Tag: microsoft

Attackers Drain CPU Power From Water Utility Plant In Cryptojacking Attack

darthcamaro writes: Apparently YouTube isn’t the only site that is draining CPU power with unauthorized cryptocurrency miners. A water utility provider in Europe is literally being drained of its CPU power via an cryptojacking attack that was undetected for three weeks. eWeek reports: “At this point, Radiflow’s (the security firm that discovered the cryptocurrency mining malware) investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Radiflow CTO Yehonatan Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows XP operating system. Radiflow’s CEO, Ilan Barda, noted that many SCADA environments still have Windows XP systems deployed as operators tend to be very slow to update their operating systems.” Radiflow doesn’t know how much Monero (XMR) cryptocurrency was mined by the malware, but a recent report from Cisco’s Talos research group revealed that some of the top un-authorized cryptocurrency campaigns generate over a million dollars per year. The average system would generate nearly $200, 000 per year. Read more of this story at Slashdot.

Follow this link:
Attackers Drain CPU Power From Water Utility Plant In Cryptojacking Attack

LibreOffice 6.0 Released: Features Superior Microsoft Office Interoperability, OpenPGP Support

prisoninmate writes: LibreOffice 6.0 comes two and a half years after the LibreOffice 5.x series, and it’s the biggest release of the open-source and cross-platform office suite so far. It introduces a revamped design with new table styles, improved Notebookbars, new gradients, new Elementary icons, menu and toolbar improvements, and updated motif/splash screen. LibreOffice 6.0 offers superior interoperability with Microsoft Office documents and compatibility with the EPUB3 format by allowing users to export ODT files to EPUB3. It also lets you import your AbiWord, Microsoft Publisher, PageMaker, and QuarkXPress documents and templates thanks to the implementation of a set of new open-source libraries contributed by the Document Liberation project. Many great improvements were made to the OOXML and ODF filters, as well as in the EMF+, Adobe Freehand, Microsoft Visio, Adobe Pagemaker, FictionBook, Apple Keynote, Pages, and Numbers, as well as Quattro Pro import functionality, and to the XHTML export. LibreOffice Online received numerous improvements as well in this major release of LibreOffice. Read more of this story at Slashdot.

View article:
LibreOffice 6.0 Released: Features Superior Microsoft Office Interoperability, OpenPGP Support

Washington Bill Makes It Illegal To Sell Gadgets Without Replaceable Batteries

Jason Koebler writes: A bill that would make it easier to fix your electronics is rapidly hurtling through the Washington state legislature. The bill’s ascent is fueled by Apple’s iPhone-throttling controversy, which has placed a renewed focus on the fact that our electronics have become increasingly difficult to repair. Starting in 2019, the bill would ban the sale of electronics that are designed “in such a way as to prevent reasonable diagnostic or repair functions by an independent repair provider. Preventing reasonable diagnostic or repair functions includes permanently affixing a battery in a manner that makes it difficult or impossible to remove.” Read more of this story at Slashdot.

Excerpt from:
Washington Bill Makes It Illegal To Sell Gadgets Without Replaceable Batteries

The Windows 10 control panel modernization continues: Fonts get some love

Enlarge / The Settings app is gaining new powers to control your PC’s settings. (credit: Thurrott.com ) The Windows user interface has a certain archaeological quality to it. While the upper layers tend to be new—using the styling and conventions of the day—dig a little deeper and you can find elements that are decades old. With each Windows release, Microsoft has heaped new stuff onto the pile, but it hasn’t spent much time going back and revamping the old bits. Very occasionally, the relics of yesteryear are identified and excised, but more often than not, they’re left alone. One area where this is particularly plain is Control Panel. Control Panel spans many eras of Windows development, and so Windows’ settings are spread across three different styles of interface. The very oldest are the individual Control Panel applets in their tabbed dialog boxes; more recent are the Explorer-based Control Panels. The very newest is the Settings app. With Windows 10, the company has, for the first time ever, taken serious strides toward modernizing even old parts of the operating system. With each new update, more and more settings are being moved from Control Panel into the Settings app. This creates the possibility that perhaps one day Windows will have a single application that is used for all its major settings and configurations. Read 4 remaining paragraphs | Comments

See the original article here:
The Windows 10 control panel modernization continues: Fonts get some love

Meltdown and Spectre CPU flaws threaten PCs, phones and servers

By now you’ve probably heard about a bug Intel is dealing with that affects processors built since 1995. But according to the people who found “Meltdown” and “Spectre, ” the errors behind these exploits can let someone swipe data running in other apps on devices using hardware from Intel, ARM and AMD. While server operators ( like Amazon ) apply Linux patches to keep people from accessing someone else’s information that’s being executed on the same system, what does this mean for your home computer or phone? Google’s Project Zero researchers identified the problems last year, and according to its blog post, execution is “difficult and limited” on the majority of Android devices. A list of potentially impacted services and hardware is available here , while additional protection has been added in the latest Android security update . In a statement, Microsoft said: “We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD.” In a blog post directed towards customers on its Azure server platform, the company said its infrastructure has already been updated, and that a “majority” of customers should not see a performance impact. Apple has not publicly commented on the issue, however security researcher Alex Ionescu points out that macOS 10.13.2 addresses the issue and said that the 10.13.3 update will include “surprises.” According to AMD, “Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time, ” however it has promised further updates as the information comes out. As for ARM, it says most processors are unaffected but it has specific information on the types that are available here . So what does this mean for you? On your devices the prescription is the same as always — make sure you have the latest security updates installed and try to avoid malware-laden downloads from suspicious or unknown sources. Source: MeltdownAttack.com

Read More:
Meltdown and Spectre CPU flaws threaten PCs, phones and servers

Intel says it will patch 90 percent of recent chips by next week (updated)

A little more than a day since Google Project Zero went public with its findings regarding a major security flaw in Intel ( and others ) chip designs, the company announced that it is already is pushing out patches to eliminate the vulnerability. Intel has “already issued updates for the majority of processor products introduced within the past five years, ” per the company press release, and expects to have 90 percent of affected chips produced within the past five years patched by the end of the week. The flaw, which afflicts chips made over the past decade, enables ordinary processes to determine the layout of protected kernel memory. This “software analysis method”, as Intel describes the flaw, allows a pair of exploits, dubbed “Meltdown” and “Spectre, ” to swipe data from other apps on vulnerable devices — be they PCs, servers or mobile phones — running Intel, ARM or AMD chips. The solution cooked up by Intel and its partners so far entails severing the link between the kernel and these processes, though that could have a dramatic impact on a patched chip’s operating speed. The company asserts that the impacts will be “highly workload-dependent” and not particularly noticeable by the average consumer. Update: Microsoft says it will release an update for Surface devices to protect them against the chip vulnerability. The company also explains that it “has not received any information to indicate that these vulnerabilities have been used to attack customers at this time.” You can check the list of Surface gear that will receive the patch at the link above, but Microsoft says the updates will be available devices running Windows 10 with Windows Update or through the Microsoft Download Center. Source: Intel

More:
Intel says it will patch 90 percent of recent chips by next week (updated)

US government names North Korea as the source of WannaCry

Donald Trump’s homeland security adviser, Tom Bossert, said in a Wall Street Journal op-ed that “after careful investigation, the U.S. today publicly attributes the massive ” WannaCry ” cyberattack to North Korea.” Coming during increasing tensions between the two countries over nuclear threats and Twitter outbursts, Bossert said this attribution is based on evidence and agrees with the findings from the UK and Microsoft. In the op-ed we did not see traces of the evidence used to link the May attack to the “Lazarus Group” (also blamed for the Sony Pictures hacking incident ) and North Korea, but the White House will reportedly follow up Tuesday with a more formal statement. While some, like Microsoft , have blamed the US government for stockpiling vulnerabilities — the WannaCry attack used an exploit based on technology apparently stolen from the NSA — the op-ed says: Stopping malicious behavior like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet. Bossert also called the attack reckless, while Reuters cites a “senior administration official” who declined to comment on whether or not the US believes it was a deliberate attack or accidental. So what happens now? According to the piece, the Trump administration “will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.” Source: Wall Street Journal

Read More:
US government names North Korea as the source of WannaCry

Opera Software Changes Name To Otello Corporation

Opera Software has changed its name to Otello Corporation, it said in a statement on Monday. From a report: Otello owns companies that develop software for advertising, telecoms, games and other online business. The name changes does not affect Opera Software AS or the Opera and Opera Mini internet browsers, all of which Otello sold in 2016, Opera Software AS said in a separate statement. Read more of this story at Slashdot.

Excerpt from:
Opera Software Changes Name To Otello Corporation

Russian hackers steal $10 million from ATMs through bank networks

The recent rash of bank system hacks goes deeper than you might have thought — it also includes stealing cash directly from ATMs. Researchers at Group-iB have published details of MoneyTaker, a group of Russian hackers that has stolen close to $10 million from American and Russian ATMs over the past 18 months. The attacks, which targeted 18 banks (15 of which were American), compromised interbank transfer systems to hijack payment orders — “money mules” would then withdraw the funds at machines. The first known attack was in the spring of 2016, when MoneyTaker hit First Data’s STAR network (the largest transfer messaging system for ATMs in the US). They also compromised Russia’s AW CRB network, and swiped documents for OceanSystems’ Fed Link system used by roughly 200 banks across the Americas. And in some cases, the group stuck around after the initial heist — at least one US bank’s documents were stolen twice, while the perpetrators kept spying on Russian bank networks. While it’s not clear who’s behind MoneyTaker, you’re only hearing about them now because they’re particularly clever. They’ve repeatedly switched their tools and methods to bypass software, and have taken care to erase their tracks. For instance, they’ve ‘borrowed’ security certificates from the US federal government, Bank of America, Microsoft and Yahoo. One Russian bank did manage to spot an attack and return some of the ill-gotten gains. This particular hack didn’t directly affect users, since it was more about intercepting bank-to-bank transfers than emptying personal accounts. However, it illustrates both the sophistication of modern bank hacks and the vulnerability of the banks themselves. While it would be difficult to completely prevent hacks, it’s clear that attackers are having a relatively easy time making off with funds and sensitive data. Via: Reuters Source: Group-iB (reg. required)

Excerpt from:
Russian hackers steal $10 million from ATMs through bank networks

HP Envy x2 hands-on: A Snapdragon-powered, always-on PC

For its first “Always Connected” PC, HP made a pragmatic choice: It stuffed a Qualcomm Snapdragon 835 processor into its latest Surface clone, the Envy x2 . The result is compelling: A thin and light laptop with 20 hours of battery life, and built-in LTE connectivity. It’s precisely the sort of machine that Microsoft envisioned when it revealed its vision of always connected devices at Computex . At first glance, the Envy X2 doesn’t seem that different than a typical hybrid PC. It’s slightly thinner than an iPad Pro, at 6.9 millimeters thick, and it weighs just 1.54 pounds. Thanks to its aluminum case, it feels like a premium device. The bundled keyboard case, which wraps around the entire tablet, also houses its kickstand. You won’t notice anything out of the ordinary until you take a look at the “System” menu to see that it’s powered by a Snapdragon process. Which, of course, is exactly what HP wants. Based on my short time with the x2, it felt a lot like HP’s recent Spectre x2 hybrid. The keyboard was comfortable to use and sturdy enough to handle my heavy typing style. Every key also had a satisfying amount of travel, something we don’t see too often on hybrid machines (aside from the Surface devices). Its case is a bit awkward though — while it offers a decent amount of protection, a built-in kickstand would be more convenient for using the x2 for things like viewing video in bed. Since it runs Windows 10 S out of the box, it can only run apps from the Windows Store. But, just like the Surface Laptop, you can also upgrade to Windows 10 Pro for free down the line. Performance-wise, the x2 kept up with me as I opened several Office apps, Paint 3D, and Edge windows and tabs. There weren’t any games to play, and I didn’t have a chance to test out extreme multi-tasking scenarios, unfortunately. But, for the most part, it seems like the x2 can handle basic productivity tasks, despite its mobile CPU. Another potential limiting factor is its 4GB of RAM, something that could easily get filled up if you’re addicted to opening dozens of browser tabs at once. Developing…

Link:
HP Envy x2 hands-on: A Snapdragon-powered, always-on PC