Is Russia Behind Recent US Malware Attacks?
Comments Off on Is Russia Behind Recent US Malware Attacks?
It would appear that while the US has been blaming China for all its cyber break-ins it appears to be ignoring Tsar Putin’s elite hacking team for the last seven years.
For the past seven years, a cyberespionage group operating out of Russia on the orders of Tsar Putin have been conducting a series of malware campaigns targeting governments, political think tanks and other organizations.
Researchers at F-Secure have been looking into the antics of an outfit called “the Dukes” which has been active since at least 2008. The group has evolved into a methodical developer of “zero-day” attacks, pulling together their own research with the published work of other security firms to provide a more detailed picture of the people behind a long-running family of malware.
The Dukes specialize in “smash and grab” attacks on networks, but have also used subtle, long-term intrusions that harvested massive amounts of data from their targets.
The group’s targets do include criminal organisations operating in the Russian Federation, which suggest there is some form of policing element to it. But they are mostly interested in Western governments and related organisations, such as government ministries and agencies, political think tanks and governmental subcontractors.
F-Secure team wrote. “Their targets have also included the governments of members of the Commonwealth of Independent States; Asian, African, and Middle Eastern governments; organisations associated with Chechen terrorism; and Russian speakers engaged in the illicit trade of controlled substances and drugs.”
The group was named after its earliest-detected malware, known as PinchDuke. Its targets were associated with the Chechen separatist movement. Later that year they were going after Western governments and organisations in search of information about the diplomatic activities of the United States and the NATO.
Most of the attacks used spear phishing emails as the means of injecting malware onto targeted systems, one of their attacks have spread malware through a malicious Tor exit node in Russia, targeting users of the anonymising network with malware injections into their downloads.
The targets have always followed Russian government interests. There are a number of Russian-language artifacts in some of the malware, including an error message in PinchDuke. GeminiDuke also used timestamps that were adjusted to match Moscow Standard time.
Before the beginning of the Ukraine crisis, the group began using a number of decoy documents in spear phishing attacks that were related to Ukraine. They included a letter undersigned by the First Deputy Minister for Foreign Affairs of Ukraine.
However, after the crisis happened the attacks dropped off suggesting that it was an intelligence gathering operation. It is also a big operation, which, if operating in Russia would most likely require state acknowledgement, if not outright support.
Source-http://www.thegurureview.net/computing-category/is-russia-behind-us-malware-attacks.html
Yahoo Unveils Livetext Mobile Messaging App
August 11, 2015 by admin
Filed under Around The Net
Comments Off on Yahoo Unveils Livetext Mobile Messaging App
Yahoo unveiled a mobile messaging app that combines texting with live one-on-one video.
The app, named Livetext, is video calling with a twist: there’s no audio. To communicate, users type texts and emojis that are overlaid onto the screen during the call.
The app’s format might sound restricting, but Yahoo says Livetext will help users to communicate more freely. The lack of audio, the company says, removes inhibitions that people might feel when they otherwise receive video calls in public.
“We wanted to bridge the gap between the simplicity and ease of texting, with the live feeling of calling,” said Adam Cahan, senior vice president of video, design and emerging products at Yahoo, during the app’s unveiling at an event in New York on Wednesday that was webcast.
Livetext was developed from scratch at Yahoo. Its development was aided by Yahoo’s acquisition last year of mobile messaging app MessageMe, the company said Wednesday. It’s yet another messaging app in a sea of competitors like Snapchat, WhatsApp and Facebook Messenger.
Still, Livetext is the latest attempt by Yahoo to provide a messaging app that resonates with users. It became available to download for free on Thursday for iOS and Android, in the U.S., U.K, Canada, Ireland, Germany, France, Hong Kong and Taiwan. Users will be able to text in English, French, German and Chinese using the app.
The app streams video only when two people are connected through the app at the same time. Users can search for friends in the app through their Livetext user name, or through the contacts list on their phone.
There is no time limit on calls placed through the app, and no way to save or archive the sessions. The video quality will depend on the strength of the data connection, although connections at 3G and above should suffice, Yahoo said.
It’s available on Android and the desktop, but not on iOS.
Microsoft Unveils ‘Send’ Mobile App
Microsoft unveiled a mobile-minded alternative to email that’s focused primarily on short, quick messages.
Named Send, the new tool aims to deliver a simple experience much like that offered by text messaging or instant messaging software but without the need to know a co-worker’s mobile number or username. Instead, Send lets users quickly fire off a message to any co-worker using just their email address; no subject line, salutations or signatures are required.
“On my way,” might be one example, or “Are you in the office today?”
The app connects to Office 365 business and school email accounts to find frequent and recent contacts; users need only tap on one to start a conversation. A “Quick Reply” option allows for speedy responses.
That Office 365 connection, meanwhile, also means conversations are synced with Outlook, letting users continue them from anywhere. Messages sent using Send are treated internally like any other work email and comply with an organization’s email compliance policies, Microsoft said.
Send is now available free for iPhone through the Microsoft Garage in the U.S. and Canada. Versions for Windows Phone and Android are coming soon, as are additional IT controls. Currently the app works with Office 365 business and school email accounts, but Microsoft plans to make it more broadly available in the coming months, it said.
Microsoft To Open Source Radio Code
Microsoft has begun to open source some more of its code, this time for the Microsoft Research Software Radio (Sora).
“We believe that a fully open source Sora will better support the research community for more scientific innovation,” said Kun Tan, a senior researcher on the Sora project team.
Sora was created to combat the problem of creating software radio that could keep up with the hardware developments going on around it.
The idea behind it is to run the radio off software on a multi-core PC running a basic operating system. In the example, it uses Windows. But then it would.
A PCIe radio control board is added to the machine with signals processed by the software for transmission and reception, while the RF front-end, with its own memory, interfaces with other devices.
The architecture also supports parallel processing by distributing processing pipelines to multiple cores exclusively for real-time SDR tasks.
Sora has already won a number of awards, and the Sora SDK and API were released in 2011 for academic users. More than 50 institutions now use it for research or courses.
As such, and in line with the groovy open Microsoft ethos, the software has now been completely open sourced, with customizable RF front-ends, customizable RCB with timing control and synchronization, processing accelerators and support for new communication models such as duplex radios.
The Sora source code is now up on GitHub. Use cases already in place include TV whitespace, large scale MIMO and distributed MIMO systems.
Microsoft has made a number of moves towards open sourcing itself over the past year. Most notably, The .NET Framework at the heart of most Windows programs was offered up to the newly created .NET Foundation.
It was announced yesterday that Google is releasing its Kubernetes code to the Linux Foundation to set up a standardized format for containerization.
Is Mastercard Going With Selfies?
July 17, 2015 by admin
Filed under Around The Net
Comments Off on Is Mastercard Going With Selfies?
Mastercard has announced plans to roll out a verification technology that requires a selfie to process payments. The industry’s latest move in the shameless act of narcissism is a biometric face scanning technology that will let customers replace their PINs with their face, according to MasterCard chief product security officer, Ajay Bhalla. Bhalla told CNN Money that the multinational financial services corporation has teamed up with all the major phone manufacturers to deliver the technology. “The new generation, which is into selfies, I think they’ll find it cool. They’ll embrace it. This [app] seamlessly integrates biometrics into the overall payment experience,” he said. “You can choose to use your fingerprint or your face. You tap it, the transaction is OK’ed and you’re done.” The selfie payment feature will roll out on a trial basis first in the US, with a full scale deployment to follow at an unspecified date. The system requires users to blink when prompted once they have held their device at eye-level for the checkout process to complete. This ensures that potential cyber crooks cannot use a still image of the user to hack into their personal account. MasterCard announced last month that all retail outlets across Europe will accept contactless payments by 2020, paving the way for wider adoption of mobile payment solutions. Mike Cowan, head of emerging payments products at MasterCard, revealed at the company’s Future of Payments event in London that Europeans will soon be able to tap to pay anywhere. “From the beginning of 2016 any new payment terminal that gets deployed must accept contactless, and every single terminal must accept it by 2020,” he said. This means that new point of sale terminals must adhere to the new standard on deployment from 1 January 2016, while existing terminals that don’t yet support contactless payments must be replaced by 1 January 2020 at the latest. Source
Cisco Warns Of Bug In Virtual App
Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.
The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.
It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.
Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.
The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.
“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.
“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”
Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.
The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.
Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.
Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.
The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.
Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.
Yahoo Beefs Up Mobile Search
July 2, 2015 by admin
Filed under Around The Net
Comments Off on Yahoo Beefs Up Mobile Search
Yahoo is beefing up its search service on mobile devices, following Google’s lead by highlighting content such as images, videos and reviews ahead of regular search results
The changes will apply to Yahoo search on the mobile web in the U.S., in browsers such as Safari and Chrome. Yahoo’s mobile app and desktop site already provide some additional content within results.
A search on the mobile web for Barack Obama, for instance, displays information about him from Wikipedia, such as his height and birth date, as well as links to news, images and YouTube videos. In one search Thursday, the videos included some curious choices, including “Barack Obama is Illuminati.”
Google already highlights a variety of content related to search queries, including news and related tweets, as well as links to other services like Maps. Microsoft’s Bing does something similar.
Because Yahoo is playing catch-up, the changes might not attract many new users, but they could help it retain people who use Yahoo for mobile searches today.
In the last quarter of 2014, mobile accounted for half of Yahoo’s search traffic in North America, up from 32 percent during the same period in 2013, according to research firm eMarketer.
Qualcomm Has A Plethora Of Automobile Modems
Comments Off on Qualcomm Has A Plethora Of Automobile Modems
Qualcomm had an IoT event in San Francisco yesterday and the company wanted to talk a bit more about IoT, also known as Internet of Things. They started off with a catchy phrase – Internet of Hype to Internet of Everything.
Dave Aberle said that up to a billion dollars in revenue is coming from the non-mobile market. More than 10 pecent of Qualcomm revenue will come from the non-headset market. They call this market Internet of Everything, but we believe that not all of that market should be called IoT.
IoT is not just the wearable market; it is car modems, connected speakers, action cameras, some smart SanDisk storage solutions, home automation kit and more. Aberle mentioned that Qualcomm has 40 car design wins in the market with 15 different OEMs. We saw some names including Audi on the slide, but the list of obviously much longer.
Qualcomm is the leader in connected car and 4G LTE market, while Nvidia is the leader in Infotainment car systems, having some huge customers behind it, including the Volkswagen Group.
Qualcomm wants to expand its presence in IoT, including automotive solutions, and we expect more IoT designs from them in the near future.
Apple Pay Headed To Canada
April 29, 2015 by admin
Filed under Around The Net
Comments Off on Apple Pay Headed To Canada
Apple Inc is gearing up to launch its electronic payments service in Canada in November, the first international expansion of Apple Pay, the Wall Street Journal reported, citing people familiar with the matter.
The iPhone maker is in talks with Canada’s six biggest banks, Royal Bank of Canada, Toronto-Dominion Bank , Bank of Nova Scotia, Bank of Montreal, Canadian Imperial Bank of Commerce and National Bank of Canada, the people told the Journal.
The banks are open to an agreement, but are not happy with Apple’s fee proposals and are worried about security vulnerabilities like the ones that U.S. banks experienced, the Journal said, citing the people.
It was still unclear if all six Canadian banks would launch Apple Pay at the same time, the Journal said.
Apple launched the service, a mobile payment app that allows consumers to buy things by holding their iPhone6 and 6 Plus devices up to a reader, in the United States in October.
Panasonic Appears To Be On The Hunt
April 8, 2015 by admin
Filed under Around The Net
Comments Off on Panasonic Appears To Be On The Hunt
Japanese electronics giant Panasonic Corp said it is gearing up to spend 1 trillion yen ($8.4 billion) on acquisitions over the next four years, bolstered by a stronger profit outlook for its automotive and housing technology businesses.
Chief Executive Kazuhiro Tsuga said at a briefing on Thursday that Panasonic doesn’t have specific acquisition targets in mind for now. But he said the firm will spend around 200 billion yen on M&A in the fiscal year that kicks off in April alone, and pledged to improve on Panasonic’s patchy track record on big deals.
“With strategic investments, if there’s an opportunity to accelerate growth, you need funds. That’s the idea behind the 1 trillion yen figure,” he said. Tsuga has spearheaded a radical restructuring at the Osaka-based company that has made it one of the strongest turnaround stories in Japan’s embattled technology sector.
Tsuga previously told Reuters that company was interested in M&A deals in the European white goods market, a sector where Panasonic has comparatively low brand recognition.
The firm said on Thursday it’s targeting operating profit of 430 billion yen in the next fiscal year, up nearly 25 percent from the 350 billion yen it expects for the year ending March 31.
Panasonic’s earnings have been bolstered by moving faster than peers like Sony Corp and Sharp Corp to overhaul business models squeezed by competition from cheaper Asian rivals and caught flat-footed in a smartphone race led by Apple Inc and Samsung Electronics. Out has gone reliance on mass consumer goods like TVs and smartphones, and in has come a focus on areas like automotive technology and energy-efficient home appliances.
Tsuga also sought to ease concerns that an expensive acquisition could set back its finances, which took years to recover from the deal agreed in 2008 to buy cross-town rival Sanyo for a sum equal to about $9 billion at the time.