Enlarge (credit: Microsoft ) Fancy Bear, the advanced hacking group researchers say is tied to the Russian government, is actively exploiting a newly revived technique that gives attackers a stealthy means of infecting computers using Microsoft Office documents, security researchers said this week. Fancy Bear is one of two Russian-sponsored hacking outfits researchers say breached Democratic National Committee networks ahead of last year’s presidential election. The group was recently caught sending a Word document that abuses a feature known as Dynamic Data Exchange. DDE allows a file to execute code stored in another file and allows applications to send updates as new data becomes available. In a blog post published Tuesday , Trend Micro researchers said Fancy Bear was sending a document titled IsisAttackInNewYork.docx that abused the DDE feature. Once opened, the file connects to a control server to download a first-stage of piece of malware called Seduploader and installs it on a target’s computer. DDE’s potential as an infection technique has been known for years, but a post published last month by security firm SensePost has revived interest in it. The post showed how DDE could be abused to install malware using Word files that went undetected by anti-virus programs. Read 6 remaining paragraphs | Comments
View post:
New Microsoft Word attacks infect PCs sans macros
An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group’s most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they’re moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn’t directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices. Read more of this story at Slashdot. 
According to Variety, AT&T’s pay-TV business has lost a record 351, 000 traditional video customers in the second quarter, with the internet-delivered DirecTV Now service failing to fully offset the losses. From the report: In Q2, historically a seasonally weak period for the pay-TV business, DirecTV’s U.S. satellite division lost 156, 000 customers sequentially, dropping to 20.86 million, compared with a gain of 342, 000 in the year-earlier quarter. AT&T’s U-verse lost 195, 000 subs in the quarter, which was actually an improvement over the 391, 000 it lost in Q2 of 2016. AT&T touted that it gained 152, 000 DirecTV Now customers in Q2, after adding just 72, 000 in the first quarter of 2017. Overall, it had signed up 491, 000 DirecTV Now subs as of the end of June, after the OTT service launched seven months ago. Read more of this story at Slashdot. 
The free iOS version of the Tor browser “sparked a tidal wave of interest” after its release in December, according to Silicon.co. Mickeycaskill writes: The cost has been scrapped due to developer Mike Tigas’ worries that the price was limiting access to anonymous browsing for those who need it most. “Given recent events, many believe it’s more important than ever to exercise and support freedom of speech, privacy rights, and digital security, ” Tigas wrote in a blog post. “I think now is as good a time as ever to make Onion Browser more accessible to everyone.” “I’m still a little terrified that I’ve made this change, ” Tigas adds. For four years the Tor Onion browser was available on the Apple App Store for $0.99, the lowest non-free price allowed by Apple, providing a “reliable” income to Tigas which helped him move to New York for a new job while allowing him “the economic freedom to continue working on side projects that have a positive impact in the world.” Tigas also writes that “there’s now a Patreon page and other ways to support the project.” Last month the Tor Project also released the first alpha version of the sandboxed Tor Browser. Read more of this story at Slashdot. 
A two-year FBI investigation apparently centered on the satirical web site “GodHatesGoths”. Long-time Slashdot reader v3rgEz writes: In 2005, the FBI launched an investigation into the “Church of the Hammer, ” a fundamentalist Christian sect which called for the wholesale slaughter of practitioners of the goth subculture. Two years later, the investigation was closed, on grounds that the Church didn’t exist. The FBI’s threat assessment detailed “an extremely right-wing Christian group that adheres to a Middle Ages Catholic text called the ‘Malleus Malificarum.'” But MuckRock.com reports that “The Bureau’s main source on the case was a goth who had engaged with members of the Church via their Yahoo Group…trying to dispel their misconceptions about the relationship between the subculture and Satanism.” After two years of scouring through crime databases and making phone calls to the Salem police department, FBI investigators actually visited the GodHatesGoths web site — which turned out to be a parody. Read more of this story at Slashdot. 
MojoKid writes: As we quickly approach the November 8th elections, email leaks from the Clinton camp continue to loom over the presidential candidate. The latest data dump from WikiLeaks shines a light on emails between Hillary Clinton’s campaign manager, John Podesta and Facebook Chief Operating Officer, Sheryl Sandberg. In one email exchange, dated June 6th, 2015, Sandberg expresses her desire for Clinton to become president, writing to Podesta, “And I still want HRC to win badly. I am still here to help as I can.” While that was a private exchange, Sandberg also made her zest for seeing Clinton as the 45th President of the United States publicly known in a Facebook post on July 28th of this year. None of that is too shocking when you think about it. Sandberg has every right to endorse whichever candidate she wants for president. However, a later exchange between Sandberg and Podesta showed that Mark Zuckerberg was looking to get in on the action a bit, and perhaps curry favor with Podesta and the Clinton camp in shaping public policy. Donald Trump has long claimed that Clinton is too cozy with big businesses, and one cannot dismiss the fact that Facebook has a global user base of 1.7 billion users. When you toss in the fact that Facebook came under fire earlier this year for allegedly suppressing conservative news outlets in the Trending News bar, questions begin to arise about Facebook’s impartiality in the political race. The report also notes that Sandberg is at the top of the list when it comes to picks for Treasury Secretary, if Clinton wins the election. In an interview with Politico, David Segal, executive director for Demand Progress, said “[Sandberg] is a proxy for this growing problem that is the hegemony of five to ten major Silicon Valley platforms.” Lina Khan, a fellow with the Open Markets Program at the New American think tank adds: “If a senior Cabinet member is from Facebook, at worst it could directly interfere [in antitrust actions]. But even in the best of cases there’s a real worry that it will have a chilling effect on good-faith antitrust efforts to scrutinize potential anti-competitive implications of dominant tech platforms.” Read more of this story at Slashdot.