Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Lithuanian Arrested For $100 Million BEC Scams (helpnetsecurity.com)

Orome1 writes: Criminal charges were announced against Evaldas Rimasauskas for orchestrating a fraudulent business email compromise (BEC) scheme that induced two U.S.-based Internet companies to wire a total of over $100 million to bank accounts controlled by Rimasauskas. Rimasauskas is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison.

Submission + - How The Necurs Botnet Influences The Stock Market (helpnetsecurity.com)

Orome1 writes: After a three-months-long partial hiatus, the Necurs botnet is back to flinging spam emails left and right. ut unlike before the break, when it was mostly delivering the infamous Locky ransomware or the Dridex banking Trojan, the botnet is now engaged in distributing emails with no malicious attachment or link. According to Cisco Talost researchers, the botnet has been spotted firing off short-lasting but sizeable bursts of penny stock pump-and-dump emails.

Submission + - Burglars Can Easily Make Google Nest Security Cameras Stop Recording (helpnetsecurity.com)

Orome1 writes: Google Nest’s Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that’s in their Bluetooth range. The vulnerabilities are present in the latest firmware version running on the devices (v5.2.1). They were discovered by researcher Jason Doyle last fall, and their existence responsibly disclosed to Google, but have still not been patched.
Microsoft

Windows 10 Will Download Some Updates Even Over a Metered Connection (winsupersite.com) 319

Reader AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for "smooth operation" to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face massive bills.
Education

In 18 Years, A College Degree Could Cost About $500,000 (buzzfeed.com) 372

An anonymous reader shares a report: People worried about college affordability today can at least take this to heart: it could get much, much worse. Tuition has been rising by about 6% annually, according to investment management company Vanguard. At this rate, when babies born today are turning 18, a year of higher education at a private school -- including tuition, fees, and room and board -- will cost more than $120,000, Vanguard said. Public colleges could average out to $54,000 a year. That means without financial aid, the sticker price of a four-year college degree for children born today could reach half a million dollars at private schools, and a quarter million at public ones. That's for a family with one kid; those with more could be facing a bill that reaches seven figures.

Submission + - Hijacking Windows User Sessions With Built-In Command Line Tools (helpnetsecurity.com)

Orome1 writes: Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in Windows user without knowing that user’s password? He or she can perform the action if they have physical access to the target’s machine, but also remotely via Remote Desktop Protocol (RDP).

Submission + - U.S. Charges Russian FSB Officers For Hacking Yahoo, Millions Email Accounts (helpnetsecurity.com) 1

Orome1 writes: A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. "People rightly expect that their communications through Silicon Valley internet providers will remain private, unless lawful authority provides otherwise. We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely,” said U.S. Attorney Brian Stretch for the Northern District of California.
Security

Hundreds of Verified Twitter Accounts Compromised, Post Swastikas, Pro-Erdogan Content (bloomberg.com) 289

From a report on Bloomberg: At least 25 verified international Twitter accounts (Editor's note: other outlets are saying the number is in hundreds) have posted content supporting Turkish President Recep Tayyip Erdogan in his feud with Germany and the Netherlands, with hashtags reading, in Turkish, "NaziGermany" and "NaziHolland." The accounts that were hacked include international news organizations such as the German newspaper Die Welt, Forbes Magazine, BBC North America, and Reuters Japan. It also targeted the Twitter accounts of the European Parliament, French politicians like Alain Juppe, Sprint Corp's CEO and President Marcelo Claure, among others. Gizmodo adds:It was an incredibly bad week for Dutch-Turkish relations. Turkish voters go to the polls next month on April 16th to decide whether President Erdogan should be given more powers. In the lead up to this vote, Turkish diplomats in the Netherlands had been speaking at Dutch rallies to Turkish ex-pats in support of the referendum. But Dutch officials prevented the Turkish ministers from speaking, causing a dust-up between the two countries. [...] Even where some of the tweets have been deleted, the banner image of the Turkish flag sometimes remains, like on the account for Starbucks Argentina.Twitter said in a statement, "We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately."

Submission + - Vulnerability In WhatsApp And Telegram Allowed Complete Account Takeover (helpnetsecurity.com)

Orome1 writes: Check Point researchers today revealed a new vulnerability on WhatsApp and Telegram’s online platforms – WhatsApp Web & Telegram Web. By exploiting this vulnerability, attackers could completely take over user accounts, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more. Check Point disclosed this information to the WhatsApp and Telegram security teams on March 8, 2017. WhatsApp and Telegram acknowledged the security issue and developed fixes for worldwide web clients.

Submission + - Lawmakers Try To Create Minimum Seat Size Requirement On Planes (consumerist.com)

AmiMoJo writes: A group of lawmakers Thursday introduced a pair of bills that would create a seat-size standard for commercial airlines, as well as a minimum distance between rows of seats. The text of the bill does not specify any dimensions for seat widths or legroom. Rather, if the legislation is passed, the particulars would be left up to the FAA to sort out. Though seat size may vary from airline to airline, Cohen notes that the average distance between rows of seats has dropped from 35 inches before airline deregulation in the 1970s, to around 31 inches today. Your backside is getting the squeeze, as well, as the average width of an airline seat has also shrunk from 18 inches to about 16.5 inches.

Submission + - Sensitive US Air Force Data Found Exposed Online (helpnetsecurity.com)

Orome1 writes: A misconfigured, unsecured backup drive containing a huge amount of sensitive (but not classified) data on US Air Force officers has been sitting online, accessible to anyone, for who knows how long. The most shocking document was a spread sheet of open investigations that included the name, rank, location, and a detailed description of the accusations. The investigations range from discrimination and sexual harassment to more serious claims. There were many other details from investigations that neither the Air Force or those being investigated would want publically leaked.

Submission + - Several High Risk 0-Day Vulnerabilities Affecting SAP HANA Found (helpnetsecurity.com)

Orome1 writes: Onapsis discovered several high risk vulnerabilities affecting SAP HANA platforms. If exploited, these vulnerabilities would allow an attacker, whether inside or outside the organization, to take full control of the SAP HANA platform remotely, without the need of a username and password. Onapsis Research Labs originally discovered the vulnerabilities on the newly released SAP HANA 2 platform, but after additional analysis realized that several older versions were vulnerable as well. Based on this assessment, it was identified that the vulnerabilities had been present in HANA for almost two and a half years. This greatly increases the likelihood that these vulnerabilities have been discovered by attackers to break into organization’s SAP systems.

Submission + - Apache Servers Under Attack Through Easily Exploitable Struts 2 Flaw (helpnetsecurity.com)

Orome1 writes: A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. The vulnerability (CVE-2017-5638) affects the Jakarta file upload Multipart parser in Apache Struts 2. It allows attackers to include code in the “Content-Type” header of an HTTP request, so that it is executed by the web server. Almost concurrently with the release of the security update that plugs the hole, a Metasploit module for targeting it has been made available. Unfortunately, the vulnerability can be easily exploited as it requires no authentication, and two very reliable exploits have already been published online. Also, vulnerable servers are easy to discover through simple web scanning.
Mars

Study Suggests Potatoes Can Grow On Mars (phys.org) 198

The International Potato Center (CIP) has launched a series of experiments to discover if potatoes can grow under Mars' atmospheric conditions, as well as under extreme conditions on Earth. The CIP placed a potato inside a "specially constructed CubeSat contained environment" that simulates Mars temperature, air pressure, oxygen and carbon dioxide levels. They then used sensors and live-streaming cameras to record the soil and monitor the status of the potato. Preliminary results are positive as cameras inside the container show sprouts. Phys.Org reports: "We have been looking at the very dry soils found in the southern Peruvian desert. These are the most Mars-like soils found on Earth." Chris McKay of NASA ARC. "This [research] could have a direct technological benefit on Earth and a direct biological benefit on Earth," says Chris McKay of NASA ARC. From the initial experiment, CIP scientists concluded that future Mars missions that hope to grow potatoes will have to prepare soil with a loose structure and nutrients to allow the tubers to obtain enough air and water to allow it to tuberize. "It was a pleasant surprise to see that potatoes we've bred to tolerate abiotic stress were able to produce tubers in this soil," Amoros said. He added that one of the best performing varieties was very salt-tolerant from the CIP breeding program for adaptation to subtropical lowlands with tolerance to abiotic stress that was also recently released as a variety in Bangladesh for cultivation in coastal areas with high soil salinity. Amoros noted that whatever their implications for Mars missions, the experiments have already provided good news about potato's potential for helping people survive in extreme environments on Earth.

Submission + - SPAM: Neanderthals ate vegetables, gave themselves medicine

phantomfive writes: A DNA analysis of tarter (hardened plaque) on Neanderthal teeth shows that some of them were mainly vegetarian. It also shows that they self-medicated with natural occurring aspirin, and possibly even penicillin. According to the study they a,so shared food with, or even kissed, homo-sapiens. There is also evidence of cannibalism.
Link to Original Source

Slashdot Top Deals

Computers are not intelligent. They only think they are.

Working...