Tag: digest

Zero-day Flash bug under active attack in Windows threatens OS X, Linux too

A fragment of the shellcode exploiting a critical vulnerability in Adobe Flash. Kaspersky Lab A day after reports that attackers are exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser , researchers warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe’s ubiquitous Flash media player. The attacks were hosted on the Syrian Ministry of Justice website at hxxp://jpic.gov.sy and were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab. The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page. The attackers appear to be unrelated to those reported on Sunday who exploited a critical security bug in Internet Explorer, a Kaspersky representative told Ars. While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776  and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well. Adobe has updated all three versions to plug the hole. Because security holes frequently become much more widely exploited in the hours or days after they are disclosed, people on all three platforms should update as soon as possible . People using IE 10 and 11 on Windowws 8 will receive the update automatically, as will users of Google’s Chrome browser. It can sometimes take hours for the automatic updates to arrive. Those who are truly cautious should consider manually installing them. Read 4 remaining paragraphs | Comments

More here:
Zero-day Flash bug under active attack in Windows threatens OS X, Linux too

Netflix is paying Verizon for network connection to speed up video

Netflix today confirmed that it reached an interconnection agreement with Verizon, similar to the one it recently struck with Comcast. “We have reached an interconnect arrangement with Verizon that we hope will improve performance for our joint customers over the coming months,” Netflix spokesperson Joris Evers told Ars. “It is a paid interconnect agreement.”Word of the deal first leaked on Twitter when analyst Walter Piecyk wrote , “Verizon CEO [Lowell McAdam] confirms they have signed direct connection deal with Netflix like Comcast’s.” When contacted by Ars, Piecyk said that “McAdam confirmed a deal with Netflix in answer to our question at a group investor meeting [today]. No further details were provided on the financial terms.” Read 7 remaining paragraphs | Comments

See more here:
Netflix is paying Verizon for network connection to speed up video

Bank robbers use KVM switch and 3G router to steal money

The networked KVM switch and 3G router used to rob a Barclays Bank branch remotely. Metropolitan Police, London Nine members of a London-based gang have been convicted  and three others are scheduled for sentencing in June for a series of electronic bank robberies. Using social engineering to install a remote-controlled keyboard-video-mouse (KVM) switch on bank PCs, the gang managed to transfer millions to outside accounts in two separate jobs in April and July of 2013. They were caught attempting to rob a third bank in September. Dean Outram, 32, entered all three banks claiming to be from a tech support contractor and saying he was there to repair computers. At each bank branch robbed, Outram installed a KVM switch and a 3G wireless router . From a “control center” in central London, others then used the KVM switches to gain access to the PCs of bank employees, remotely logging keystrokes and monitoring screen activity to get the information necessary to transfer funds from customers’ accounts to accounts controlled by the group. In the first attempt, the group managed to make 128 fund transfers totaling £1.3 million (about $2 million) in one day from a branch of Barclays Bank. The bank detected the fraud the same day and recovered about £600,000 ($1 million) of the funds before the gang drained the accounts. In its second attempt at another Barclays branch, the group was able to make off with £90,000 (about $150,000). Read 3 remaining paragraphs | Comments

Visit link:
Bank robbers use KVM switch and 3G router to steal money

Review: Gigabyte’s AMD Brix gives Intel’s mini PC a run for its money

Gigabyte’s AMD Brix (top) is, if anything, even smaller than Intel’s latest NUC (bottom). Andrew Cunningham When AMD sent us the Brix Gaming for review, it wasn’t alone in its box. We were also sent another, smaller Brix with an AMD processor, and it’s the antithesis of its big loud cousin. It’s basically the AMD take on the NUC : a small, quiet, unobtrusive little box that still tries to deliver the features and performance of a full-size entry-level desktop. We originally planned to review both in one shot, but there was so much to say about the Brix Gaming that the GB-BXA8-5545 (say that three times fast) got edged out. Rather than bury it, we’ve decided to give it its own evaluation. It’s the only AMD-powered desktop in the same size category as the NUC that doesn’t use a wimpy netbook-class processor. And as much as Intel’s integrated GPUs have improved in recent years, the name “AMD” still means something when it comes to graphics performance. Surprise, it’s a tiny cube! Like most other mini PCs, the Brix is a tiny box with a small external power supply. Andrew Cunningham Specs at a glance: Gigabyte Brix GB-BXA8-5545 OS Windows 8.1 x64 CPU 1.7GHz AMD A8-5545M, Turbo Boost up to 2.7GHz available with proper BIOS settings RAM 8GB 1333MHz DDR3 (supports up to 16GB) GPU AMD Radeon 8510G (integrated) HDD 128GB Crucial M500 mSATA SSD Networking 2.4GHz 802.11n Wi-Fi, Bluetooth 4.0, Gigabit Ethernet Ports 4x USB 3.0, 1x mini DisplayPort 1.2, 1x HDMI 1.4a, audio Size 4.24” x 4.5” x 1.18” (107.6 x 114.4 29.9 mm) Other perks Kensington lock, VESA mounting bracket Warranty 1 year Price $249.99 (barebones), $494.97 with listed components and software The other Brix boxes we’ve reviewed have been larger and more powerful machines, but the smaller Intel and AMD-based Brixes are a lot more like the original Intel NUC. This one’s a short, square little device that’s actually a little shorter than the NUC. It’s an understated all-black system with matte metal sides and a glossy plastic top, and while it has an external power brick it doesn’t add much to the total size of the package. With the adapters, it’s roughly the size you’d get with standard PC laptops and Ultrabooks, since the Brix uses low-voltage mobile parts rather than full-fledged desktop chips. Read 17 remaining paragraphs | Comments

View article:
Review: Gigabyte’s AMD Brix gives Intel’s mini PC a run for its money

Man uses Raspberry Pi to build actual working cell phone for $158

David Hunt Raspberry Pi-using tinkerer David Hunt—who previously built a bark-activated door opener for dogs—is at it again with a real, working cell phone powered by the tiny computer and a few other items. “PiPhone” cost Hunt $158 to build with these components, all held together with cable ties: Raspberry Pi Model B – $40 PiTFT Touchscreen 320×240 – $35 2500mAh LiPo battery – $15 SIM900 GSM/GPRS module – $48 DC-DC boost converter 3.3V – 5V 1A – $10 Cables, connectors, switch, etc. – $10 “As you can see from the cost of the components, you’d be FAR better off going into your local phone store and picking up a normal smartphone, but hey, where’s the fun in that?” Hunt wrote on his blog today . “I got a great kick out of the first phone call I made with this thing. And it won’t stay in one piece for long, I’ll be using those parts for other projects very soon!” Read 5 remaining paragraphs | Comments

Follow this link:
Man uses Raspberry Pi to build actual working cell phone for $158

Covert Bitcoin miner found stashed in malicious Google Play apps

Lookout Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins. The malware, dubbed “BadLepricon” by its creators, was stowed away inside six separate wallpaper apps that had from 100 to 500 downloads each, according to a blog post published Thursday by researchers from Lookout, an anti-malware provider for smartphones. Google employees promptly removed the offending apps once Lookout reported them. It’s at least the second time in a month that third-party researchers have discovered cryptocurrency-mining apps available for download on Google servers. Four weeks ago, researchers from Trend Micro reported they found two apps downloaded from one million to five million times that mined the Litecoin and Dogecoin cryptocurrencies without explicitly informing end users. “These apps did fulfill their advertised purpose in that they provided live wallpaper apps, which vary in theme from anime girls to ‘epic smoke’ to attractive men,” Meghan Kelly, a Lookout security communications manager, wrote in Thursday’s blog post. “However, without alerting you in the terms of service, BadLepricon enters into an infinite loop where—every five seconds—it checks the battery level, connectivity, and whether the phone’s display was on.” Read 3 remaining paragraphs | Comments

View article:
Covert Bitcoin miner found stashed in malicious Google Play apps

In just one year, Zynga has lost nearly half of its daily active users

It’s been a rough year for Zynga, which has relegated founder Mark Pincus to being chairman of the board. Fortune Live Media Zynga needs some good news, and fast: in its Tuesday quarterly earnings filling, the company reported that its daily active users rose from 27 million in the last quarter of 2013 to 28 million this quarter. But when compared to the first quarter of 2013 , Zynga had 53 million daily active users—which means the company has lost about half of its most active players in a year. Just months after Zynga spent $527 million on NaturalMotion , maker of Clumsy Ninja , the embattled social gaming firm also announced that it ended its first quarter by losing over $61 million. At this time last year, the company had profited $4.1 million during the first three months of 2013. Still, the company’s chief executive tried to play the loss down. Read 3 remaining paragraphs | Comments

See the original article here:
In just one year, Zynga has lost nearly half of its daily active users

Next-gen Thunderbolt doubles speeds but changes the connector

The leaked slide that purports to out the next-generation Thunderbolt controller. VR-Zone Thunderbolt 2 just started showing up in devices late last year, but a new slide leaked by VR-Zone is giving us our first glimpse at what the next version is going to look like. Dubbed “Alpine Ridge,” the new Thunderbolt controllers will double Thunderbolt 2’s bandwidth from 20Gbps to 40Gbps, will reportedly support PCI Express 3.0, and will reduce power usage by 50 percent compared to current controllers. The downside is that the new version will require the use of a new connector—it supports charging for devices that use up to 100W of power and it’s 3 mm shorter than current connectors, but adapters will be required to maintain compatibility with older Thunderbolt accessories. Doubling the available bandwidth will enable next-generation Thunderbolt controllers to drive two 4K displays simultaneously, where current controllers can only drive one. The new controllers will allegedly be compatible with a variety of other protocols as well, including DisplayPort 1.2, USB 3.0, and HDMI 2.0. Intel will offer two different versions of the controller—a version that uses four PCI Express lanes to drive two Thunderbolt ports and an “LP” (presumably “Low Power”) version that uses two PCI Express lanes to drive one port. This is consistent with the current controllers. High-end devices like the Mac Pro and Retina MacBook Pro use two-port controllers, while lower-end, lower-power devices like the Mac Mini and MacBook Air use the one-port version. Thunderbolt 2 gave the specification a performance boost but didn’t change all that much about the protocol. It combined the original Thunderbolt’s two 10Gbps channels to allow for higher maximum speeds, but it didn’t increase the total amount of bandwidth available or introduce any new protocols. The upside is that it maintained full compatibility with all of the original Thunderbolt cables and accessories, something that this next-generation Thunderbolt controller won’t be able to do without adapters (though to be fair, USB 3.1 and the new Type-C USB connector have the same problem). Read 2 remaining paragraphs | Comments

View original post here:
Next-gen Thunderbolt doubles speeds but changes the connector

Using bugs—aphids, specifically—to spy on plants’ electrical communications

I’m catching some signals, fellow aphid. Are you? benimoto Internal communications in plants share striking similarities with those in animals, new research reveals . With the help of tiny insects, scientists were able to tap into this communication system. Their results reveal the importance of these communications in enabling plants to protect themselves from attack by insect pests. Like any organism, plants need to transport essential nutrients from one part to another. This is achieved by two parts of the plant: the xylem and the phloem. Xylem, which is largely made of dead cells, transports water and dissolved nutrients obtained by roots up to the aerial tissues of the plants. By contrast, the phloem is made up of living cells—active tubes that transport a syrupy sap, rich in sugars made by photosynthesis in the leaves. In the 1980s, scientists discovered that phloem cells also function as a communication system through which electrical signals travel, similar to the electrical signals transmitted through the neurons in your nervous system. Read 14 remaining paragraphs | Comments

More:
Using bugs—aphids, specifically—to spy on plants’ electrical communications

Active malware campaign steals Apple passwords from jailbroken iPhones

Sophos Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads. News of the malware, dubbed “unflod” based on the name of a library that’s installed on infected devices, first surfaced late last week on a pair of reddit threads here and here . In the posts, readers reported their jailbroken iOS devices recently started experiencing repeated crashes, often after installing jailbroken-specific customizations known as tweaks that were not a part of the official Cydia market , which acts as an alternative to Apple’s App Store. Since then, security researcher Stefan Esser has performed what’s called a static analysis on the binary code that the reddit users isolated on compromised devices. In a blog post reporting the results , he said unflod hooks into the SSLWrite function of an infected device’s security framework. It then scans it for strings accompanying the Apple ID and password that’s transmitted to Apple servers. When the credentials are found, they’re transmitted to attacker-controlled servers. Read 6 remaining paragraphs | Comments

Link:
Active malware campaign steals Apple passwords from jailbroken iPhones