Tag: user agreement

Zero-day Flash bug under active attack in Windows threatens OS X, Linux too

A fragment of the shellcode exploiting a critical vulnerability in Adobe Flash. Kaspersky Lab A day after reports that attackers are exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser , researchers warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe’s ubiquitous Flash media player. The attacks were hosted on the Syrian Ministry of Justice website at hxxp://jpic.gov.sy and were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab. The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page. The attackers appear to be unrelated to those reported on Sunday who exploited a critical security bug in Internet Explorer, a Kaspersky representative told Ars. While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776  and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well. Adobe has updated all three versions to plug the hole. Because security holes frequently become much more widely exploited in the hours or days after they are disclosed, people on all three platforms should update as soon as possible . People using IE 10 and 11 on Windowws 8 will receive the update automatically, as will users of Google’s Chrome browser. It can sometimes take hours for the automatic updates to arrive. Those who are truly cautious should consider manually installing them. Read 4 remaining paragraphs | Comments

More here:
Zero-day Flash bug under active attack in Windows threatens OS X, Linux too

Bank robbers use KVM switch and 3G router to steal money

The networked KVM switch and 3G router used to rob a Barclays Bank branch remotely. Metropolitan Police, London Nine members of a London-based gang have been convicted  and three others are scheduled for sentencing in June for a series of electronic bank robberies. Using social engineering to install a remote-controlled keyboard-video-mouse (KVM) switch on bank PCs, the gang managed to transfer millions to outside accounts in two separate jobs in April and July of 2013. They were caught attempting to rob a third bank in September. Dean Outram, 32, entered all three banks claiming to be from a tech support contractor and saying he was there to repair computers. At each bank branch robbed, Outram installed a KVM switch and a 3G wireless router . From a “control center” in central London, others then used the KVM switches to gain access to the PCs of bank employees, remotely logging keystrokes and monitoring screen activity to get the information necessary to transfer funds from customers’ accounts to accounts controlled by the group. In the first attempt, the group managed to make 128 fund transfers totaling £1.3 million (about $2 million) in one day from a branch of Barclays Bank. The bank detected the fraud the same day and recovered about £600,000 ($1 million) of the funds before the gang drained the accounts. In its second attempt at another Barclays branch, the group was able to make off with £90,000 (about $150,000). Read 3 remaining paragraphs | Comments

Visit link:
Bank robbers use KVM switch and 3G router to steal money

Lucasfilm makes it official: New Star Wars films ignore Expanded Universe

Fan favorite Mara Jade is now consigned to the Star Wars Legends non-canonical label. Derek Herring / Sony A post on Starwars.com officially confirms what fans have been hearing for the past three months: the complex and detailed future history of the Star Wars universe that has been slowly accreting since the 1990s will be completely ignored by the new trilogy of films. Per the post, ” Star Wars Episodes VII-IX will not tell the same story told in the post- Return of the Jedi Expanded Universe.” The confirmation is being met with a mixed reaction from fans over on Star Wars uber-site TheForce.net . “Thank you for wasting 20 years of my life,” said one poster . “I honestly may be done with Star Wars at this point.” “The simple truth is that canon is whatever the license holder says it is. Fans need to wrap their heads around that,” responded another . Read 5 remaining paragraphs | Comments

Original post:
Lucasfilm makes it official: New Star Wars films ignore Expanded Universe

Covert Bitcoin miner found stashed in malicious Google Play apps

Lookout Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins. The malware, dubbed “BadLepricon” by its creators, was stowed away inside six separate wallpaper apps that had from 100 to 500 downloads each, according to a blog post published Thursday by researchers from Lookout, an anti-malware provider for smartphones. Google employees promptly removed the offending apps once Lookout reported them. It’s at least the second time in a month that third-party researchers have discovered cryptocurrency-mining apps available for download on Google servers. Four weeks ago, researchers from Trend Micro reported they found two apps downloaded from one million to five million times that mined the Litecoin and Dogecoin cryptocurrencies without explicitly informing end users. “These apps did fulfill their advertised purpose in that they provided live wallpaper apps, which vary in theme from anime girls to ‘epic smoke’ to attractive men,” Meghan Kelly, a Lookout security communications manager, wrote in Thursday’s blog post. “However, without alerting you in the terms of service, BadLepricon enters into an infinite loop where—every five seconds—it checks the battery level, connectivity, and whether the phone’s display was on.” Read 3 remaining paragraphs | Comments

View article:
Covert Bitcoin miner found stashed in malicious Google Play apps

In just one year, Zynga has lost nearly half of its daily active users

It’s been a rough year for Zynga, which has relegated founder Mark Pincus to being chairman of the board. Fortune Live Media Zynga needs some good news, and fast: in its Tuesday quarterly earnings filling, the company reported that its daily active users rose from 27 million in the last quarter of 2013 to 28 million this quarter. But when compared to the first quarter of 2013 , Zynga had 53 million daily active users—which means the company has lost about half of its most active players in a year. Just months after Zynga spent $527 million on NaturalMotion , maker of Clumsy Ninja , the embattled social gaming firm also announced that it ended its first quarter by losing over $61 million. At this time last year, the company had profited $4.1 million during the first three months of 2013. Still, the company’s chief executive tried to play the loss down. Read 3 remaining paragraphs | Comments

See the original article here:
In just one year, Zynga has lost nearly half of its daily active users

“Russian Facebook” founder flees country after being forced out as CEO

Pavel Durov, founder and former CEO of Vkontakte. Pavel Durov/VK Pavel Durov, the founder of Vkontakte (VK)—the largest social network in Russia—said on Tuesday that he fled the country one day after being forced out of the company, claiming that he felt threatened by Kremlin officials. In a  post on his profile page on Monday, Durov explained that he was fired from his position as CEO of VK and that the so-called “Russian Facebook” is now “under the complete control” of two oligarchs close to President Vladimir Putin. Durov explained that after seven years of relative social media freedom in Russia, his refusal to share user data with Russian law enforcement has set him at odds with the Kremlin, which has recently been trying to tighten its grip on the Internet, according to The Moscow Times . Read 7 remaining paragraphs | Comments

Excerpt from:
“Russian Facebook” founder flees country after being forced out as CEO

Using bugs—aphids, specifically—to spy on plants’ electrical communications

I’m catching some signals, fellow aphid. Are you? benimoto Internal communications in plants share striking similarities with those in animals, new research reveals . With the help of tiny insects, scientists were able to tap into this communication system. Their results reveal the importance of these communications in enabling plants to protect themselves from attack by insect pests. Like any organism, plants need to transport essential nutrients from one part to another. This is achieved by two parts of the plant: the xylem and the phloem. Xylem, which is largely made of dead cells, transports water and dissolved nutrients obtained by roots up to the aerial tissues of the plants. By contrast, the phloem is made up of living cells—active tubes that transport a syrupy sap, rich in sugars made by photosynthesis in the leaves. In the 1980s, scientists discovered that phloem cells also function as a communication system through which electrical signals travel, similar to the electrical signals transmitted through the neurons in your nervous system. Read 14 remaining paragraphs | Comments

More:
Using bugs—aphids, specifically—to spy on plants’ electrical communications

Active malware campaign steals Apple passwords from jailbroken iPhones

Sophos Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads. News of the malware, dubbed “unflod” based on the name of a library that’s installed on infected devices, first surfaced late last week on a pair of reddit threads here and here . In the posts, readers reported their jailbroken iOS devices recently started experiencing repeated crashes, often after installing jailbroken-specific customizations known as tweaks that were not a part of the official Cydia market , which acts as an alternative to Apple’s App Store. Since then, security researcher Stefan Esser has performed what’s called a static analysis on the binary code that the reddit users isolated on compromised devices. In a blog post reporting the results , he said unflod hooks into the SSLWrite function of an infected device’s security framework. It then scans it for strings accompanying the Apple ID and password that’s transmitted to Apple servers. When the credentials are found, they’re transmitted to attacker-controlled servers. Read 6 remaining paragraphs | Comments

Link:
Active malware campaign steals Apple passwords from jailbroken iPhones

Comcast bills lowered $2.4 million by scammers who accessed billing system

Alyson Hurt Two men pleaded guilty to a scam that lowered the bills of 5,790 Comcast customers in Pennsylvania by a total of $2.4 million. They now face prison time and will have to pay their ill-gotten wealth back to Comcast. 30-year-old Richard Justin Spraggins of Philadelphia pleaded guilty in February and was “ordered to make $66,825 in restitution and serve an 11- to 23-month sentence,” the Times-Herald of Norristown wrote at the time. Scaggins was described as the second-in-command of the operation. The accused ringleader, 30-year-old Alston Buchanan, pleaded guilty last week . “Buchanan faces up to 57½ to 115 years in prison, although Buchanan will likely serve a lesser sentence than the maximum,” the newspaper wrote. Read 3 remaining paragraphs | Comments

Read the original post:
Comcast bills lowered $2.4 million by scammers who accessed billing system

Digital Public Library of America to add millions of records to its archive

Aquarium, Battery Park, New York City [Postcard], ca. 1931. This is just one of the many resources you can find online through the DPLA website or through apps using its API. New York Aquarium Postcards collection of the Wildlife Conservation Society Archives. Via Empire State Digital Network. Today marks the Digital Public Library of America’s  one-year anniversary. To celebrate the occasion, the non-profit library network announced six new partnerships with major archives, including the US Government Printing Office and the J. Paul Getty Trust. The DPLA is best described as a platform that connects the online archives of many libraries around the nation into a single network. You can search all of these archives through the digital library’s website, and developers can build apps around the DPLA’s metadata collection using the publicly available API. It’s easy to find historical documents, public domain works, and vintage photos online through a search on the DPLA’s website, although sometimes a library will merely offer the data about an item, and retain the actual resource at the library. Still, having that data accessible through a single public portal is more useful for a researcher than having to search for it library by library. Read 7 remaining paragraphs | Comments

Visit link:
Digital Public Library of America to add millions of records to its archive