Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

PC Monitors Vulnerable To Hacking

August 12, 2016 by  
Filed under Security

Comments Off on PC Monitors Vulnerable To Hacking

You should probably be leery of what you see since, apparently, your computer monitor can be hacked.

Researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.

Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.

They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.

During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.

It wasn’t exactly an easy hack to pull off. To discover the vulnerability, both Cui and Kataria spent their spare time over two years, conducting research and understanding the technology inside the Dell monitor.

However, they also looked at monitors from other brands, including Samsung, Acer and Hewlett Packard, and noticed that it was theoretically possible to hack them in the same manner as well.

The key problem lies in the monitors’ firmware, or the software embedded inside. “There’s no security in the way they update their firmware, and it’s very open,” said Cui, who is also CEO of Red Balloon.

The exploit requires gaining access to the monitor itself, through the HDMI or USB port. Once done, the hack could potentially open the door for other malicious attacks, including ransomware.

For instance, cyber criminals could emblazon a permanent message on the display, and ask for payment to remove it, Kataria said. Or they could even spy on users’ monitors, by logging the pixels generated.

However, the two researchers said they made their presentation to raise awareness about computer monitor security. They’ve posted the code to their research online.

“Is monitor security important? I think it is,” Cui said.

Dell couldn’t be reached for immediate comment.

Source- http://www.thegurureview.net/computing-category/computer-monitors-are-also-vulnerable-to-hacking.html

Facebook Goes End To End

July 18, 2016 by  
Filed under Security

Comments Off on Facebook Goes End To End

Facebook Inc announced that it began testing end-to-end encryption on its popular Messenger application to prevent snooping on digital conversations.

The limited testing on Messenger, which has more than 900 million users, comes three months after Facebook rolled out end-to-end encryption to its more popular WhatsApp, a messaging application with over 1 billion users that it acquired in October 2014.

The move comes amid widespread global debate over the extent to which technology companies should help law enforcement snoop on digital communications.

End-to-end encryption is also offered on Apple Inc’s iMessage platform as well as apps including LINE, Signal, Viber, Telegram and Wickr.

Facebook Messenger uses the same encryption technology as WhatsApp, which uses a protocol known as Signal that was developed by privately held Open Whisper Systems.

“It seems well designed,” said Matthew Green, a Johns Hopkins University cryptologist who helped review an early version of the protocol for Facebook.

While WhatsApp messages are encrypted by default, Facebook Messenger users must turn on the feature to get the extra additional security protection, which scrambles communications so they can only be read on devices at either end of a conversation.

Facebook said that it was requiring users to opt in to encryption because the extra security is not compatible with some widely used Messenger features.

“Many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone,” the company said in an announcement on its website. “Secret conversations can only be read on one device and we recognize that experience may not be right for everyone.”

Facebook also said that Messenger users cannot send videos or make payments in encrypted conversations.

Courtesy-http://www.thegurureview.net/aroundnet-category/end-to-end-encryption-comes-to-facebook-messenger.html

Twitter Blocks Intelligence Agencies

May 17, 2016 by  
Filed under Around The Net

Comments Off on Twitter Blocks Intelligence Agencies

Twitter has prohibited a data-mining firm from providing analytics of real-time tweets to U.S. intelligence agencies, according to a Wall Street Journal report, quoting a person familiar with the matter.

Twitter, which provides Dataminr with real-time access to public tweets, seems to be trying to distance itself from appearing to aid government surveillance, a controversial issue after former National Security Agency contractor Edward Snowden revealed that the government was collecting information on users through Internet and telecommunications companies.

Executives of Dataminr told intelligence agencies recently that Twitter, which holds around 5 percent of the equity in the startup and provides the data feed, did not want the company to continue providing the service to the agencies.

Twitter’s move appears to be in line with its policy on the use of its tweet data by external companies.

“Dataminr uses public Tweets to sell breaking news alerts to companies such as Wall Street Journal parent Dow Jones and government agencies such as the World Health Organization, for non-surveillance purposes,” Twitter said in a statement Sunday. “We have never authorized Dataminr or any third party to sell data to a government or intelligence agency for surveillance purposes.”

U.S. intelligence agencies gained access to Dataminr’s service after In-Q-Tel, aventure capital organization backed by U.S. intelligence agencies, put money in the firm, the WSJ said, quoting a person familiar with the matter. Twitter is said to have conveyed to Dataminr that it didn’t want to continue the relationship with intelligence agencies at the end of a pilot by the data analysis firm arranged by In-Q-Tel. Dataminr does not figure in the list of In-Q-Tel portfolio companies on its website.

Source-http://www.thegurureview.net/uncategorized/twitter-blocks-intelligence-agencies-access-to-tweet-analytics.html

Is Samsung Preparing For A Price War?

April 27, 2016 by  
Filed under Computing

Comments Off on Is Samsung Preparing For A Price War?

Samsung Electronics changing its approach to its memory chip business and focus on market share over profit margins and the industry will suffer, according to one analyst.

Bernstein Research’s senior analyst Mark C. Newman said that the competitive dynamic in the memory chip industry is not as good as we thought due to Samsung’s aggressive and opportunistic behavior. This is analyst speak for Samsung is engaging in a supply and price war with the other big names in the memory chip marking business – SK hynix and Micron.

“Rather than sit back and enjoy elevated profit margins with a 40 percent market share in DRAMs, Samsung is intent on stretching their share to closer to 50 percent,” he said.

Newman said the company is gaining significant market share in the NAND sector.

“Although Samsung cares about profits, their actions have been opportunistic and more aggressive than we predicted at the expense of laggards particularly Micron Technology in DRAMs and SK hynix in NANDs,” he said.

SK hynix is expected to suffer. “In NAND, we see Samsung continuing to stretch their lead in 3D NAND, which will put continued pressure on the rest of the field. SK hynix is one of the two obvious losers.”

Newman said that Samsung’s antics have destroyed the “level of trust” among competitors, perhaps “permanently,” as demand has dropped drastically with PC sales growth down to high single digits in 2015 with this year shaping up to be the same.

“Sales of smartphones, the main savior to memory demand growth have also weakened considerably to single digit growth this year and servers with datacenters are not strong enough to absorb the excess, particularly in DRAM,” Newman said.

He is worried that Samsung could create an oversupply in the industry.

“The oversupply issue is if anything only getting worse, with higher than normal inventories now an even bigger worry. Although we were right about the shrink slowing, thus reducing supply growth, the flip side of this trend is that capital spending and R&D costs are soaring thus putting a dent in memory cost declines,” he said.

China’s potential entry into the market and new technologies will provide further worries “over the longer term.”

“Today’s oversupply situation would become infinitely worse if and when China’s XMC ramps up big amounts of capacity. New memory technologies such as 3D X-point, ReRAM and MRAM stand on the sidelines and threaten to cannibalize part of the mainstream memory market,” he said.

Courtesy-Fud

Symantec Has Some Flaws With SEP

April 1, 2016 by  
Filed under Computing

Comments Off on Symantec Has Some Flaws With SEP

Symantec has warned of three serious vulnerabilities in its Endpoint Protection (SEP) software, and is advising users to update their systems.

The bugs affect all builds of the 12.1 version of the SEP software, with the first two flaws allowing authorised but low privilege users of the software to gain elevated and administrative access to the management console, which can be accessed either locally or through a web-based portal.

The third bug is in the sysplant driver and enables users to bypass the SEP’s security controls and run malware and other malicious code on a targeted client machines.

“Exploitation attempts of this type generally use known methods of trust exploitation requiring enticing a currently authenticated user to access a malicious link or open a malicious document in a context such as a website or in an email,” said the security firm.

There have been no recorded exploits of the flaws, so it would appear that Symantec has squashed the bugs before they became a real-world problem for its customers.

The first two bugs were discovered by security researcher Anatoly Katyushin from rival firm Kaspersky Labs, which is a little embarrassing. Discovery of the third bug was credited to the enSilo Research Team.

Symantec advises SEP users to update their software to the 12.1 RU6 MP4 version. It also recommends that users should take precautions and restrict remote access to the management console in order to prevent hackers from attacking client systems through the web portal.

While hackers can direct sophisticated malware at even the most robustly secured systems, exploiting flaws in software offers an easier route into machines and networks, providing hackers get in before the bugs are discovered and patched.

Recent examples can be seen with the discovery of iOS malware which threatens iPhones through an Apple DRM flaw, and an error on Code.org’s website which saw the emails of its volunteers exposed.

Courtesy-TheInq

Triada Trojan Aims For Android Devices

March 17, 2016 by  
Filed under Security

Comments Off on Triada Trojan Aims For Android Devices

Kaspersky have found another scary trojan to wave under our noses and cause us to consider getting off the internet.

This one is called Triada and it targets Android devices with Windows-style malware swagger. Anyone running Android 4.4.4 and earlier is in trouble, according to Kaspersky, as they face an opponent created by “very professional cyber criminals” that can allow for in-app purchase theft and all the problems that come with privilege escalation.

And guess what? Android users dangle themselves in the way of the Triada threat when they download things from untrusted sources. Does no one listen to anything these days? Does it even matter? Kaspersky said in a blog post that the likely apps can “sometimes” make their way onto the official Android store.

There is something different about this attack. Kaspersky reports on a lot of these things, but Triada exploits Zygote, and that is a first.

“A distinguishing feature of this malware is the use of Zygote, the parent of the application process on an Android device that contains system libraries and frameworks used by every application installed on the device. In other words, it’s a demon whose purpose is to launch Android applications,” Kaspersky explained.

“This is the first time technology like this has been seen in the wild. Prior to this, a trojan using Zygote was known only as a proof-of-concept. The stealth capabilities of this malware are very advanced.

“After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using anti-malware solutions.”

The security firm added that the complexity of Triada’s functionality proves that professional cyber criminals with a deep understanding of the targeted mobile platform are behind the creation of this malware.

Kaspersky reckons that it is nigh on impossible to rid a device of the malware, and suggested that you might as well nuke your phone and start again.

Courtesy-TheInq

The Linux Foundation Goes Zephyr

March 4, 2016 by  
Filed under Computing

Comments Off on The Linux Foundation Goes Zephyr

The Linux Foundation has launched its Zephyr Project as part of a cunning plan to create an open source, small footprint, modular, scalable, connected, real-time OS for IoT devices.

While there have been cut-down Linux implementations before the increase in numbers of smart, connected devices has made something a little more specialized more important.

Zephyr is all about minimizing the power, space, and cost budgets of IoT hardware.
For example a cut down Linux needs 200KB of RAM and 1MB of flash, IoT end points, which will often be controlled by tiny microcontrollers.

Zephyr has a small footpoint “microkernel” and an even tinier “nanokernel.” All this enables it to be CPU architecture independent, run on as little as 10KB while being scalable.

It can still support a broad range of wireless and wired technologies and of course is entirely open saucy released under the Apache v2.0 License.

It works on Bluetooth, Bluetooth Low Energy, and IEEE 802.15.4 (6LoWPAN) at the moment and supports x86, ARM, and ARC architectures.

Courtesy-Fud

Android Is Coming To The Desktop

January 28, 2016 by  
Filed under Computing

Comments Off on Android Is Coming To The Desktop

Jide Technology has released an Alpha build of its much praised Remix OS version of Android, available free of charge.

The Android fork, which adds conventional desktop features such as a taskbar, start menu and support for multiple windows, has been a huge hit, overshadowing the implementation of Android revealed in Google’s recent high-end tablet the Pixel C.

The initial build, as ever, is designed to fish for bugs and aid developers. A beta will follow in the coming weeks. The Alpha doesn’t contain Google Mobile Services apps such as the Play store and Gmail, but the finished version will. In the meantime, users can sideload the gApps package or go to the Amazon Web Store.

There may also be problems with some video codecs, but we’re told this is a licensing issue which will be resolved in the final version too. In the meantime, the first release is perfectly useable.

Compatibility with most Android apps is instant, but the user community can ‘upvote’ their favourites on the Remix OS site to flag what’s working best in each category.

The company has already released a small desktop machine of its own, called the Remix Mini, the world’s first fully functioning Android PC, priced at just $70 after a successful Kickstarter campaign. It has also developed a 2-in-1 ultrabook, the Remix Ultra, and has licensed Remix OS to several Far East tablet manufacturers.

In this new move, the company has teamed up with Android-x86, a group that has been working on an executable version of Android for computers since 2009, to launch a Remix OS installer which will allow existing hardware to become Remix OS powered, or as a partition on a dual-boot machine.

A third option is to store the OS on a USB stick, meaning that you can make any computer your own. This technique has already been popular through the Keepod programme which offers Android on a stick to countries without access to high-speed computers.

The advantages of Remix OS to the developing world are significant. Bench tests have shown that Remix OS works significantly faster than Windows, which will potentially breathe new life into older machines and make modern machines run at previously impossible speeds.

Remix OS was designed by three ex-Google engineers and includes access to the full Google Apps suite and the Google Play store.

David Ko, co-founder of Jide Technology, said: “Today’s public release of Remix OS, based on Android-x86, is something that we’ve been working towards since we founded Jide Technology in 2014.

“All of us are driven by the goal of making computing a more accessible experience, and this free, public release allows us to do this. We believe Remix OS is the natural evolution of Android and we’re proud to be at the forefront of this change.”

The public Alpha will be available to download from Jide and android-x86 from 12 January, and a beta update is expected swiftly afterwards. The INQUIRER has been using a Remix Mini for over a month now, and a full review of the operating system is coming soon.

Courtesy-TheInq

Pawn Storm Hacking Develops New Tools For Cyberespionage

December 17, 2015 by  
Filed under Security

Comments Off on Pawn Storm Hacking Develops New Tools For Cyberespionage

A Russian cyberespionage group known as Pawn Storm has made use of new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.

Pawn Storm, also known as Sofacy, after its primary malware tool, has been active since at least 2007 and has targeted governmental, security and military organizations from NATO member countries, as well as media organizations, Ukrainian political activists and Kremlin critics.

Since August, the group has been engaged in an attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.

During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.

The Kaspersky Lab researchers believe that this module’s goal is to defeat so-called network air gaps, network segments where sensitive data is stored and which are not connected to the Internet to limit their risk of compromise.

However, it’s fairly common for employees in organizations that use such network isolation policies to move data from air-gapped computers to their workstations using USB thumb drives.

Pawn Storm joins other sophisticated cyberespionage groups, like Equation and Flame, that are known to have used malware designed to defeat network air gaps.

“Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena,” the Kaspersky researchers said in a blog post. “This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day.”

Source- http://www.thegurureview.net/aroundnet-category/pawn-storm-hacking-group-develops-new-tools-for-cyberespionage.html

Britain’s New Surveillance Plans Raises Privacy Concerns

November 16, 2015 by  
Filed under Around The Net

Comments Off on Britain’s New Surveillance Plans Raises Privacy Concerns

Britain has announced plans for sweeping new surveillance powers, including the right to find out which websites people visit, measures ministers say are vital to keep the country safe but which critics denounce as an assault on freedoms.

Across the West, debate about how to protect privacy while helping agencies operate in the digital age has raged since former U.S. intelligence contractor Edward Snowden leaked details of mass surveillance by British and U.S. spies in 2013.

Experts say part of the new British bill goes beyond the powers available to security services in the United States.

The draft was watered down from an earlier version dubbed a “snoopers’ charter” by critics who prevented it reaching parliament. Home Secretary Theresa May told lawmakers the new document was unprecedented in detailing what spies could do and how they would be monitored.

“It will provide the strongest safeguards and world-leading oversight arrangements,” she said. “And it will give the men and women of our security and intelligence agencies and our law enforcement agencies … the powers they need to protect our country.”

They would be able to require communication service providers (CSPs) to hold their customers’ web browsing data for a year, which experts say is not available to their U.S. counterparts.

“What the British are attempting to do, and what the French have already done post Charlie Hebdo, would never have seen the light of day in the American political system,” Michael Hayden, former director of the U.S. National Security Agency and Central Intelligence Agency, told Reuters.

May said that many of the new bill’s measures merely updated existing powers or spelled them out.

Police and spies’ access to web use would be limited to “Internet connection records” – which websites people had visited but not the particular pages – and not their full browsing history, she said.

“An Internet connection record is a record of the communications service that a person has used – not a record of every web page they have accessed,” May said. “It is simply the modern equivalent of an itemised phone bill.”

Source-http://www.thegurureview.net/aroundnet-category/britains-new-surveillance-plans-raise-ire-of-privacy-advocates.html

Next Page »