feeds – Page 34 – Tech Today w/ Ken May

Attack for Flash 0day goes live in popular exploit kit

If you’ve been meaning to disable Adobe Flash, now might be a good time. Attacks exploiting a critical vulnerability in the latest version of the animation software have been added to a popular exploitation kit, researchers confirmed. Attackers often buy the kits to spare the hassle of writing their own weaponized exploits. Prolific exploit sleuth Kafeine uncovered the addition to Angler , an exploit kit available in underground forums. The zero-day vulnerability was confirmed by Malwarebytes . Malwarebytes researcher Jérôme Segura said one attack he observed used the new exploit to install a distribution botnet known as Bedep. Adobe officials say only that they’re investigating the reports. Until there’s a patch, it makes sense to minimize use of Flash when possible. AV software from Malwarebytes and others can also block Angler attacks. Read on Ars Technica | Comments

Read this article:
Attack for Flash 0day goes live in popular exploit kit

Liveblog: Windows 10 “The Next Chapter” event on January 21st

REDMOND—Microsoft is unveiling the next major beta of Windows 10, the Consumer Preview, with an event at the company’s home in Redmond, Washington. We’ll be on the scene to report on the news and get a first look at the new release. We’re expecting to see the new Continuum feature that adapts the Windows interface on 2-in-1 devices and a new browser that sheds the legacy (and name) of Internet Explorer. Representatives of the Xbox team will also be at the event, with Microsoft having news about Windows gaming—though precisely what that will be is currently a mystery. Read on Ars Technica | Comments

Taken from:
Liveblog: Windows 10 “The Next Chapter” event on January 21st

How installing League of Legends and Path of Exile left some with a RAT

Official releases for the League of Legends and Path of Exile online games were found laced with a nasty trojan after attackers compromised an Internet platform provider that distributed them to users in Asia. The compromise of consumer Internet platform Garena allowed the attackers to attach malicious software components to the official installation files for the two games, according to a blog post published Monday by antivirus provider Trend Micro. In addition to the legitimate game launcher, the compromised executable file also included a dropper that installed a remote access tool known as PlugX and a cleaner file that overwrote the infected file after it ran. According to Trend Micro, the attackers took care to conceal their malware campaign, an effort that may have made it hard for victims to know they were infected. The cleaner file most likely was included to remove evidence that would tip users off to a compromise or the origin of the attack. The cryptographic hash that was included with the tampered game files was valid, so even people who took care to verify the authenticity of the game installer would have no reason to think it was malicious, Trend Micro researchers said. The researchers linked to this December 31 post from Garena . Translated into English, one passage stated: “computers and patch servers were infected with trojans. As a result, all the installation files distributed for the games League of Legends and Path of Exile are infected.” Read 2 remaining paragraphs | Comments

See the article here:
How installing League of Legends and Path of Exile left some with a RAT

British spy agency captured 70,000 e-mails of journalists in 10 minutes

The Government Communications Headquarters (GCHQ), the British sister agency of the National Security Agency, captured 70,000 e-mails of journalists in 10 minutes during a November 2008 test. According to The Guardian , which on Monday cited some of its Snowden documents as its source (but did not publish them), the e-mails were scooped up as part of the intelligence agency’s direct fiber taps . Journalists from the BBC, Reuters, The Guardian, The New York Times, Le Monde, The Sun , NBC, and The Washington Post were apparently targeted. Read 2 remaining paragraphs | Comments

More here:
British spy agency captured 70,000 e-mails of journalists in 10 minutes

Pirates defeating watermarks, releasing torrents of Oscar movie screeners

When an incomplete and early version of the X-Men Origins: Wolverine leaked to torrent sites in 2009, Twentieth Century Fox announced that the uploader “will be prosecuted to the fullest extent of the law.” “We forensically mark our content so we can identify sources that make it available or download it,” the studio said in a statement. Nabbed by a watermark, a New York man subsequently pleaded guilty to making the movie available on Megaupload. Gilberto Sanchez was sentenced to a year in prison in 2011. A triumphant US Attorney Andre Birotte Jr . said that “sentence handed down in this case sends a strong message of deterrence to would-be Internet pirates.” Read 6 remaining paragraphs | Comments

View article:
Pirates defeating watermarks, releasing torrents of Oscar movie screeners

Google drops more Windows 0-days. Something’s gotta give

Google’s security researchers have published another pair of Windows security flaws that Microsoft hasn’t got a fix for, continuing the disagreement between the companies about when and how to disclose security bugs. The first bug affects Windows 7 only and results in minor information disclosure. Microsoft says, and Google agrees, that this does not meet the threshold for a fix. Windows 8 and up don’t suffer the same issue. The second bug is more significant. In certain situations, Windows doesn’t properly check the user identity when performing cryptographic operations, which results in certain shared data not being properly encrypted. Microsoft has developed a fix for this bug, and it was originally scheduled for release this past Tuesday. However, the company discovered a compatibility issue late in testing, and so the fix has been pushed to February. Read 7 remaining paragraphs | Comments

See the original post:
Google drops more Windows 0-days. Something’s gotta give

Marriott tentatively backs off Wi-Fi blocking plans

In a brief statement on Wednesday evening , hotel chain Marriott International said that it would not block any personal Wi-Fi devices belonging to its customers. Marriott International listens to its customers, and we will not block guests from using their personal Wi-Fi devices at any of our managed hotels. Marriott remains committed to protecting the security of Wi-Fi access in meeting and conference areas at our hotels. We will continue to look to the FCC to clarify appropriate security measures network operators can take to protect customer data, and will continue to work with the industry and others to find appropriate market solutions that do not involve the blocking of Wi-Fi devices. Despite that pledge, Re/Code reports that the company is not rescinding a request for rulemaking that it submitted to the Federal Communications Commission late last year, in which it asked for the Commission’s blessing to block personal hotspots. In October, Marriott was fined $600,000 by the FCC following a complaint that one of its Nashville, Tennessee branches was interfering with and disabling personal Wi-Fi hotspots set up by its customers. Marriott agreed to pay the fine but remained defiant, asking the FCC to allow it to resume its practice. Read 1 remaining paragraphs | Comments

Man gets 10 years in prison after perpetrating website sales scam

A California man was sentenced Tuesday to 10 years in prison after engaging in a years-long scheme to defraud people who responded to his ads selling domain names and websites that he claimed continually generated revenue. Federal prosecutors alleged that John Winston Boone scammed 18 people for approximately $1.3 million—providing false PayPal records to his victims to illustrate this profitability. Initially, Boone plead not guilty, but later changed his plea in late 2013. United States District Judge Otis D. Wright II, who was the same judge in a 2013 Los Angeles Prenda hearing , called the defendant’s conduct “cruel and callous.” Judge Wright also noted that Boone “showed a lack of humanity that was so base and so depraved.” Read 3 remaining paragraphs | Comments

Continue reading here:
Man gets 10 years in prison after perpetrating website sales scam

Silk Road stunner: Ulbricht admits founding the site, but says he isn’t DPR

Once they got the chance, it took prosecutors less than a minute to point the finger—literally—at Ross Ulbricht. The jury of six men and six women were assembled in Manhattan’s federal courthouse to hear a story about a “dark and secret part of the Internet,” government lawyer Timothy Howard explained. The story was about “a website called Silk Road, where anybody, anywhere could buy and sell dangerous drugs with the click of a mouse.” “That man,” Howard said, turning to look straight at Ulbricht and extending his arm towards him. “The defendant—Ross Ulbricht— he was the kingpin of this criminal empire.” Read 35 remaining paragraphs | Comments

Originally posted here:
Silk Road stunner: Ulbricht admits founding the site, but says he isn’t DPR

Red light camera vendor Redflex freaked out it may lose contracts

In a new Friday filing with the Australian Securities Exchange, Redflex, a prominent red light camera vendor, said that it could be facing an immediate net book value loss of $3.2 million if it permanently loses contracts in New Jersey and Ohio. In November 2014, the company told investors that the North American market is a “low/no-growth market.” Since 2009, the Garden State has operated a pilot program with Redflex cameras, but that program expired on December 16, 2014. The New Jersey Department of Transportation is now set to analyze its five years’ worth of data, write a report, and recommend whether to permanently halt the program or resurrect it. Meanwhile, in Ohio, even after the state’s Supreme Court upheld their use, Governor John Kasich signed into law in December 2014 a new bill that requires a police officer’s physical presence for tickets that are issued from traffic cameras. The law takes effect 90 days after the governor’s signature, and it could mean that cities will have less of a reason to maintain their camera systems. Read 3 remaining paragraphs | Comments

See the original article here:
Red light camera vendor Redflex freaked out it may lose contracts