The Electronic Frontier Foundation and mobile security company Lookout released a report today detailing a major hacking campaign — dubbed Dark Caracal — that’s believed to have originated from Lebanon’s General Directorate of General Security (GDGS), one of the country’s intelligence agencies. The companies found information gathered from thousands of victims from over 20 countries through espionage efforts extending back to 2012. Targets included military personnel, journalists, activists, financial institutions and manufacturing companies and some of the stolen data included documents, call records, texts, contact information and photos. Michael Flossman, a Lookout security researcher, told the Associated Press , “It was everything. Literally everything.” The hackers used malicious apps that resembled legitimate communication platforms like Signal and WhatsApp to steal the trove of data, loading up the fake versions with malware that allowed them to tap into users’ conversations. “One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit, ” EFF Staff Technologist Cooper Quintin said in a statement . “Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware.” However, the hackers’ storage of the stolen info also wasn’t terribly sophisticated, as it was all left exposed online on an unprotected server. “It’s almost like thieves robbed the bank and forgot to lock the door where they stashed the money, ” Mike Murray, Lookout’s head of intelligence, told the AP . The EFF and Lookout were able to link the data to a WiFi network coinciding with the location of Lebanon’s GDGS. “Based on the available evidence, it is likely that the GDGS is associated with or directly supporting the actors behind Dark Caracal, ” noted the report. EFF Director of Cybersecurity Eva Galperin said that pinpointing the campaign to such a precise location was remarkable, telling the AP , “We were able to take advantage of extraordinarily poor operational security.” Via: Associated Press Source: Lookout
Visit link:
Lebanese hackers stole a ton of data then left it on an open server
Warner Bros Entertainment has sued talent agency Innovative Artists, claiming that the agency ran its own pirate site when it ripped DVD screeners and streamed them to associates via Google servers. TorrentFreak adds: In a lawsuit filed in a California federal court, Warner accuses the agency of effectively setting up its own pirate site, stocked with rips of DVD screeners that should have been kept secure. “Beginning in late 2015, Innovative Artists set up and operated an illegal digital distribution platform that copied movies and then distributed copies and streamed public performances of those movies to numerous people inside and outside of the agency, ” the complaint reads. “Innovative Artists stocked its platform with copies of Plaintiff’s works, including copies that Innovative Artists made by ripping awards consideration ‘screener’ DVDs that Plaintiff sent to the agency to deliver to one of its clients.” Given its position in the industry, Innovative Artists should have known better than to upload content, Warner’s lawyers write. Read more of this story at Slashdot. 
sciencehabit quotes a report from Science Magazine: If you shatter a bone in the future, a 3D printer and some special ink could be your best medicine. Researchers have created what they call “hyperelastic bone” that can be manufactured on demand and works almost as well as the real thing, at least in monkeys and rats. Though not ready to be implanted in humans, bioengineers are optimistic that the material could be a much-needed leap forward in quickly mending injuries ranging from bones wracked by cancer to broken skulls. Researchers at Northwestern University, Evanston, in Illinois are working on a hyperelastic bone, which is a type of scaffold made up of hydroxyapatite, a naturally occurring mineral that exists in our bones and teeth, and a biocompatible polymer called polycaprolactone, and a solvent. Hydroxyapatite provides strength and offers chemical cues to stem cells to create bone. The polycaprolactone polymer adds flexibility, and the solvent sticks the 3D-printed layers together as it evaporates during printing. The mixture is blended into an ink that is dispensed by the printer, layer by layer, into exact shapes matching the bone that needs to be replaced. The idea is, a patient would come in with a nasty broken bone — say, a shattered jaw — and instead of going through painful autograft surgeries or waiting for a custom scaffold to be manufactured, he or she could be x-rayed and a 3D-printed hyperelastic bone scaffold could be printed that same day. Read more of this story at Slashdot. 
An anonymous reader writes: “NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1, 500 man-hours to replicate, ” reports Softpedia. “The infection took place on the computer belonging to CSLFR’s crew chief. Winston’s staff detected the infection when encrypted files from Winston’s computer began syncing to their joint Dropbox account.” It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt’s authors decided to shut down their operations and release free decryption keys. Read more of this story at Slashdot. 
Reader wiredmikey writes: Swedish military computers were hacked and used in an attack targeting major U.S. banks in 2013, the armed forces said on Monday. The attack knocked out the web sites of as many as 20 major U.S. banks and financial institutions, sometimes for several days. According to Swedish military spokesman Mikael Abramsson, a server in the Swedish defense system had a vulnerability which was exploited by hackers to carry out the attacks. At the time, the attack, which began in 2012 and continued for months, was one of the biggest ever reported. U.S. officials blamed Iran, suggesting it was in retaliation for political sanctions and several earlier cyberattacks on its own systems. Read more of this story at Slashdot. 
Reader MojoKid writes: Some might say there’s no such thing as a one-size-fits-all solution when it comes to computing, and that’s especially true for workstation graphics professionals who need varying levels of performance and memory space. For that reason, NVIDIA is now offering a version of its Quadro M6000 graphics card with 24GB of GDDR5 memory, twice as much memory as much as the original model. According to NVIDIA, customers rendering datasets larger than 12GB can experience up to 5X faster performance compared to the previous Quadro M6000. Like the 12GB version, the new 24GB Quadro M6000 is based on NVIDIA’s Maxwell architecture. It has 3, 072 CUDA cores, a 384-bit memory bus, four DisplayPort 1.2 connectors, a single DVI-I connectors, and a maximum power consumption rating of 250W. In addition to the doubling the memory buffer, NVIDIA added a few other features, including more GPU clock options, greater software temperature control to keep the GPU temp below the point where throttling occurs, and a new under-power boot message if the card is ever under powered. Read more of this story at Slashdot.