests from the paper’s own reporting, notes that the e-mails “do not appear to include any request for [Pruitt’s] intervention explicitly in exchange for campaign contributions, although Mr. Pruitt was separately working as a member of the Republican Attorneys General Association to raise money from many of the same companies.”

Read 9 remaining paragraphs | Comments

Posted in Cars Technica, EPA, fuel economy, pruitt, Scientific Method | Comments (0)