Tag: linkedin

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.” Read more of this story at Slashdot.

Visit link:
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

A Lowe’s Hardware Store Is Trialling Exoskeletons To Give Workers a Helping Hand

slew writes: Okay, this isn’t Aliens 2, but hardware chain Lowe’s is “outfitting employees with a simple exoskeleton to help them on the job, ” reports The Verge. “The company has partnered with Virginia Tech to develop the technology, which makes lifting and moving heavy objects easier. The non-motorized exoskeletons are worn like a harness, with carbon fiber rods acting as artificial tendons — bending when the wearer squats, and springing back when they stand up. Lowe’s has issued four of the custom-built suits to employees at a store in Christiansburg, Virginia. The equipment has been in use for over a month and the company says early feedback is extremely positive. ‘[Employees] wear it all day, it’s very comfortable, and it makes their job easier, ‘ says Kyle Nel, the director of Lowe’s Innovation Labs, adding that Lowe’s is working with scientists from Virginia Tech to conduct a proper survey of the technology’s usefulness. ‘It’s early days, but we’re doing some major studies, ‘ he says.” Read more of this story at Slashdot.

See the article here:
A Lowe’s Hardware Store Is Trialling Exoskeletons To Give Workers a Helping Hand

New Ransomware ‘Jaff’ Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It

An anonymous reader writes: The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed “Jaff”. Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky — like Jaff — also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes. “This is where the comparison ends, since the code base is different as well as the ransom itself, ” said Jerome Segura, a security researcher at Malwarebytes. “Jaff asks for an astounding 2 BTC, which is about $3, 700 at the time of writing.” Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed. And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday, or 13 million in total at the time it wrote up a blog post about the new threat. Read more of this story at Slashdot.

Originally posted here:
New Ransomware ‘Jaff’ Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It

Google Found Over 1,000 Bugs In 47 Open Source Projects

Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.

Continue reading here:
Google Found Over 1,000 Bugs In 47 Open Source Projects

Germany Sets New National Record With 85 Percent of Its Electricity Sourced From Renewables

Germany was able to set a new national record for the last weekend of April with 85 percent of all electricity consumed in the country being produced from renewables — wind, solar, biomass, and hydroelectric power. Digital Trends reports: Aided by a seasonal combination of windy but sunny weather, during that weekend the majority of Germany’s coal-fired power stations weren’t even operating, while nuclear power stations (which the country plans to phase out by the year 2022) were massively reduced in output. To be clear, this is impressive even by Germany’s progressive standards. By comparison, in March just over 40 percent of all electricity consumed in the country came from renewable sources. However, while the end-of-April weekend was an aberration, the hope is that it won’t be for too much longer. According to Patrick Graichen of the country’s sustainability-focused Agora Energiewende Initiative, German renewable energy percentages in the mid-80s should be “completely normal” by the year 2030. Read more of this story at Slashdot.

Read the original:
Germany Sets New National Record With 85 Percent of Its Electricity Sourced From Renewables

Google Found Over 1,000 Bugs In 47 Open Source Projects

Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.

View original post here:
Google Found Over 1,000 Bugs In 47 Open Source Projects

Microsoft Finally Bans SHA-1 Certificates In Its Browsers

An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.

Read More:
Microsoft Finally Bans SHA-1 Certificates In Its Browsers

New Ransomware ‘Jaff’ Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It

An anonymous reader writes: The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed “Jaff”. Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky — like Jaff — also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes. “This is where the comparison ends, since the code base is different as well as the ransom itself, ” said Jerome Segura, a security researcher at Malwarebytes. “Jaff asks for an astounding 2 BTC, which is about $3, 700 at the time of writing.” Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed. And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday, or 13 million in total at the time it wrote up a blog post about the new threat. Read more of this story at Slashdot.

Read the original post:
New Ransomware ‘Jaff’ Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It

Google Found Over 1,000 Bugs In 47 Open Source Projects

Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.

See the article here:
Google Found Over 1,000 Bugs In 47 Open Source Projects

Germany Sets New National Record With 85 Percent of Its Electricity Sourced From Renewables

Germany was able to set a new national record for the last weekend of April with 85 percent of all electricity consumed in the country being produced from renewables — wind, solar, biomass, and hydroelectric power. Digital Trends reports: Aided by a seasonal combination of windy but sunny weather, during that weekend the majority of Germany’s coal-fired power stations weren’t even operating, while nuclear power stations (which the country plans to phase out by the year 2022) were massively reduced in output. To be clear, this is impressive even by Germany’s progressive standards. By comparison, in March just over 40 percent of all electricity consumed in the country came from renewable sources. However, while the end-of-April weekend was an aberration, the hope is that it won’t be for too much longer. According to Patrick Graichen of the country’s sustainability-focused Agora Energiewende Initiative, German renewable energy percentages in the mid-80s should be “completely normal” by the year 2030. Read more of this story at Slashdot.

Read more here:
Germany Sets New National Record With 85 Percent of Its Electricity Sourced From Renewables