Submission + - "Process Doppelgänging" Attack Works on All Windows Versions (bleepingcomputer.com)

An anonymous reader writes: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelgänging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelgänging is somewhat similar to another technique called Process Hollowing, but with a twist, as it utilizes the Windows mechanism of NTFS Transactions.

"The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind."

Submission + - Protestors Hit the Streets to Fight the Gutting of Network Neutrality (freezenet.ca)

Dangerous_Minds writes: As the battle to save network neutrality rages on online, many are now hitting the streets. Freeznet is reporting that many are turning out during a national day of action to stop the gutting of network neutrality. The protests are being organized by Battle for the Net who also set up a website called Verizon Protests to monitor the ongoing day of action.

Submission + - The US Is Testing a Microwave Weapon To Stop North Korea's Missiles (vox.com)

An anonymous reader writes: According to an NBC News report, the weapon — which is still under development — could be put on a cruise missile and shot at an enemy country from a B-52 bomber. It’s designed to use microwaves to target enemy military facilities and destroy electronic systems, like computers, that control their missiles. The weapon itself wouldn’t damage the buildings or cause casualties. Air Force developers have been working with Boeing on the system since 2009. They’re hoping to receive up to $200 million for more prototyping and testing in the latest defense bill. There’s just one problem. It’s not clear that the weapon is entirely ready for use — and it’s not clear that it would be any more effective than the powerful weapons the U.S. already possesses. The weapon, which has the gloriously military-style name of Counter-electronics High Power Microwave Advanced Missile Project, or CHAMP, isn’t quite ready for action, but it could be soon. Two unnamed Air Force officials told NBC that the weapon could be ready for use in just a few days.

Submission + - What It Looks Like When You Fry Your Eye In An Eclipse (npr.org)

An anonymous reader writes: Doctors in New York say a woman in her 20s came in three days after looking at the Aug. 21 eclipse without protective glasses. She had peeked several times, for about six seconds, when the sun was only partially covered by the moon. Four hours later, she started experiencing blurred and distorted vision and saw a central black spot in her left eye. The doctors studied her eyes with several different imaging technologies, described in the journal JAMA Ophthalmology, and were able to observe the damage at the cellular level.

"We were very surprised at how precisely concordant the imaged damage was with the crescent shape of the eclipse itself," noted Dr. Avnish Deobhakta, an assistant professor of ophthalmology at the New York Eye and Ear Infirmary of Mount Sinai Icahn School of Medicine, in an email to NPR. He says this was the most severely injured patient they saw after the eclipse. All in all, 22 people came to their urgent care clinic with concerns about possible eclipse-related damage, and most of them complained of blurred vision. Of those, only three showed some degree of abnormality in the retina. Two of them had only mild changes, however, and their symptoms have gone away. The young woman described in this case report, at last check, still has not recovered normal vision.

Submission + - NIST Update to Cybersecurity Framework

Presto Vivace writes: Update to Cybersecurity Framework

NIST published the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity . This second draft update aims to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use. This latest draft reflects comments received to date, including those from a public review process launched in January 2017 and a workshop in May 2017.

NIST Cybersecurity Framework Draft Version 1.1 Public comments on the draft Framework and Roadmap are due to NIST via cyberframework@nist.gov by 11:59 pm EST on Friday, January 19, 2018. If you have an opinion about this, NOW is the time to express it.

Submission + - Risks of Google Home and Amazon Echo as 24/7 Bugs (vortex.com)

Lauren Weinstein writes: One of the most frequent questions that I receive these days relates to the privacy of “smart speaker” devices such as Google Home, Amazon Echo, and other similar devices appearing from other firms.
As these devices proliferate around us — driven by broad music libraries, powerful AI assistants, and a rapidly growing pantheon of additional capabilities — should we have privacy concerns?

Or more succinctly, should we worry about these “always on” microphones being subverted into 24/7 bugging devices?

The short and quick answer is yes. We do need to be concerned.

The full and more complete answer is decidedly more complicated and nuanced.

Submission + - Inside Oracle's cloak-and-dagger political war with Google (recode.net)

schwit1 writes: The story that appeared in Quartz this November seemed shocking enough on its own: Google had quietly tracked the location of its Android users, even those who had turned off such monitoring on their smartphones.

But missing from the news site’s report was another eyebrow-raising detail: Some of its evidence, while accurate, appears to have been furnished by one of Google’s fiercest foes: Oracle.

For the past year, the software and cloud computing giant has mounted a cloak-and-dagger, take-no-prisoners lobbying campaign against Google, perhaps hoping to cause the company intense political and financial pain at a time when the two tech giants are also warring in federal court over allegations of stolen computer code.

Since 2010, Oracle has accused Google of copying Java and using key portions of it in the making of Android. Google, for its part, has fought those claims vigorously. More recently, though, their standoff has intensified. And as a sign of the worsening rift between them, this summer Oracle tried to sell reporters on a story about the privacy pitfalls of Android, two sources confirmed to Recode.

To be sure, the substance of Quartz’s story — Google’s errant location tracking — checks out. Google itself acknowledged the mishap and said it ceased the practice. Nor does Oracle stand alone in raising red flags about Google at a time when many in the nation’s capital are questioning the power and reach of large web platforms.

Still, Oracle’s campaign is undeniable.

Submission + - Commercial Spyware is out of Control (wired.com)

mspohr writes: Investigation of an Ethiopian spyware ring exposed widespread abuse of commercial spyware. https://citizenlab.ca/2017/12/...
"This report describes a campaign of targeted malware attacks apparently carried out by Ethiopia from 2016 until the present. In the attacks we document, targets receive via email a link to a malicious website impersonating an online video portal. When a target clicks on the link, they are invited to download and install an Adobe Flash update (containing spyware) before viewing the video. In some cases, targets are instead prompted to install a fictitious app called “Adobe PdfWriter” in order to view a PDF file. Our analysis traces the spyware to a heretofore unobserved player in the commercial spyware space: Israel’s Cyberbit, a wholly-owned subsidiary of Elbit Systems. The spyware appears to be a product called PC Surveillance System (PSS), recently renamed PC 360."
The authors recommend measures to help control this problem:
https://citizenlab.ca/2017/12/...

Submission + - Bank of America Wins Patent for Crypto Exchange System (coindesk.com)

psnyder writes:

[The patent] outlined a potential cryptocurrency exchange system that would convert one digital currency into another. Further, this system would be automated, establishing the exchange rate between the two currencies based on external data feeds.

The patent describes a potential three-part system, where the first part would be a customer’s account and the other two would be accounts owned by the business running the system. The user would store their chosen cryptocurrency through the customer account.

The second account, referred to as a "float account," would act as a holding area for the cryptocurrency the customer is selling, while the third account, also a float account, would contain the equivalent amount of the cryptocurrency the customer is converting their funds to.

That third account would then deposit the converted funds back into the original customer account for withdrawal.


Submission + - Toyota's New Power Plant Will Create Clean Energy from Manure (usatoday.com)

schwit1 writes: Japanese automobile giant Toyota is making some exciting moves in the realm of renewable, clean energy. The company is planning to build a power plant in California that turns the methane gas produced by cow manure into water, electricity, and hydrogen. The project, known as the Tri-Gen Project, was unveiled at this year's Los Angeles Auto Show. The plant, which will be located at the Port of Long Beach in California, will be "the world’s first commercial-scale 100% renewable power and hydrogen generation plant," writes USA Today. Toyota is expecting the plant to come online in about 2020.

The plant is expected to have the capability to provide enough energy to power 2,350 average homes and enough fuel to operate 1,500 hydrogen-powered vehicles daily. The company is estimating the plant to be able to produce 2.35 MW of electricity and 1.2 tons of hydrogen each day. The facility will also be equipped with one of the largest hydrogen fueling stations in the world. Toyota's North America group vice president for strategic planning, Doug Murtha, says that the company "understand[s] the tremendous potential to reduce emissions and improve society."

Submission + - Cloud database debased: Keyboard app leaks 31M users' sensitive data (techbeacon.com)

An anonymous reader writes: Once again, it’s time to play “spot the unsecured cloud data.” In this week’s episode...

A popular virtual keyboard app on iOS and Android, a.i.type, left a huge Mongo database just kinda lying around and exposed to the Internet. Not only that, but the leak revealed the amazing extent to which the app collected users’ personal, sensitive data.

Will stories like this ever stop?

Submission + - Google, Chance The Rapper Host $1.5M 'Hour of Code' for Chicago Public Schools

theodp writes: In case you didn't notice the 'Coding for Carrots' Google Doodle (or get $100 for steering kids to Google's 'Hour of Code' lesson), this week is Computer Science Education Week. And on the third day of CsEdWeek, Google announced it was teaming up with Chance The Rapper to bring computer science to Chicago Public Schools (CPS). From the Official Google Blog: "Today, 5th grade students at Adam Clayton Powell Jr. Academy in Chicago got a surprise. It was cool enough that they were doing a coding activity with Chicago Googlers as a part of Computer Science Education Week-but then another Chicago native joined the fun. When Chance The Rapper arrived, there were shouts of excitement and delight, and Chance even gave coding a try. SocialWorks, a non profit co-founded by Chance, is on a mission to expose youth across the city to programming and to ensure they have the support necessary to reach their full potential-with access to arts, music, and coding as a means to express themselves. Today’s visit reinforced that computer science is a part of that mission. Shortly after Chance made his coding debut, Alphabet Senior Vice President of Corporate Development, David Drummond, announced that Google.org is donating $1.5 million to to bring computer science education to students in Chicago, with $500,000 going to Chicago Public Schools’ CS4All Initiative and $1 million to SocialWorks." Chance tweeted, "Today @Google funded coding classes for 20 schools on the south and west sides. God bless everyone involved. Thank you." In 2016, less than 48 hours after the Chicago Public Schools hosted a three-hour "soiree" at Google's brand-new Chicago HQ, the CPS Board of Education voted unanimously to make CS a graduation requirement for all high school students in the nation's third largest school district. A comprehensive K-12 CS program for Chicago Public School students — including a partnership with then-nascent Code.org — was announced by Chicago Mayor Rahm Emanuel to kick off the first Hour of Code in December 2013.

Submission + - Victims of Mystery Attacks In Cuba Left With Anomalies In Brain Tissue (arstechnica.com)

An anonymous reader writes: American victims of mysterious attacks in Cuba have abnormalities in their brains’ white matter, according to new medical testing reported by the Associated Press. But, so far, it’s unclear how or if the white-matter anomalies seen in the victims relate to their symptoms. White matter is made up of dense nerve fibers that connect neurons in different areas of the brain, forming networks. It gets its name from the light-colored electrical insulation, myelin, that coats the fibers. Overall, the tissue is essential for rapidly transmitting brain signals critical for learning and cognitive function.

In August, U.S. authorities first acknowledged that American diplomats and their spouses stationed in Havana, Cuba, had been the targets of puzzling attacks for months. The attacks were carried out by unknown agents and for unknown reasons, using a completely baffling weaponry. The attacks were sometimes marked by bizarrely targeted and piercing noises or vibrations, but other times they were completely imperceptible. Victims complained of a range of symptoms, including dizziness, nausea, headaches, balance problems, ringing in the ears (tinnitus), nosebleeds, difficulty concentrating and recalling words, permanent hearing loss, and speech and vision problems. Doctors have also identified mild brain injuries, including swelling and concussion.

Submission + - ReactOS 0.4.7 Released (reactos.org)

jeditobe writes: OS News reports that the latest version of ReactOS has been released:
"ReactOS 0.4.7 has been released, and it contains a ton of fixes, improvements, and new features. Judging by the screenshots, ReactOS 0.4.7 can run Opera, Firefox, and Mozilla all at once, which is good news for those among us who want to use ReactOS on a more daily basis. There's also a new application manager which, as the name implies, makes it easier to install and uninstall applications, similar to how package managers on Linux work. On a lower level, ReactOS can now deal with Ext2, Ext3, Ext4, BtrFS, ReiserFS, FFS, and NFS partitions."
General notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.7 is also available. ISO images are ready at the ReactOS Download page.

Slashdot Top Deals