Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Popular Smart Toys Violate Children's Privacy Rights? (helpnetsecurity.com)

Orome1 writes: My Friend Cayla and i-Que, two extremely popular “smart” toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children’s) rights to security and privacy, researchers have found. According to the findings by researchers from Scandinavian tech consultancy Bouvet, which was contracted to test the toys on behalf of the the Norwegian Consumer Council, there are many wrong things about these two interactive, Internet connected toys: lack of security, illegal user terms, sharing of kids’ secrets, asking for potentially sensitive information, subjecting kids to to hidden advertising, and more.

Submission + - Disttrack Wiper Malware Hits Saudi Arabia's Aviation Agency (helpnetsecurity.com)

Orome1 writes: Shamoon attackers with their Disttrack wiper malware have hit Saudi Arabian entities again. The Saudi government confirmed the latest breaches, and for now the identity of only one target has been revealed: the country’s General Authority of Civil Aviation (GACA), which is the national institution in charge of aviation and related matters, as well as the operator of four international and 23 domestic airports within the country.

Submission + - Next Level Red Teaming: Working Behind Enemy Lines (helpnetsecurity.com)

Orome1 writes: The term “hacker” calls forth both positive and negative mental pictures, but I can bet that there are not many people, even in the infosec community, to whom the term generates the image of a guy running through the jungle with a laptop and an automatic weapon. This is the story about one such person: a member of a red team and contractor.

Submission + - Gooligan Android Malware Used To Breach A Million Google Accounts (helpnetsecurity.com)

Orome1 writes: Check Point security researchers have revealed a new variant of Android malware. The campaign infects 13,000 devices each day and is the first to root over a million devices. The new malware campaign, named Gooligan, roots Android devices and steals email addresses and authentication tokens stored on them. With this information, attackers can access users’ sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

Submission + - Organized Sextortion Led Four British Men To Suicide (helpnetsecurity.com)

Orome1 writes: Sextortion/webcam blackmail is a booming business for organised crime groups from the Philippines, Ivory Coast and Morocco, and young men across the UK are the most sought-after victims. The victims are lured into video chatting with women, and into performing sexual acts in front of their webcam. Unfortunately, the video chats are recorded by the criminals, and then used to blackmail the victims – the victims are told that the video will be sent to their loved ones if they don’t pay up. There have already been instances when the victims – mostly youngsters – felt they had not other option except suicide to escape the shame.

Submission + - Cobalt Hackers Executed Massive, Synchronized ATM Heists Across Europe, Russia (helpnetsecurity.com)

Orome1 writes: A criminal group dubbed Cobalt is behind synchronized ATM heists that saw machines across Europe, CIS countries (including Russia), and Malaysia being raided simultaneously, in the span of a few hours. The group has been active since June 2016, and their latest attacks happened in July and August. The group sent out spear-phishing emails – purportedly sent by the European Central Bank, the ATM maker Wincor Nixdorf, or other banks – to the target banks’ employees.

Submission + - Oracle Buys Dyn (helpnetsecurity.com)

Orome1 writes: Oracle today announced that it has signed an agreement to acquire Dyn, a cloud-based Internet Performance and DNS provider that monitors, controls, and optimizes Internet applications and cloud services. Dyn’s solution is powered by a global network that drives 40 billion traffic optimization decisions daily for more than 3,500 enterprise customers, including preeminent digital brands such as Netflix, Twitter, Pfizer and CNBC.
Network

Apple Abandons Development of Wireless Routers, To Focus On Products That Return More Profit (bloomberg.com) 238

Apple has disbanded its division that develops wireless routers in a move that further sharpens the company's focus on consumer products that generate the bulk of its revenue, Bloomberg reports. From the article:Apple began shutting down the wireless router team over the past year, dispersing engineers to other product development groups, including the one handling the Apple TV. Apple hasn't refreshed its routers since 2013 following years of frequent updates to match new standards from the wireless industry. The decision to disband the team indicates the company isn't currently pushing forward with new versions of its routers. Routers are access points that connect laptops, iPhones and other devices to the web without a cable. Apple currently sells three wireless routers, the AirPort Express, AirPort Extreme, and AirPort Time capsule. The Time capsule doubles as a backup storage hard drive for Mac computers.

Submission + - Key Causes Of Network Outages And Vulnerabilities (helpnetsecurity.com)

Orome1 writes: A new global study, conducted by Dimensional Research, surveyed 315 network professionals about their experiences with network outages, vulnerabilities and compliance. Among the report’s findings, there is almost universal agreement that human factors lead to network outages, and in many cases these outages are quite frequent. Participants report numerous outages occur every year associated with changes to the network and identify growing complexity of the network as a contributing factor. When an issue does occur, hours typically pass before the issue is reported, and once reported, it requires hours more to resolve. Although human factors cause incidents, ironically the most common methods used to protect the network from such errors are also manual.

Submission + - Critical Linux Bug Opens Systems To Compromise (helpnetsecurity.com)

Orome1 writes: Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers – both local and remote – to obtain root shell on affected Linux systems. So far, they confirmed that the vulnerability (CVE-2016-4484) is present and can be exploited on Debian, Ubuntu and Fedora, but it’s possible that many derived distributions also feature it, shared. According to researchers Hector Marco and Ismael Ripoll, the vulnerability is found in the default configuration of Cryptsetup, which is used in those systems to set up cryptographic volumes. More particularly, it arises from how these operating systems implement the LUKS (Linux Unified Key Setup) standard for hard disk encryption.

Submission + - Researchers Set To Work On Malware-Detecting CPUs (helpnetsecurity.com) 1

Orome1 writes: Adding hardware protections to software ones in order to block the ever increasing onslaught of computer malware seems like a solid idea, and a group of researchers have just been given a $275,000 grant from the National Science Foundation to help them work on a possible solution: malware-detecting CPUs. This project, titled “Practical Hardware-Assisted Always-On Malware Detection,” will be trying out a new approach: they will modify a computer’s CPU chip to feature logic checks for anomalies that can crop up while software is running.

Submission + - OAuth2.0 Implementation Flaw Allows Attackers To Pop Android Users' Accounts (helpnetsecurity.com)

Orome1 writes: Incorrect OAuth2.0 implementation by third party mobile app developers has opened users of those apps to account compromise, three researchers from the Chinese University of Hong Kong have discovered. The flaw can be exploited remotely, with no involvement and/or awareness of the victim. Researchers have tested the exploit against 600 top-ranked US and Chinese Android apps that use the OAuth2.0-based authentication service provided by Facebook, Google or Sina, and discovered that, on average, 41.21% of these apps are vulnerable.

Submission + - Bug In Chrome For Mobile Exploited For Drive-By Android Malware Downloads (helpnetsecurity.com)

Orome1 writes: Users of the mobile version of Google Chrome should be extra careful when faced with unsolicited offers to install a popular app, Kaspersky Lab researchers warn. Cyber crooks pushing the Svpeng Android banking Trojan are taking advantage of a bug that allows them to force the download of the malware on the target’s Android device without any user interaction, and other malware peddlers might soon hop on that particular train.
China

LeEco's CEO Jia Yueting Says Company Overstretched, Now Running Out of Cash (bloomberg.com) 37

LeEco is a giant conglomerate in China. The company offers a range of services -- from online streaming service, to smartphones, to TV, to electric cars. On top of that, the company has been aggressively expanding into different markets with India and the United States being the two notable ones. How does it make so much cash? You wonder. It doesn't actually, according to the CEO, who has informed the employees that the company is quickly running out of cash. An anonymous reader shares a Bloomberg report: The billionaire chairman of China's LeEco has admitted his technology empire is running out of cash to sustain a headlong rush into businesses from electric cars to smartphones. In a lengthy letter to employees, company co-founder Jia Yueting apologized to shareholders and pledged to slash his income to 1 yuan (15 cents), slow LeEco's madcap pace of expansion, and move the company toward a more moderate phase of growth. LeEco is the umbrella holding company for a sprawling family of businesses that includes sports media, automobiles, smartphones and TVs. The company known for its LeTV streaming service has aggressively pursued funding and placed bets on new ventures, from an electric car plant in Nevada to a $2 billion acquisition of California TV maker Vizio Inc. "No company has had such an experience, a simultaneous time in ice and fire," Jia wrote in a letter, obtained by Bloomberg News, describing LeEco's rise and subsequent issues. "We blindly sped ahead, and our cash demand ballooned. We got over-extended in our global strategy. At the same time, our capital and resources were in fact limited."

Submission + - 14 Arrested For Laundering Millions Stolen With Malware (helpnetsecurity.com)

Orome1 writes: The UK National Crime Agency has arrested fourteen individuals suspected of laundering more than £11 million stolen through the use of malware. The money was stolen after the victims were infected with Dridex and Dyre malware, which collected their bank details and allowed the criminals to access their bank accounts. The money in those accounts would be dispersed in smaller amounts to other bank accounts in the UK and in Eastern Europe.

Slashdot Top Deals

"Today's robots are very primitive, capable of understanding only a few simple instructions such as 'go left', 'go right', and 'build car'." --John Sladek

Working...