Tag: funny

Malicious Apps Brought Ad-Clicking ‘Judy’ Malware To Millions Of Android Phones

An anonymous reader quotes Fortune: The security firm Checkpoint on Thursday uncovered dozens of Android applications that infected users’ devices with malicious ad-click software. In at least one case, an app bearing the malware was available through the Google Play app store for more than a year. While the actual extent of the malicious code’s spread is unknown, Checkpoint says it may have reached as many as 36.5 million users, making it potentially the most widely-spread malware yet found on Google Play… The nefarious nature of the programs went unnoticed in large part, according to Checkpoint, because its malware payload was downloaded from a non-Google server after the programs were installed. The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker. Read more of this story at Slashdot.

See original article:
Malicious Apps Brought Ad-Clicking ‘Judy’ Malware To Millions Of Android Phones

New Solar Plane Plans Non-Stop Flight Around The World

An anonymous reader quotes Bloomberg: [A] Russian tycoon and his Renova Group plan a record-breaking effort to send a plane around the world nonstop using only the power of the sun. If all goes well, a single pilot will fly for five days straight at altitudes of up to 10 miles, about a third higher than commercial airliners. The project isn’t just a stunt. The glider-style airplane with a 36-meter (120-foot) wingspan will be a test of technologies that are set to be used to build new generations of autonomous craft for the military and business, say aerospace experts. They will fly continuously, have far greater reach and control than satellites and expand broadcast, communication and spying capabilities around the globe… “Our flight should prove that it’s possible to make long-distance flights using solar energy, ” said Mikhail Lifshitz, Renova’s director of high-tech asset development and a qualified pilot-instructor. A “flying laboratory” test-plane will be ready by year-end, Lifshitz said in an interview. The plane will conserve power by slowly gliding down from the high altitudes at night — without ever touching the ground. In comparison a solar plane (partially funded by Google) already circled the earth last year — but it took 22 days, and made 17 different stops. Read more of this story at Slashdot.

Excerpt from:
New Solar Plane Plans Non-Stop Flight Around The World

Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn

Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle ‘attack vector’ as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. “By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device, ” they write. Read more of this story at Slashdot.

More:
Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn

JSON Feed Announced As Alternative To RSS

Reader Anubis IV writes: With Slashdot recently asking whether we still use RSS, it may come as a surprise that something interesting has happened in the world of news feeds this week. JSON Feed was launched as an alternative to RSS and Atom, eschewing the XML they rely on — which is frequently malformed and difficult to parse — in favor of a human readable JSON format that reflects the decades of combined experience its authors have in the field. The JSON Feed spec is a simple read that lays out a number of pragmatic benefits the format has over RSS and Atom, such as eliminating duplicate entries, adding the ability to paginate feeds so that old entries remain available, and reducing the need for clients to scrape sites to find images and other resources. Given that it’s authored by the developers behind one of the earliest, popular RSS clients and a recently Kickstarted blogging platform, the format is intended to address the common pain points currently faced by developers when producing and parsing feeds. While it remains to be seen whether JSON Feed will escape the chicken-and-egg stage of adoption, several clients have already added support for the fledging format in the week since its announcement, including Feedbin, Inoreader, and NewsBlur. Read more of this story at Slashdot.

Visit link:
JSON Feed Announced As Alternative To RSS

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.” Read more of this story at Slashdot.

Visit link:
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

Popular Torrent Site ExtraTorrent Permanently Shuts Down

ExtraTorrent, the world’s second largest torrent index, on Wednesday said it is permanently shutting its doors. The site, which launched in 2006, had steadily climbed the ranks in the piracy world to become the second most popular torrent site, observing millions of daily views. TorrentFreak adds: “ExtraTorrent with all mirrors goes offline.. We permanently erase all data. Stay away from fake ExtraTorrent websites and clones. Thx to all ET supporters and torrent community. ET was a place to beâ¦.” TorrentFreak reached out to ExtraTorrent operator SaM who confirmed that this is indeed the end of the road for the site. “It’s time we say goodbye, ” he said, without providing more details. ExtraTorrent is the latest in a series of BitTorrent giants to fall in recent months. Previously, sites including KickassTorrents, Torrentz.eu, TorrentHound and What.cd went offline. Read more of this story at Slashdot.

Original post:
Popular Torrent Site ExtraTorrent Permanently Shuts Down

Microsoft Finally Bans SHA-1 Certificates In Its Browsers

An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.

View the original here:
Microsoft Finally Bans SHA-1 Certificates In Its Browsers

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

Remember that “kill switch” which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. “I can confirm we’ve had versions without the kill switch domain connect since yesterday, ” Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday… Another researcher confirmed they have seen samples of the malware without the killswitch. Read more of this story at Slashdot.

Originally posted here:
Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

Trump Signs Executive Order On Cybersecurity

President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.

Continued here:
Trump Signs Executive Order On Cybersecurity

Google Found Over 1,000 Bugs In 47 Open Source Projects

Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.

View original post here:
Google Found Over 1,000 Bugs In 47 Open Source Projects