Turla Hacker Group Steals Antivirus Logs To See If Its Malware Was Detected

it - Posted On:2020-05-27 19:59:59 Source: slashdot

An anonymous reader quotes a report from ZDNet: Security researchers from ESET have discovered new attacks carried out by Turla, one of Russia's most advanced state-sponsored hacking groups. The new attacks have taken place in January 2020. ESET researchers say the attacks targeted three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe. Targets could not be identified by name due to national security reasons. [...] The ComRAT malware, also known as Agent.BTZ, is one of Turla's oldest weapons, and the one they used to siphon data from the Pentagon's network in 2008. The tool has seen several updates across the years, with new versions discovered in 2014 and 2017, respectively. The latest version, known as ComRAT v4, was first seen in 2017, however, in a report published today, ESET says they've spotted a variation of ComRAT v4 that includes two new features, such as the ability to exfiltrate antivirus logs and the ability to control the malware using a Gmail inbox. The first of these features is the malware's ability to collect antivirus logs from an infected host and upload it to one of its command and control servers. The exact motives of a hacker group will always remain unclear, but Matthieu Faou, the ESET researcher who analyzed the malware, told ZDNet that Turla operators might be collecting antivirus logs to "allow them to better understand if and which one of their malware sample was detected." The belief is that if Turla operators see a detection, they can then tweak their malware and avoid future detections on other systems, where they can then operate undetected. Read more of this story at Slashdot.

Read More

OpenSSH To Deprecate SHA-1 Logins Due To Security Risk

it - Posted On:2020-05-27 15:44:59 Source: slashdot

OpenSSH, the most popular utility for connecting to and managing remote servers, has announced today plans to drop support for its SHA-1 authentication scheme. From a report: The OpenSSH team cited security concerns with the SHA-1 hashing algorithm, currently considered insecure. The algorithm was broken in a practical, real-world attack in February 2017, when Google cryptographers disclosed SHAttered, a technique that could make two different files appear as they had the same SHA-1 file signature. At the time, creating an SHA-1 collision was considered computationally expensive, and Google experts thought SHA-1 could still be used in practice for at least half a decade until the cost would go down. However, subsequent research released in May 2019 and in January 2020, detailed an updated methodology to cut down the cost of an SHA-1 chosen-prefix collision attack to under $110,000 and under $50,000, respectively. Read more of this story at Slashdot.

Read More

Microsoft Releases Windows 10 Update with Linux and Notepad Enhancements

technology - Posted On:2020-05-27 14:15:00 Source: slashdot

Microsoft is starting to release the latest twice-annual update to Windows 10, featuring enhancements to the longstanding Notepad app and a way to find your cursor in a sea of text. Some of the other features include: Faster and easier connections: We're making it easier and faster to pair your Bluetooth devices to your compatible Windows 10 PC. Now you can take care of everything in notifications (instead of Settings) with fewer steps. Go passwordless: Did you know -- for improved security and a simple sign-in experience, you can sign in with your face, fingerprint, or PIN? It's easier than ever to enable passwordless sign-in for your Microsoft accounts: just go to Settings > Accounts > Sign-in options on your Windows 10 PC and select 'On' under 'Make your device passwordless.' Note that this is hardware dependent. Name your desktops: Now instead of "Desktop 1" or "Desktop 2" you can give your Virtual Desktops more descriptive, clever, or amusing names. Using Virtual Desktop in Windows 10 allows you to expand your desktop beyond the physical limitations of the space, organize groups of related tasks, and easily switch between them. Tackling what you want to -- when you want to -- just got a whole lot easier. Visit this post to learn more on how to access Virtual Desktop in Windows 10. See gaming in a whole new light: New DirectX 12 Ultimate features provide smoother graphics with increased detail -- all without sacrificing framerate. Customization and utility at your fingertips: Xbox Game Bar now supports third-party widgets, helping you customize the overlay experience to fit with the way you game. Read more of this story at Slashdot.

Read More

Chrome and Firefox Block Torrent Site YTS Over 'Phishing'

technology - Posted On:2020-05-26 21:44:59 Source: slashdot

Chrome and Firefox are blocking direct access to the movie download pages of popular torrent site YTS. According to Google's safe browsing report, YTS.mx is a "deceptive site" that may trick visitors into doing dangerous things. The warning is likely the result of malicious advertisements. TorrentFreak reports: While the site's homepage can be visited just fine, navigating to a torrent detail page throws up the following warning in Chrome. "Deceptive site ahead. Attackers on yts.mx may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards)." Firefox shows a similar alert and also prevents people from going directly to the download pages. In both browsers, people can, however, accept the risk and visit the page they were looking for. It's not clear what the exact problem is but the Chrome warning mentions that YTS was caught phishing. This is also reflected in Google's Safe Browsing report, which states the torrent site recently tried to trick visitors into sharing personal info or downloading software. Whether any of this is intentional remains a question. It seems more likely that the warning was triggered by some type of malicious advertisement. Read more of this story at Slashdot.

Read More

New Android Vulnerability Strandhogg 2.0 Exploits User Trust

it - Posted On:2020-05-26 20:14:59 Source: slashdot

An anonymous reader quotes a report from Ars Technica: A Norwegian infosec firm discovered a new Android vulnerability, which they've dubbed Strandhogg 2.0. Security firm Promon says "Strandhogg" is an old Norse strategy for coastline raids and abductions, and today's vulnerability is the "evil twin" of a similar one discovered in 2019. The original Strandhogg used an Android feature called taskAffinity to hijack applications -- by setting the taskAffinity of one of its activities to match the packageName of any other app, then setting allowTaskReparenting="true" in its own manifest, the Strandhogg app would be launched in place of the target app. Strandhogg's 1.0 major weakness was the need to declare taskAffinity in the Android Manifest. The Manifest is a plain XML file and must be included in the package hosted at the Play Store itself -- it can't simply be downloaded later, after the app is installed. This made it relatively simple to scan the Play store for apps with sketchy-looking taskAffinity declarations. Strandhogg 2.0 doesn't require any special settings in a package's Android Manifest -- meaning the attacking code doesn't need to be present on the Play Store to be scanned at all. Instead, the attacker can download the attack code later, once the trojan app or game is already installed on a user's device. In addition to the obvious credential-stealing attacks, Strandhogg can be used to trick users into escalating its privileges based on the trust they have for the apps it hijacks. For example, a user tapping Camera is asked if they want to grant it permission to access the camera and microphone -- if the user taps Yes, they've actually given those privileges to the malware app, not the Camera app it covered up on the screen. Strandhogg 2.0 affects all versions of Android prior to 10 -- which translates to roughly 90 percent of the Android userbase. Google rolled out a patch to close the Strandhogg 2.0 vulnerability, CVE-2020-0096, in May's Android Security Update. This is good news for Pixel users -- but as always, carriers and OEMs may delay those upgrades significantly. Read more of this story at Slashdot.

Read More

Google To Begin Reopening Offices July 6, Will Let Employees Expense $1,000 for Equipment While Telecommuting

technology - Posted On:2020-05-26 18:59:59 Source: slashdot

Google CEO Sundar Pichai told employees Tuesday that the search giant is targeting July 6 to reopen offices for workers that want to come back to in person. The return will be gradual, starting at about 10% building capacity, he said. The company aims to ramp up to 30% capacity by September. From a report: For people who want to continue working from home, the company will allow employees to expense up to $1,000 for equipment and furniture, including things such as standing desks and monitors. Google has been more vocal about employees returning to the workplace while other tech giants have touted permanent work from home options. Pichai's remarks to staff come days after Facebook CEO Mark Zuckerberg said the social networking giant will allow some employees to work from home permanently. He said about half of Facebook's workforce could be remote over the next five to 10 years. Twitter made a similar announcement earlier this month. CEO Jack Dorsey also extended the policy to his other company, mobile-payments firm Square, last week. Read more of this story at Slashdot.

Read More

Slack CEO: Microsoft is 'Unhealthily Preoccupied With Killing Us'

technology - Posted On:2020-05-26 15:45:00 Source: slashdot

Slack CEO Stewart Butterfield claimed earlier this month that Microsoft Teams isn't a competitor to Slack. In an interview with The Verge, Butterfield has revealed that, inside Slack, the company feels that "Microsoft is perhaps unhealthily preoccupied with killing us, and Teams is the vehicle to do that." From a report: Butterfield expands on why he thinks Microsoft is "unhealthily preoccupied" with Slack and compares Teams to more of a competitor to Zoom. Slack obviously has its own voice and video calling features, but it's not the primary focus of the app, and often, businesses integrate Zoom or Cisco's WebEx instead. Microsoft has been moving businesses from Skype for Business to Teams, which traditionally focused on voice and video calling. Ultimately, Butterfield thinks Microsoft is trying to force the Teams comparison because "Microsoft benefits from the narrative that Teams is very competitive with Slack. Even though the reality is it's principally a voice and video calling service." Read more of this story at Slashdot.

Read More

Microsoft's Jeff Teper: Teams 'Will Be Even Bigger Than Windows'

technology - Posted On:2020-05-26 14:30:00 Source: slashdot

An anonymous reader writes: Jeff Teper, CVP for Microsoft 365, has a vision for the company's Office 365 chat-based collaboration tool that competes with Slack, Facebook's Workplace, and Google Chat. In terms of reach, Teper wants Microsoft Teams to eclipse Windows. (Windows 10 runs on over 1 billion monthly active devices.) Our interview took place a day after Microsoft concluded its online-only Build 2020 developer conference, where the company gave business developers new tools to build Teams apps. Microsoft launched a Visual Studio and Visual Studio Code extension for Teams in preview, introduced new integrations between its Power Platform and Teams, and announced a custom app submission process to help IT admins. Teper was happy to cover a range of Teams topics, including metrics, growth, competitors, consumer positioning, machine learning, and of course dealing with the increased demand during the coronavirus pandemic. Read more of this story at Slashdot.

Read More

Facebook Knows It Encourages Division. Top Executives Nixed Solutions.

technology - Posted On:2020-05-26 13:00:00 Source: slashdot

Jeff Horwitz and Deepa Seetharaman, reporting for Wall Street Journal: A Facebook team had a blunt message for senior executives. The company's algorithms weren't bringing people together. They were driving people apart. "Our algorithms exploit the human brain's attraction to divisiveness," read a slide from a 2018 presentation. "If left unchecked," it warned, Facebook would feed users "more and more divisive content in an effort to gain user attention & increase time on the platform." That presentation went to the heart of a question dogging Facebook almost since its founding: Does its platform aggravate polarization and tribal behavior? The answer it found, in some cases, was yes. Facebook had kicked off an internal effort to understand how its platform shaped user behavior and how the company might address potential harms. Chief Executive Mark Zuckerberg had in public and private expressed concern about "sensationalism and polarization." But in the end, Facebook's interest was fleeting. Mr. Zuckerberg and other senior executives largely shelved the basic research, according to previously unreported internal documents and people familiar with the effort, and weakened or blocked efforts to apply its conclusions to Facebook products. Facebook policy chief Joel Kaplan, who played a central role in vetting proposed changes, argued at the time that efforts to make conversations on the platform more civil were "paternalistic," said people familiar with his comments. Read more of this story at Slashdot.

Read More

Former HTC Boss Plots Return To Spotlight With 5G VR Headset

technology - Posted On:2020-05-26 10:14:57 Source: slashdot

Peter Chou, the man who led HTC through its most prosperous years as an Android phone maker, is returning to consumer electronics with the unveiling of a new virtual reality headset, platform and company. From a report: Called XRSpace, the project has been in the works for three years and its centerpiece is a mobile VR headset equipped with fifth-generation wireless networking and over three hours of battery life. Partnering with Deutsche Telekom and Chunghwa Telecom, XRSpace is also building the VR platform on which services, games and social activities can be accessed and experienced. Priced at $599, the XRSpace headset has a high cost of entry, but the company envisions bundling it with carriersā(TM) 5G service packages or in other forms for educational institutions. After its home market of Taiwan, it'll look to expand to the U.S. and Europe, Chou said in an interview with Bloomberg News, with the rest of Asia to follow. Read more of this story at Slashdot.

Read More

Thousands of Enterprise Systems Infected by New Blue Mockingbird Malware Gang

technology - Posted On:2020-05-25 17:00:00 Source: slashdot

Thousands of enterprise systems are believed to have been infected with a cryptocurrency-mining malware operated by a group tracked under the codename of Blue Mockingbird. From a report: Discovered earlier this month by malware analysts from cloud security firm Red Canary, the Blue Mockingbird group is believed to have been active since December 2019. Researchers say Blue Mockingbird attacks public-facing servers running ASP.NET apps that use the Telerik framework for their user interface (UI) component. Hackers exploit the CVE-2019-18935 vulnerability to plant a web shell on the attacked server. They then use a version of the Juicy Potato technique to gain admin-level access and modify server settings to obtain (re)boot persistence. Once they gain full access to a system, they download and install a version of XMRRig, a popular cryptocurrency mining app for the Monero (XMR) cryptocurrency. Read more of this story at Slashdot.

Read More

Chrome: 70% of All Security Bugs Are Memory Safety Issues

technology - Posted On:2020-05-25 16:15:00 Source: slashdot

Roughly 70% of all serious security bugs in the Chrome codebase are memory management and safety bugs, Google engineers said. From a report: Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components. The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Read more of this story at Slashdot.

Read More

Google Removes QAnon Apps From Play Store for Violating Terms

technology - Posted On:2020-05-25 14:15:00 Source: slashdot

Google last week removed three apps related to the QAnon conspiracy theory from its Play Store digital marketplace. From a report: The apps -- called QMAP, Q Alerts! and Q Alerts LITE -- were taken down for violating Google's policies against "harmful information," the company said. The removal was earlier reported by Media Matters for America, a progressive not-for-profit. The QAnon conspiracy theory has become popular among a group of supporters of President Donald Trump. One claim is that celebrities are involved in child sex trafficking and pedophilia. Another tenet is that Trump is working to take down the so-called "Deep State," a secret network that manipulates and controls government policy. The theory revolves around "Q," an anonymous user who began writing about the conspiracies on imageboard site 4chan. Read more of this story at Slashdot.

Read More

eBay Port Scans Visitors' Computers For Remote Access Programs

it - Posted On:2020-05-25 12:15:01 Source: slashdot

AmiMoJo shares a report: When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote access applications. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site. Read more of this story at Slashdot.

Read More

Will The Pandemic Mean Less Age Discrimination For Boomers?

it - Posted On:2020-05-25 03:44:57 Source: slashdot

An anonymous reader quotes Psychology Today's "Boomer's 3.0" blog: More and more companies, especially those in the tech sector, are wisely concluding that the physical infrastructure constructed to put employees together in a building is largely inefficient if not unnecessary. Beyond the potential health risks, office buildings are expensive to construct and maintain, and rents, taxes, and insurance comprise a high percentage of operating costs. It makes simple fiscal sense to bypass these expenses, assuming there is an acceptable alternative with which people can effectively communicate with each other. The internet is that alternative... Because a person on Zoom or its equivalent has far less physical presence than in real life, managers may be more open to hiring someone past middle age. Likewise, young adults may be more receptive to working with older adults in a virtual setting than in a real one. It may be an odd thing to contemplate, but less attention is paid to a person's physical attributes in a little square box on a screen than if he or she is in the same room. For tens of millions of baby boomers, the prospect of corporate culture becoming more age-friendly due to advancing technology would be a very welcome development. Rather than end one's career at a predetermined age...most of today's sexagenarians and septuagenarians want to work as long as they possibly can. Read more of this story at Slashdot.

Read More

20% of GitLab Employees Handed Over Login Credentials in Phishing Test

it - Posted On:2020-05-24 15:45:00 Source: slashdot

SiliconANGLE reports: [C]ode repository management firm GitLab Inc. decided to phish their own employees to see what would happen. The result was not good: One in five employees fell for the fake emails... The GitLab team behind the exercise purchased the domain name gitlab.company, then used G Suite to facilitate the delivery of the phishing email. ["Congratulations. Your IT Department has identified you as a candidate for Apple's System Refresh Program..."] The domain name and G Suite services were set up to look legitimate, complete with SSL certificates to make the emails look less suspicious to automated phishing site detection and human inspection. Fifty GitLab employees were targeted with an email that asked them to click on a link to accept an upgrade. The link took them to the fake gitlab.company website where they were asked to enter their login details. On the positive side, only 17 of the 50 targeted employees clicked on the provided link. However, 10 of those 17 then attempted to log in on the fake site. Six of the 50 employees reported the email to GitLab's security operations team, the article notes. "Those who logged in on the fake site were then redirected to the phishing test section of the GitLab Handbook." Read more of this story at Slashdot.

Read More

Researchers Claim New Internet Speed Record of 44.2 Tbps

technology - Posted On:2020-05-22 20:59:59 Source: slashdot

Researchers based out of Australia's Monash, Swinburne, and RMIT universities say they've set a new internet speed record of 44.2 Tbps, according to a paper published in the open-access journal Nature Communications. That's theoretically enough speed to download the contents of more than 50 100GB Ultra HD Blu-ray discs in a single second. The Verge reports: What's interesting about the research is that it was achieved over 75km of standard optical fiber using a single integrated chip source, meaning it has the potential to one day benefit existing fiber infrastructure. The test fiber connection ran between RMIT's Melbourne City campus and Monash University's Clayton campus, and the researchers say it mirrors infrastructure used by Australia's National Broadband Network (NBN). The findings represent a "world-record for bandwidth," according to Swinburne University Professor David Moss, one of the team members responsible. Those speeds were achieved, thanks to a piece of technology called a micro-comb, which offers a more efficient and compact way to transmit data. This micro-comb was placed within the cable's fibers in what the researchers say is the first time the technology has been used in a field trial. Now, the researchers say the challenge is to turn the technology into something that can be used with existing infrastructure. "Long-term, we hope to create integrated photonic chips that could enable this sort of data rate to be achieved across existing optical fiber links with minimal cost," RMIT's Professor Arnan Mitchell says. Read more of this story at Slashdot.

Read More

On Facebook and YouTube, Classical Musicians Are Getting Blocked or Muted

technology - Posted On:2020-05-22 19:29:59 Source: slashdot

Michael Andor Brodeur, writing for The Washington Post: As covid-19 forces more and more classical musicians and organizations to shift operations to the Internet, they're having to contend with an entirely different but equally faceless adversary: copyright bots. Or, more accurately, content identification algorithms dispatched across social media to scan content and detect illegal use of copyrighted recordings. You've encountered these bots in the wild if you've ever had a workout video or living room lip-sync blocked or muted for ambient inclusion or flagrant use of Britney or Bruce. But who owns Brahms? These oft-overzealous algorithms are particularly fine-tuned for the job of sniffing out the sonic idiosyncrasies of pop music, having been trained on massive troves of "reference" audio files submitted by record companies and performing rights societies. But classical musicians are discovering en masse that the perceptivity of automated copyright systems falls critically short when it comes to classical music, which presents unique challenges both in terms of content and context. After all, classical music exists as a vast, endlessly revisited and repeated repertoire of public-domain works distinguishable only through nuanced variations in performance. Put simply, bots aren't great listeners. These systems aren't just disrupting the relationships between classical organizations and their audiences; they're also impacting individual musicians trying to stay musically present -- and financially afloat -- during the crisis. Michael Sheppard, a Baltimore-based pianist, composer and teacher, was recently giving a Facebook Live performance of a Beethoven sonata (No. 3, Op. 2, in C) when Facebook blocked the stream, citing the detection of "2:28 of music owned by Naxos of America" -- specifically a passage recorded by the French pianist Jean-Efflam Bavouzet, whom Sheppard is not. [...] And this wasn't Sheppard's first run-in with Facebook, which has blocked or muted past performances of Faure, Chopin and Bach for being too digitally reminiscent of other performances of Faure, Chopin and Bach. Read more of this story at Slashdot.

Read More

Outlook For Windows Will Soon Sync Email Signatures Across Devices

technology - Posted On:2020-05-22 18:44:59 Source: slashdot

Microsoft is finally bringing cloud support to Outlook for Windows email signatures. The Verge reports: Microsoft originally acknowledged that it was planning some type of sync support for Outlook signatures back in September, and the company says it will now roll this out in a June update. Office 365 and Microsoft 365 subscribers will get access to cloud signature support in Outlook for Windows, allowing users to have a consistent signature across devices. Many companies have had to turn to custom solutions to implement Outlook for Windows signatures that roam across devices, so official support from Microsoft will be welcome. Microsoft is also planning to roll out a new text prediction feature for Outlook that's similar to Gmail's Smart Compose soon. The text predictions will allow Outlook.com and Outlook on the web to write emails for people using predictive tech that offers up suggestions while you type. Read more of this story at Slashdot.

Read More

Google's a Problem For Everyone Who Sells Something Online, Says Expedia Group CEO

technology - Posted On:2020-05-22 18:14:59 Source: slashdot

Expedia Group's new CEO isn't mincing words about one of the company's biggest challenges: Google's dual role as a rival in online travel, and a key source of customers through search traffic and paid advertising. From a report: "I think Google's a problem -- it's a problem for everyone who sells something online, and we all have to struggle with that," Peter Kern said during an appearance on CNBC on Friday morning, following his first earnings report as the CEO of the Seattle-based online travel giant. His comments come amid reports that U.S. antitrust regulators are preparing a case against the search giant, focusing on its dominance of digital ads. This Google conundrum is a recurring topic for Expedia Group, but Kern appears to be taking a different approach than his predecessor Mark Okerstrom did before he was ousted from the role last fall. Appearing on CNBC this morning, Kern says Expedia needs to learn to rely less on performance marketing, a form of advertising in which the cost is based on a specific outcome such as a click or sales lead. Read more of this story at Slashdot.

Read More