‘Stegano’ Malvertising Exposes Millions To Hacking
December 13, 2016 by admin
Filed under Around The Net
Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html
Intel Looking Into Atomic Energy
May 25, 2016 by admin
Filed under Around The Net
Comments Off on Intel Looking Into Atomic Energy
Shortly after cancelling two generations of Atom mobile chips, Intel putting its weight behind future low-power mobile technologies with a new research collaboration with a French atomic energy lab.
Fundamental research leading towards faster wireless networks, secure low-power technologies for the Internet of Things, and even 3D displays will be the focus of Intel’s collaboration with the French Alternative Energies and Atomic Energy Commission (CEA).
Intel and the CEA already work together in the field of high-performance computing, and a new agreement signed Thursday will see Intel fund work at the CEA’s Laboratory for Electronics and Information Technology (LETI) over the next five years, according to Rajeeb Hazra, vice president of Intel’s data center group.
The CEA was founded in 1945 to develop civil and military uses of nuclear power. Its work with Intel began soon after it ceased its atmospheric and underground nuclear weapons test programs, as it turned to computer modeling to continue its weapons research, CEA managing director Daniel Verwaerde said Thursday.
That effort continues, but the organization’s research interests today are more wide-ranging, encompassing materials science, climate, health, renewable energy, security and electronics.
These last two areas will be at the heart of the new research collaboration, which will see scientists at LETI exchanging information with those at Intel.
Both parties dodged questions about who will have the commercial rights to the fruits of their research, but each said it had protected its rights. The deal took a year to negotiate.
“It’s a balanced agreement,” said Stéphane Siebert, director of CEA Technology, the division of which LETI is a part.
Who owns what from the five-year research collaboration may become a thorny issue, for French taxpayers and Intel shareholders alike, as it will be many years before it becomes clear which technologies or patents are important.
Hazra emphasized the extent to which Intel is dependent on researchers outside the U.S. The company has over 50 laboratories in Europe, four of them specifically pursuing so-called exa-scale computing, systems capable of billions of billions of calculations per second.
Source-http://www.thegurureview.net/mobile-category/intel-look-to-atomic-energy-for-mobile-technologys-future.html
Elon Musk Opens Gym For AI Programmers
Techie entrepreneur Elon Musk has rolled out an open-source training “gym” for artificial-intelligence programmers.
It’s an interesting move for a man who in 2014 said artificial intelligence, or A.I., will pose a threat to the human race.
“I think we should be very careful about artificial intelligence,” Musk said about a year and a half ago during an MIT symposium. “If I were to guess at what our biggest existential threat is, it’s probably that… with artificial intelligence, we are summoning the demon. In all those stories with the guy with the pentagram and the holy water, and he’s sure he can control the demon. It doesn’t work out.”
Today, Musk is moving to help programmers use A.I. and machine learning to build smart robots and smart devices.
“We’re releasing the public beta of OpenAI Gym, a toolkit for developing and comparing reinforcement learning (RL) algorithms,” wrote Greg Brockman, OpenAI’s CTO, and John Schulman, a scientist working with OpenAI, in a blog post . “We originally built OpenAI Gym as a tool to accelerate our own RL research. We hope it will be just as useful for the broader community.”
The OpenAI Gym is meant as a tool for programmers to use to teach their intelligent systems better ways to learn and develop more complex reasoning. In short, it’s meant to make smart systems smarter.
Musk is a co-chair of OpenAI, a $1 billion organization that was unveiled last December as an effort focused on advancing artificial intelligence that will benefit humanity.
While Musk has warned of what he sees as the perils of A.I., it’s also a technology that he needs for his businesses.
The OpenAI Gym is made up of a suite of environments, including simulated robots and Atari games, as well as a site for comparing and reproducing results.
It’s focused on reinforcement learning, a field of machine learning that involves decision-making and motor control.
According to OpenAI, reinforcement learning is an important aspect of building intelligent systems because it encompasses any problem that involves making a sequence of decisions. For instance, it could focus on controlling a robot’s motors so it’s able to run and jump, or enabling a system to make business decisions regarding pricing and inventory management.
Two major challenges for developers working with reinforcement learning are the lack of standard environments and the need for better benchmarks.
Musk’s group is hoping that the OpenAI Gym addresses both of those issues.
Source- http://www.thegurureview.net/aroundnet-category/elon-musk-opens-training-gym-for-ai-programmers.html
IBM Goes After Groupon
March 14, 2016 by admin
Filed under Around The Net
Comments Off on IBM Goes After Groupon
IBM has filed suit against online deals marketplace Groupon for infringing four of its patents, including two that emerged from Prodigy, the online service launched by IBM and partners ahead of the World Wide Web.
Groupon has built its business model on the use of IBM’s patents, according to the complaint filed Wednesday in the federal court for the District of Delaware. “Despite IBM’s repeated attempts to negotiate, Groupon refuses to take a license, but continues to use IBM’s property,” according to the computing giant, which is asking the court to order Groupon to halt further infringement and pay damages.
IBM alleges that websites under Groupon’s control and its mobile applications use the technology claimed by the patents-in-suit for online local commerce marketplaces to connect merchants to consumers by offering goods and services at a discount.
About a year ago, IBM filed a similar lawsuit around the same patents against online travel company Priceline and three subsidiaries.
To develop the Prodigy online service that IBM launched with partners in the 1980s, the inventors of U.S. patents 5,796,967 and 7,072,849 developed new methods for presenting applications and advertisements in an interactive service that would take advantage of the computing power of each user’s PC and reduce demand on host servers, such as those used by Prodigy, IBM said in its complaint against Groupon.
“The inventors recognized that if applications were structured to be comprised of ‘objects’ of data and program code capable of being processed by a user’s PC, the Prodigy system would be more efficient than conventional systems,” it added.
Groupon is also accused of infringing U.S. Patent No.5,961,601, which was developed to find a better way of preserving state information in Internet communications, such as between an online merchant and a customer, according to IBM. Online merchants can use the state information to keep track of a client’s product and service selections while the client is shopping and then use that information when the client decides to make a purchase, something that stateless Internet communications protocols like HTTP cannot offer, it added.
Source- http://www.thegurureview.net/aroundnet-category/ibm-files-patent-infringement-lawsuit-against-groupon.html
Is Microsoft A Risk?
Hewlett Packard Enterprise (HPE) has cast a shade on what it believes to be the biggest risks facing enterprises, and included on that list is Microsoft.
We ain’t surprised, but it is quite a shocking and naked fact when you consider it. The naming and resulting shaming happens in the HPE Cyber Risk Report 2016, which HPE said “identifies the top security threats plaguing enterprises”.
Enterprises, it seems, have myriad problems, of which Microsoft is just one.
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian, senior vice president and general manager for security products at HPE.
“We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”
Microsoft earned its place in the enterprise nightmare probably because of its ubiquity. Applications, malware and vulnerabilities are a real problem, and it is Windows that provides the platform for this havoc.
“Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction. Similar to 2014, the top 10 vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more,” explained the report.
“In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.”
It is not all bad news for Redmond, as the Google-operated Android is also put forward as a professional pain in the butt. So is iOS, before Apple users get any ideas.
“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year over year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation,” added the firm.
“As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent.
“Apple iOS represented the greatest growth rate with a malware sample increase of more than 230 percent.”
Courtesy-TheInq
Was WordPress Compromised Again?
The service set up by WordPress to better support WordPress has failed users by suffering a security breach and behaving just like the rest of the internet.
WordPress, and its themes, are often shone with the dark light of the security vulnerability, but we do not hear of WP Engine often. Regardless of that, it seems to do good business and is reaching out to those that it does business with to tell them what went wrong and what they need to do about it.
A reasonable amount of threat mitigation is required, and if you are affected by the issue you are going to have to change your password – again, and probably keep a cautious eye on the comings and goings of your email and financial accounts.
“At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance of caution, we are proactively taking security measures across our entire customer base,” says the firm in an urgent missive on its web pages.
“We have begun an investigation, however there is immediate action we are taking. Additionally, there is action that requires your immediate attention.”
That action, is probably to panic in the short term, and then to change your password and cancel out any instances of its re-use across the internet. You know the drill, this is a daily thing right. Judging by the WordPress statement we are in the early days of internal investigation.
“While we have no evidence that the information was used inappropriately, as a precaution, we are invalidating the following five passwords associated with your WP Engine account,” explains WordPress as it reveals the sale of its – actually, your, problem. “This means you will need to reset each of them.”
Have fun with that.
Courtesy-TheInq
Pawn Storm Hacking Develops New Tools For Cyberespionage
Comments Off on Pawn Storm Hacking Develops New Tools For Cyberespionage
A Russian cyberespionage group known as Pawn Storm has made use of new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.
Since August, the group has been engaged in an attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.
During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.
The Kaspersky Lab researchers believe that this module’s goal is to defeat so-called network air gaps, network segments where sensitive data is stored and which are not connected to the Internet to limit their risk of compromise.
However, it’s fairly common for employees in organizations that use such network isolation policies to move data from air-gapped computers to their workstations using USB thumb drives.
Pawn Storm joins other sophisticated cyberespionage groups, like Equation and Flame, that are known to have used malware designed to defeat network air gaps.
“Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena,” the Kaspersky researchers said in a blog post. “This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day.”
Source- http://www.thegurureview.net/aroundnet-category/pawn-storm-hacking-group-develops-new-tools-for-cyberespionage.html
Microsoft To Release Advanced Threat Analytics
Comments Off on Microsoft To Release Advanced Threat Analytics
Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.
ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.
That final release will happen in August, which should give you plenty of time to get your head around it.
Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.
— Kevin Jones (@vcsjones) May 4, 2015
Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.
“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.
“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.
“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”
The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.
“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.
“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”
A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.
Can Linux Succeed On The Desktop?
Every three years I install Linux and see if it is ready for prime time yet, and every three years I am disappointed. What is so disappointing is not so much that the operating system is bad, it has never been, it is just that who ever designs it refuses to think of the user.
To be clear I will lay out the same rider I have for my other three reviews. I am a Windows user, but that is not out of choice. One of the reasons I keep checking out Linux is the hope that it will have fixed the basic problems in the intervening years. Fortunately for Microsoft it never has.
This time my main computer had a serious outage caused by a dodgy Corsair (which is now a c word) power supply and I have been out of action for the last two weeks. In the mean time I had to run everything on a clapped out Fujitsu notebook which took 20 minutes to download a webpage.
One Ubuntu Linux install later it was behaving like a normal computer. This is where Linux has always been far better than Windows – making rubbish computers behave. I could settle down to work right? Well not really.
This is where Linux has consistently disqualified itself from prime-time every time I have used it. Going back through my reviews, I have been saying the same sort of stuff for years.
Coming from Windows 7, where a user with no learning curve can install and start work it is impossible. Ubuntu can’t. There is a ton of stuff you have to upload before you can get anything that passes for an ordinary service. This uploading is far too tricky for anyone who is used to Windows.
It is not helped by the Ubuntu Software Centre which is supposed to make like easier for you. Say that you need to download a flash player. Adobe has a flash player you can download for Ubuntu. Click on it and Ubuntu asks you if you want to open this file with the Ubuntu Software Center to install it. You would think you would want this right? Thing is is that pressing yes opens the software center but does not download Adobe flash player. The center then says it can’t find the software on your machine.
Here is the problem which I wrote about nearly nine years ago – you can’t download Flash or anything proprietary because that would mean contaminating your machine with something that is not Open Sauce.
Sure Ubuntu will download all those proprietary drivers, but you have to know to ask – an issue which has been around now for so long it is silly. The issue of proprietary drives is only a problem for those who are hard core open saucers and there are not enough numbers of them to keep an operating system in the dark ages for a decade. However, they have managed it.
I downloaded LibreOffice and all those other things needed to get a basic “windows experience” and discovered that all those typefaces you know and love are unavailable. They should have been in the proprietary pack but Ubuntu has a problem installing them. This means that I can’t share documents in any meaningful way with Windows users, because all my formatting is screwed.
LibreOffice is not bad, but it really is not Microsoft Word and anyone who tries to tell you otherwise is lying.
I download and configure Thunderbird for mail and for a few good days it actually worked. However yesterday it disappeared from the side bar and I can’t find it anywhere. I am restricted to webmail and I am really hating Microsoft’s outlook experience.
The only thing that is different between this review and the one I wrote three years ago is that there are now games which actually work thanks to Steam. I have not tried this out yet because I am too stressed with the work backlog caused by having to work on Linux without regular software, but there is an element feeling that Linux is at last moving to a point where it can be a little bit useful.
So what are the main problems that Linux refuses to address? Usability, interface and compatibility.
I know Ubuntu is famous for its shit interface, and Gnome is supposed to be better, but both look and feel dated. I also hate Windows 8′s interface which requires you to use all your computing power to navigate through a touch screen tablet screen when you have neither. It should have been an opportunity for Open saucers to trump Windows with a nice interface – it wasn’t.
You would think that all the brains in the Linux community could come up with a simple easy to use interface which lets you have access to all the files you need without much trouble. The problem here is that Linux fans like to tinker they don’t want usability and they don’t have problems with command screens. Ordinary users, particularly more recent generations will not go near a command screen.
Compatibly issues for games has been pretty much resolved, but other key software is missing and Linux operators do not seem keen to get them on board.
I do a lot of layout and graphics work. When you complain about not being able to use Photoshop, Linux fanboys proudly point to GIMP and say that does the same things. You want to grab them down the throat and stuff their heads down the loo and flush. GIMP does less than a tenth of what Photoshop can do and it does it very badly. There is nothing that can do what CS or any real desktop publishers can do available on Linux.
Proprietary software designed for real people using a desktop tends to trump anything open saucy, even if it is producing a technology marvel.
So in all these years, Linux has not attempted to fix any of the problems which have effectively crippled it as a desktop product.
I will look forward to next week when the new PC arrives and I will not need another Ubuntu desktop experience. Who knows maybe they will have sorted it in three years time again.
Google Continues A.I. Expansion
Google Inc is growing its artificial intelligence area, hiring more than half a dozen leading academics and experts in the field and announcing a partnership with Oxford University to “accelerate” its efforts.
Google will make a “substantial contribution” to establish a research partnership with Oxford’s computer science and engineering departments, the company said on Thursday regarding its work to develop the intelligence of machines and software, often to emulate human-like intelligence.
Google did not provide any financial details about the partnership, saying only in a post on its blog that it will include a program of student internships and a series of joint lectures and workshops “to share knowledge and expertise.”
Google, which is based in Mountain View, California, is building up its artificial intelligence capabilities as it strives to maintain its dominance in the Internet search market and to develop new products such as robotics and self-driving cars. In January Google acquired artificial intelligence company Deep Mind for $400 million according to media reports.
The new hires will be joining Google’s Deep Mind team, including three artificial intelligence experts whose work has focused on improving computer visual recognition systems. Among that team is Oxford Professor Andrew Zisserman, a three-time winner of the Marr Prize for computer vision.
The four founders of Dark Blue Labs will also be joining Google where they will be will be leading efforts to help machines “better understand what users are saying to them.”
Google said that three of the professors will hold joint appointments at Oxford, continuing to work part time at the university.