Archive for the ‘Biz & IT’ Category

Ransomware gang is auctioning off victims’ confidential data

June 2nd, 2020
Ransomware gang is auctioning off victims’ confidential data

Enlarge (credit: RichLegg/Getty Images)

Ransomware operators say they’re auctioning off victims’ confidential data in an attempt to put further pressure on them to pay hefty fees for its safe return.

The Happy Blog, a dark Web site maintained by the criminals behind the ransomware known by the names REvil, Sodin, and Sodinokibi, began the online bidding process earlier on Tuesday. Previously, the group published limited details of selected victim data and threatened to air additional confidential material if the owners didn’t pay. Besides stealing the data, the group also encrypts it so that it’s no longer accessible to the owners.

Combining the threat of publishing the data while simultaneously locking it from its rightful owner is designed to increase the chances of a payout. The new tactic furthers the pressure, possibly because previous practices haven’t yielded the desired results. The ransoms demanded are frequently high, sometimes in the millions of dollars. Affected companies have also been loath to encourage further attacks by rewarding the people behind them. Added to that reluctance are new financial pressures caused by the coronavirus pandemic.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, crime, hacking, ransomware | Comments (0)

Google fixes Android flaws that allow code execution with high system rights

June 2nd, 2020
Google fixes Android flaws that allow code execution with high system rights

(credit: Ron Amadeo)

Google has shipped security patches for dozens of vulnerabilities in its Android mobile operating system, two of which could allow hackers to remotely execute malicious code with extremely high system rights.

In some cases, the malware could run with highly elevated privileges, a possibility that raises the severity of the bugs. That’s because the bugs, located in the Android System component, could enable a specially crafted transmission to execute arbitrary code within the context of a privileged process. In all, Google released patches for at least 34 security flaws, although some of the vulnerabilities were present only in devices available from manufacturer Qualcomm.

Anyone with a mobile device should check to see if fixes are available for their device. Methods differ by device model, but one common method involves either checking the notification screen or clicking Settings > Security > Security update. Unfortunately, patches aren’t available for many devices.

Read 3 remaining paragraphs | Comments

Posted in Android, Biz & IT, google, patches, security, vulnerabilities | Comments (0)

AT&T exempts HBO Max from data caps but still limits your Netflix use

June 2nd, 2020
AT&T executive John Stankey speaking in front of a backdrop that says

Enlarge / AT&T executive John Stankey at a presentation for investors at Warner Bros. Studios on October 29, 2019, in Burbank, California. (credit: Getty Images | Presley Ann)

AT&T's new HBO Max streaming service is exempt from the carrier's mobile data caps, even though competing services such as Netflix, Amazon, and Disney+ count against the monthly data limits. This news was reported today in an article by The Verge, which said that AT&T "confirmed to The Verge that HBO Max will be excused from the company's traditional data caps and the soft data caps on unlimited plans."

The traditional data caps limit customers to a certain amount of data each month before they have to pay overage fees or face extreme slowdowns for the rest of the month. "Soft data caps on unlimited plans" apparently is a reference to the 22GB or 50GB thresholds, after which unlimited-data users may be prioritized below other users when connecting to a congested cell tower.

"According to an AT&T executive familiar with the matter, HBO Max is using AT&T's 'sponsored data' system, which technically allows any company to pay to excuse its services from data caps," The Verge wrote. "But since AT&T owns HBO Max, it's just paying itself: the data fee shows up on the HBO Max books as an expense and on the AT&T Mobility books as revenue. For AT&T as a whole, it zeroes out. Compare that to a competitor like Netflix, which could theoretically pay AT&T for sponsored data, but it would be a pure cost."

Read 5 remaining paragraphs | Comments

Posted in AT&T, Biz & IT, data caps, hbo max, Policy | Comments (0)

Nest users now covered by Google’s ultra-secure Advanced Protection Program

June 1st, 2020
A smart home security device displays an image of a child on a porch.

Enlarge (credit: Akram Kennis / Flickr)

Accounts for Google’s Nest line of smart home devices are now covered by the company’s Advanced Protection Program, which traditionally has provided enhanced security for journalists, politicians, elections workers, and other people who are frequently targeted by hackers.

Google rolled out APP in 2017. It requires users to have at least two physical security keys, such as those available from Yubico, Google’s Titan brand, or other providers. Typically, keys connect through USB slots or Near-field Communication or Bluetooth interfaces. Once registered, the keys provide cryptographic secrets that are unphishable and, at least theoretically, impossible to intercept through malware attacks or other types of hacking. APP also limits the apps that can connect to protected accounts, although registering Thunderbird to connect to Gmail is relatively easy.

Pulling up your account by the bootstraps

Once an account is enrolled and each device (including a phone) is authenticated through the physical-key process Google calls bootstrapping, people can use their iOS or Android devices as a security key. That’s usually easier, faster, and more convenient than using physical security keys. Typically, users must bootstrap only rarely after the bootstrapping process, such as when Google detects suspicious behavior. APP also pushes alerts to users’ devices and registered email accounts each time a new device connects.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, Tech | Comments (0)

Walmart employees are out to show its anti-shoplifting AI doesn’t work

May 31st, 2020
Customers and staff cluster around grocery store self-check lane.

Enlarge (credit: Roberto Machado Noa | Getty Images)

In January, my coworker received a peculiar email. The message, which she forwarded to me, was from a handful of corporate Walmart employees calling themselves the “Concerned Home Office Associates.” (Walmart’s headquarters in Bentonville, Arkansas, is often referred to as the Home Office.) While it’s not unusual for journalists to receive anonymous tips, they don’t usually come with their own slickly produced videos.

The employees said they were “past their breaking point” with Everseen, a small artificial intelligence firm based in Cork, Ireland, whose technology Walmart began using in 2017. Walmart uses Everseen in thousands of stores to prevent shoplifting at registers and self-checkout kiosks. But the workers claimed it misidentified innocuous behavior as theft and often failed to stop actual instances of stealing.

They told WIRED they were dismayed that their employer—one of the largest retailers in the world—was relying on AI they believed was flawed. One worker said that the technology was sometimes even referred to internally as “NeverSeen” because of its frequent mistakes. WIRED granted the employees anonymity because they are not authorized to speak to the press.

Read 21 remaining paragraphs | Comments

Posted in Biz & IT, Policy | Comments (0)

An advanced and unconventional hack is targeting industrial firms

May 30th, 2020
A large amount of zeroes and ones.

Enlarge / Binary code, illustration. (credit: KTSDESIGN/SCIENCE PHOTO LIBRARY / Getty Images)

Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target with pinpoint accuracy.

The attacks begin with emails that are customized for each target, a researcher at security firm Kaspersky Lab reported this week. For the exploit to trigger, the language in the email must match the localization of the target’s operating system. For example, in the case of an attack on a Japanese company, the text of the email and an attached Microsoft Office document containing a malicious macro had to be written in Japanese. Also required: an encrypted malware module could be decrypted only when the OS had a Japanese localization as well.

Recipients who click on a request to urgently enable the document’s active content will see no indication anything is amiss. Behind the scenes, however, a macro executes a Powershell script. The reason it stays hidden: the command parameters:

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, hacking, Industrial Control Systems, malware | Comments (0)

Western Digital gets sued for sneaking SMR disks into its NAS channel

May 29th, 2020
Hattis Law isn't pulling any punches in the allegations made in its class-action lawsuit, specifically calling WD out not only for using SMR technology in less-than-ideal devices, but flatly accusing them of outright deception in the process.

Enlarge / Hattis Law isn't pulling any punches in the allegations made in its class-action lawsuit, specifically calling WD out not only for using SMR technology in less-than-ideal devices, but flatly accusing them of outright deception in the process. (credit: Hattis Law)

All three of the surviving conventional hard drive vendors—Toshiba, Western Digital, and Seagate—have gotten caught sneaking disks featuring Shingled Magnetic Recording technology into unexpected places recently. But Western Digital has been the most brazen of the three, and it's been singled out for a class action lawsuit in response.

Although all three major manufacturers quietly added SMR disks to their desktop hard drive line-up, Western Digital is the only one so far to slip them into its NAS (Network Attached Storage) stack. NAS drives are expected to perform well in RAID and other multiple disk arrays, whether ZFS pools or consumer devices like Synology or Netgear NAS appliances.

In sharp contrast to Western Digital's position on SMR disks as NAS, Seagate executive Greg Belloni told us that there weren't any SMR disks in the Ironwolf (competitor to Western Digital Red) line-up now and that the technology is not appropriate for that purpose.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, NAS, raid, smr, Tech, Western Digital, ZFS | Comments (0)

Border Patrol flies anti-terrorism drone over Minneapolis protestors

May 29th, 2020
Border Patrol flies anti-terrorism drone over Minneapolis protestors

Enlarge (credit: Customs and Border Patrol)

Thousands of people took to the streets of Minneapolis on Friday to protest the death of George Floyd, a local black man who died after a white police officer knelt on his neck during an arrest. All the while, a Customs and Border Patrol drone kept a careful eye on the unfolding unrest.

The drone, using the tracking signal CBP104, took off from Grand Forks Airforce Base at 9:08 am Central Daylight Time and shortly afterward headed directly to Minneapolis, this feed from live flight tracking service FlightAware showed. The drone then circled the city six times from about 10:45 until noon. The aircraft maintained an altitude of about 20,000 feet.

Grand Forks AFB is the home of the Air Force's 319th Reconnaissance Wing. It is also a site Customs and Border Patrol personnel use for takeoff and landing of the Predator B unmanned aircraft system. CPB uses the drone in anti-terrorism operations by helping to identify and intercept potential terrorists and illegal cross-border activity.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, drones, minneapolis, Policy, surveillance | Comments (0)

Cisco security breach hits corporate servers that ran unpatched software

May 29th, 2020
Cisco security breach hits corporate servers that ran unpatched software

Enlarge (credit: Prayitno / Flickr)

Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions the open source software service relies on, the company disclosed on Thursday.

Got updates?

The May 7 compromise hit six Cisco servers that provide backend connectivity to the Virtual Internet Routing Lab Personal Edition (VIRL-PE), a Cisco service that lets customers design and test network topologies without having to deploy actual equipment. Both the VIRL-PE and a related service, Cisco Modeling Labs Corporate Edition, incorporate the Salt management framework, which contained a pair of bugs that, when combined, was critical. The vulnerabilities became public on April 30.

Cisco deployed the vulnerable servers on May 7, and they were compromised the same day. Cisco took them down and remediated them, also on May 7. The servers were:

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, Cisco, Open Source, salt, Security Breaches, servers | Comments (0)