open source – Page 16

IT Crash Causes British Airways To Cancel All Flights

An anonymous reader quotes CNBC: British Airways canceled all flights from London’s Heathrow and Gatwick airports on Saturday as a global IT failure upended the travel plans of tens of thousands of people on a busy U.K. holiday weekend. The airline said it was suffering a “major IT systems failure” around the world. Chief executive Alex Cruz said “we believe the root cause was a power-supply issue and we have no evidence of any cyberattack.” He said the crash had affected “all of our check-in and operational systems.” BA operates hundreds of flights from the two London airports on a typical day — and both are major hubs for worldwide travel. Several hours after problems began cropping up Saturday morning, BA suspended flights up to 6 p.m. because the two airports had become severely congested. The airline later scrapped flights from Heathrow and Gatwick for the rest of the day. Read more of this story at Slashdot.

Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn

Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle ‘attack vector’ as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. “By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device, ” they write. Read more of this story at Slashdot.

More:
Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn

Bitcoin Price Hits Fresh Record High Above $2,200

An anonymous reader writes: Monday marks the seven-year anniversary of Bitcoin Pizza Day — the moment a programmer named Laszlo Hanyecz spent 10, 000 bitcoin on two Papa John’s pizzas. More important than the episode being widely recognized as the first transaction using the cryptocurrency is what it tells us about the bitcoin rally that saw it break through the $2, 100 mark on Monday. Bitcoin was trading as high as $2, 185.89 in the early hours of Monday morning, hitting a fresh record high, after first powering through the $2, 000 barrier over the weekend, according to CoinDesk data. Throughout the weekend, the value of cryptocurrency was looming around $2, 000. Read more of this story at Slashdot.

See more here:
Bitcoin Price Hits Fresh Record High Above $2,200

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.” Read more of this story at Slashdot.

Visit link:
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

1.9 Million Bell Customer Email Addresses Stolen By ‘Anonymous Hacker’

Bell, Canada’s largest telecommunications company, said a hacker had accessed customer information containing about 1.9 million active email addresses and about 1, 700 names and active phone numbers. The breach was not connected to the recent global WannaCry malware attacks, the company added. From a report: The information appears to have been posted online, but the company could not confirm the leaked data was one and the same. “There is no indication that any financial, password or other sensitive personal information was accessed, ” the company wrote in a statement. Bell said the incident was unrelated to the massive spike in ransomware infections that affected an estimated 200, 000 computers in more than 150 countries late last week. It is not clear when the breach occurred, how the data was accessed, or how long the attacker had access to Bell’s systems. Read more of this story at Slashdot.

HPE Unveils The Machine, a Single-Memory Computer Capable of Addressing 160 Terabytes

An anonymous reader quotes a report from VentureBeat: Hewlett Packard Enterprise announced what it is calling a big breakthrough — creating a prototype of a computer with a single bank of memory that can process enormous amounts of information. The computer, known as The Machine, is a custom-built device made for the era of big data. HPE said it has created the world’s largest single-memory computer. The R&D program is the largest in the history of HPE, the former enterprise division of HP that split apart from the consumer-focused division. If the project works, it could be transformative for society. But it is no small effort, as it could require a whole new kind of software. The prototype unveiled today contains 160 terabytes (TB) of memory, capable of simultaneously working with the data held in every book in the Library of Congress five times over — or approximately 160 million books. It has never been possible to hold and manipulate whole data sets of this size in a single-memory system, and this is just a glimpse of the immense potential of Memory-Driven Computing, HPE said. Based on the current prototype, HPE expects the architecture could easily scale to an exabyte-scale single-memory system and, beyond that, to a nearly limitless pool of memory — 4, 096 yottabytes. For context, that is 250, 000 times the entire digital universe today. Read more of this story at Slashdot.

Visit link:
HPE Unveils The Machine, a Single-Memory Computer Capable of Addressing 160 Terabytes

A Lowe’s Hardware Store Is Trialling Exoskeletons To Give Workers a Helping Hand

slew writes: Okay, this isn’t Aliens 2, but hardware chain Lowe’s is “outfitting employees with a simple exoskeleton to help them on the job, ” reports The Verge. “The company has partnered with Virginia Tech to develop the technology, which makes lifting and moving heavy objects easier. The non-motorized exoskeletons are worn like a harness, with carbon fiber rods acting as artificial tendons — bending when the wearer squats, and springing back when they stand up. Lowe’s has issued four of the custom-built suits to employees at a store in Christiansburg, Virginia. The equipment has been in use for over a month and the company says early feedback is extremely positive. ‘[Employees] wear it all day, it’s very comfortable, and it makes their job easier, ‘ says Kyle Nel, the director of Lowe’s Innovation Labs, adding that Lowe’s is working with scientists from Virginia Tech to conduct a proper survey of the technology’s usefulness. ‘It’s early days, but we’re doing some major studies, ‘ he says.” Read more of this story at Slashdot.

See the article here:
A Lowe’s Hardware Store Is Trialling Exoskeletons To Give Workers a Helping Hand

New Ransomware ‘Jaff’ Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It

An anonymous reader writes: The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed “Jaff”. Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky — like Jaff — also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes. “This is where the comparison ends, since the code base is different as well as the ransom itself, ” said Jerome Segura, a security researcher at Malwarebytes. “Jaff asks for an astounding 2 BTC, which is about $3, 700 at the time of writing.” Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed. And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday, or 13 million in total at the time it wrote up a blog post about the new threat. Read more of this story at Slashdot.

Originally posted here:
New Ransomware ‘Jaff’ Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It

Microsoft Finally Bans SHA-1 Certificates In Its Browsers

An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.

View the original here:
Microsoft Finally Bans SHA-1 Certificates In Its Browsers

Up To 1.4M More Fake Wells Fargo Accounts Possible

An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers’ permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs’ new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate — disclosed last year as part of a settlement with regulators — that up to 2.1 million accounts were opened without customers’ permission… The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Wells Fargo terminated 5, 300 employees for creating fake accounts, and their CEO now acknowledges that “we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values.” In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years. Read more of this story at Slashdot.

Excerpt from:
Up To 1.4M More Fake Wells Fargo Accounts Possible

Ken May

Tag: open source