by: SANS Pen Test Team Imagine you are sitting at your desk and come across a great command line tip that will assist you in your careeras an information security professional, so you jot the tip down on a note, post-it, or scrap sheet of paper and tape it to your white board… now … Continue reading SANS Poster – White Board of Awesome Command Line Kung Fu (PDF Download)
Excerpt from:
"SANS Poster – White Board of Awesome Command Line Kung Fu (PDF Download)"
After two developer previews, Android 8.1 Oreo is ready for the masses. Google announced that the new OS is rolling out now and is posting system images for the Pixel 2 and 2 XL , the Pixel 1 and 1 XL, the Pixel C tablet, and the Nexus 6P and 5X. The Android Open Source Project (AOSP) code drop should be happening now, too. Android 8.1 Oreo is a minor maintenance release after the major update of Android 8.0 . The biggest feature in 8.1 is a new ” Neural Networks API ” (NNAPI), which is designed for running machine learning operations on mobile devices. Phones with specialized machine learning hardware can hardware accelerate this API, while older devices can use a CPU fallback mode. The API provides a base layer higher-level machine-learning framework to plug into, like Google’s TensorFlow Lite. Read 5 remaining paragraphs | Comments
Original post:
Android 8.1 Oreo goes final, rolling out now to Pixel and Nexus devices
Joseph Cox, reporting for DailyBeat: Uber’s ride-sharing service has given birth to some of the most creative criminal scams to date, including using a GPS-spoofing app to rip off riders in Nigeria, and even ginning up fake drivers by using stolen identities. Add to those this nefariously genius operation: Cybercriminals, many working in Russia, have created their own illegitimate taxi services for other crooks by piggybacking off Uber’s ride-sharing platform, sometimes working in collaboration with corrupt drivers. Based on several Russian-language posts across a number of criminal-world sites, this is how the scam works: The scammer needs an emulator, a piece of software which allows them to run a virtual Android phone on their laptop with the Uber app, as well as a virtual private network (VPN), which routes their computer’s traffic through a server in the same city as the rider. The scammer acts, in essence, as a middleman between an Uber driver and the passenger — ordering trips through the Uber app, but relaying messages outside of it. Typically, this fraudulent dispatcher uses the messaging app Telegram to chat with the passenger, who provides pickup and destination addresses. The scammer orders the trip, and then provides the car brand, driver name, and license plate details back to the passenger through Telegram. Read more of this story at Slashdot.
Continue reading here:
The Underground Uber Networks Driven by Russian Hackers
An anonymous reader quotes a report from Fortune: Hackers have been burrowing their way inside the critical infrastructure of energy and other companies in the U.S. and elsewhere, warns cybersecurity giant Symantec. In a new report, Symantec claims that the threat of cyberattack-induced power outages in the west has elevated from a theoretical concern to a legitimate one in recent months. “We’re talking about activity we’re seeing on actual operational networks that control the actual power grid, ” Eric Chien, technical director of security technology and response at Symantec, told Fortune on a call. Reports surfaced over the summer of hackers targeting staff at nuclear energy facilities with phishing attacks, designed to steal login credentials or install malware on machines. The extent of the campaign as well as the question of whether the attackers had breached operational IT networks, rather than merely administrative ones, was unclear at the time. Symantec is now erasing all doubt. “There are no more technical hurdles for them to cause some sort of disruption, ” Chien said of the hackers. “All that’s left is really motivation.” Symantec detailed its findings in a report released Wednesday morning. The paper tracks the exploits of a hacker group that Symantec has dubbed DragonFly 2.0, an outfit that the company says it has linked to an earlier series of attacks perpetrated between 2011 and 2014 by a group it dubbed DragonFly. Read more of this story at Slashdot.
Read the original:
Hackers Have Penetrated Energy Grid, Symantec Warns
Turns out the partnership Sony and Funimation forged to create the latter’s streaming service wasn’t a one-off thing. Sony Pictures is currently in the process of buying 95 percent of Funimation for $143 million, putting the anime distributor’s value at around $150 million. Funimation’s streaming website, which launched earlier this year, has over 400 titles on offer, including Dragon Ball Z, Cowboy Bebop, One Piece and Attack on Titan . While the service is new, the company itself has been selling anime DVDs and merchandise for over two decades. Sony isn’t a newcomer in the space either — it owns the ANIMAX network, which airs anime in 23 countries around the globe, including Japan. It also owns AXN, a cable TV channel that broadcasts anime, action shows, movies and sports programs. By acquiring 95 percent of Funimation, though, it will also be in direct competition with Netflix and Hulu, which have animated offerings on top of TV shows and movies. Sony Pictures Television President Andy Kaplan said: “Around the world, Sony’s networks have been major players in the anime space for nearly two decades, and in more recent years we have rapidly increased our networks’ over-the-top and digital offerings to consumers. With the acquisition of Funimation, the combined IP of ANIMAX, KIDS STATION and Funimation allows us to deliver the best anime to fans across all screens and platforms.” Source: Sony Pictures
Nielsen might be the lord of all TV ratings, but they’ve been scrambling to catch up in this new media landscape we’re in. Over the years, the service has been shifting and adjusting its traditional model to take into account the new and myriad ways we are all consuming TV. And now, they have a new announcement: Nielsen is adding Hulu’s live TV service and YouTube TV to its traditional TV ratings. Nielsen has a separate digital ratings system , where it tracks what we’re watching (and how we’re watching it) on Netflix, Amazon Video and other streaming services. The noteworthy aspect here is that Nielsen is adding what’s watched on Hulu’s new live TV service and YouTube TV to its C3 and C7 ratings — time-shifted ratings of viewership three and seven days beyond airing that networks use to negotiate with advertisers. Right now, purely digital numbers are not incorporated into C3 and C7 numbers for many reasons, one of which is that different ads are shown on streaming versus TV. The service does blend digital and TV ratings for networks to show overall Total Audience numbers, but these aren’t used officially or directly for sales. Instead, the networks might use the data to discuss their overall reach, and advertisers could strategize accordingly. As more people, especially younger viewers, cut the cord and turn solely to streaming services for TV, it’s important that Nielsen change its model to accurately reflect what and how viewers are watching. There needs to be a more seamless integration between how TV and network executives treat digital and traditional TV; if it’s the same content, platform shouldn’t make as big of a difference as it does. Via: TechCrunch Source: Nielsen , The Wall Street Journal
Original post:
Nielsen counts live Hulu and YouTube TV streams for its ratings
An anonymous reader writes: “A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries, ” reports Bleeping Computer. Researchers say they identified several flaws in the VoLTE protocol (a mixture of LTE and VoIP) that allow an attacker to spoof anyone’s phone number and place phone calls under new identities, and extract IMSI and geo-location data from pre-call message exchanges. These issues can be exploited by both altering some VoLTE packets and actively interacting with targets, but also by passively listening to VoLTE traffic on an Android device. Some of these flaws don’t even need a full call/connection to be established between the victim and the target for the data harvesting operation to take place. Additionally, another flaw allows users to make calls and use mobile data without being billed. The team’s research paper, entitled “Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone” was presented last week at SSTIC (Symposium sur la Securite des Technologies de l’Information et des Communications), a security conference held each year in Rennes, France. Read more of this story at Slashdot.
More:
Hackers Can Spoof Phone Numbers, Track Users Via 4G VoLTE Mobile Technology
Duolingo is one of the best free ways to get started learning a new language, and they’re finally answering the pleas of wannabe polyglots everywhere by adding Japanese to their curriculum. Sugoi! Read more…
Read More:
Language App Duolingo Finally Added Japanese and It’s Great
President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.
Continued here:
Trump Signs Executive Order On Cybersecurity
President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.
Read More:
Trump Signs Executive Order On Cybersecurity