August 10, 2017
Ukrainian police have arrested an individual accused of spreading the NotPetya malware, used in a cyberattack that knocked thousands of companies offline earlier this year.
An unnamed 51-year-old from the southern city of Nikopol was detained by the state cyber-police last week after a raid was carried out at the alleged attacker’s home.
In a brief statement, police say they seized computers that were used to spread the malware in the cyberattack.
The statement said that the person of interest told police he had uploaded the malware to a file-sharing account and shared a link on his blog with instructions on how to launch the malware.
The malware was downloaded about 400 times, police say.
August 7, 2017
What is cyberwar?
At its core, cyberwarfare is the use of digital attacks by one state to disrupt the computer systems of another in order to create significant damage or destruction.
What does cyberwarfare look like?
Cyberwar is still an emerging concept, but many experts are concerned that it is likely to be a significant component of any future conflicts. As well as troops using conventional weapons like guns and missiles, future battles will also be fought by hackers manipulating computer code.
Governments and intelligence agencies worry that digital attacks against vital infrastructure — like banking systems or power grids — will give attackers a way of bypassing a country’s traditional defenses.
Unlike standard military attacks, a cyberattack can be launched instantaneously from any distance, with little obvious evidence in the buildup. And it is often extremely hard to trace such an attack back to its originators. Modern economies, underpinned by computer networks that run everything from sanitation to food distribution and communications, are particularly vulnerable to such attacks.
August 4, 2017
A security researcher who helped curb a global outbreak of the WannaCry ransomware earlier this year has told a court he is not guilty of charges of allegedly creating a notorious banking malware.
Marcus Hutchins, 22, said he was not guilty during a hearing at a Las Vegas court after he was arrested and detained earlier this week.
The news was confirmed by his attorney Adrian Lobo, speaking on Facebook Live to local reporter Christy Wilcox, at the court house.
Hutchins was granted bail on a bond of $30,000 during a hearing at a Las Vegas court.
August 3, 2017
There’s a new open format sweeping the world of performance PCs, and it’s…well, complicated. The M.2 format is designed for manufacturers to replace a variety of specific devices, do it in a tiny space, and require very little power. But actually upgrading to an M.2 drive or accessory requires a little forethought.
Where Did M.2 Come From?
Formerly known as Next Generation Form Factor (NGFF), the M.2 format is technically a replacement for the mSATA standard, which was popular with manufacturers of super-compact laptops and other small gadgets. That may seem surprising, since most M.2 drives sold at retail are intended for use in full-sized desktops, but M.2 has effectively replaced mSATA hard drives and SSDs in compact laptops like Apple’s MacBook or Dell’s XPS 13. They’re simply sealed within the bodies and unable to be upgraded by most users.
What Can It Do?
M.2 is more than just an evolutionary form factor. Potentially, it could supersede the whole aging Serial ATA format altogether. M.2 is a slot that can interface with SATA 3.0 (the cable that’s probably connected to your desktop PC’s storage drive right now), PCI Express 3.0 (the default interface for graphics cards and other major expansion devices), and even USB 3.0.
August 3, 2017
Digital transformation isn’t cheap and old-line enterprises are about to struggle to balance current results and future investments and swap out executives. In other words, investing in the future is swell until the core business starts to show signs of weakness.
Here are three recent examples of stalwart enterprises that are investing for the future with new captains.
Mattel outlined a digital transformation overhaul that focused on building toys that will teach and develop toddlers and prep them more for science, tech, and engineering careers well into the future. Mattel also talked analytics, user experience, and a design cadence that rhymed with what you’d hear from a tech company.
But there’s a cost. Mattel also cut its dividend and pulled its practice of shorter-term financial guidance and replaced it with longer increments. Mattel CEO Margo Georgiadis will take the funds that would have gone to a dividend and put it on digital transformation.
August 2, 2017
One of the biggest complaints I’ve seen leveled against the iPad is that it was too expensive compared to other tablets, and that the high price was acting as a barrier to sales.
Turns out that was true.
The iPad is an interesting device. Once seen as possibly the successor to the iPhone, it’s one of those devices that burned brightly, but it burned itself out very quickly, going from launch to peak sales in under four years, and ever since then, it’s been in steady decline.
Earlier this year, Apple attempted to resuscitate flagging sales by turning to the older-than-dirt sale trick of cutting prices.
And it looks like it’s worked. But at a price.
July 31, 2017
Lucas Lundgren sat at his desk as he watched prison cell doors hundreds of miles away from him opening and closing.
He could see the various commands floating across his screen in unencrypted plain text. “I could even issue commands like, ‘all cell blocks open’,” he said in a phone call last week. Without being there, he couldn’t know for sure if his actions would’ve had real-world consequences.
“I’d probably only know by reading about it in the newspaper the next day,” said Lundgren, a senior security consultant at IOActive, ahead of his Black Hat talk in Las Vegas last week.
It’s because those cell doors are controlled by a little-known but popular open-source messaging protocol known as MQTT, which lets low powered, internet-connected (IoT) sensors and smart devices communicate with a central server using little bandwidth — letting prison guards remotely control the locks on a cell door. The protocol is used everywhere — by hobbyists at home, but also in industrial systems like gauges and equipment sensors, electronic billboards, and even medical devices.
July 26, 2017
Security researchers have revealed a recently discovered vulnerability in modern, high-speed cell networks, which they say can allow low-cost phone surveillance and location tracking.
The findings, revealed Wednesday at the Black Hat conference in Las Vegas, detail a cryptographic flaw in the protocol used in 3G and 4G LTE networks which enables mobile devices to connect with the cell operator.
It’s the latest blow to the long-held belief that modern cell standards and protocols are largely immune from tracking and monitoring, unlike the older 2G cell protocol which uses easy-to-crack encryption.
Ravishankar Borgaonkar and Lucca Hirschi, who co-authored the research, found a weakness in the authentication and key agreement, which lets a phone communicate securely with the subscriber’s cell network. The agreement protocol relies on a counter that’s stored on the phone operator’s systems to authenticate the device and to prevent replay attacks, but the researchers found that the counter isn’t well protected and partially leaks. That can allow an attacker to monitor consumption patterns, such as when calls are made and when text messages are sent, and track the physical location of a cell phone.
July 25, 2017
Adobe said it will end-of-life Flash and stop providing updates and distributing the software at the end of 2020.
The move will be cheered in some circles. Adobe Flash has been derided among security pros due to frequent zero-day attacks. Flash is among the biggest security risks to Windows.
Former Apple CEO Steve Jobs famously declared Flash obsolete in 2010. Google started phasing out Adobe Flash Player a year ago in Chrome 53 in favor of HTML5.
Adobe said in a blog that “open standards like HTML5, WebGL and WebAssembly have matured over the past several years” and have replicated most features that were in Flash. Adobe noted that Flash and Shockwave were created because the web lacked interactive formats.
July 25, 2017
You know what aren’t “sexy” for security researchers? Mainframes.
These high-performance systems typically designed for large-scale computing are the last bastion of security testing and research because typically they’re considered to be the most secure platform on Earth. It’s why these systems are at the heart of almost every critical transaction that ordinary people rely on every day — including bank wire transfers and ATM transactions, booking flights, and handling millions of payments at retail outlets around the world.
But what doesn’t help the appeal is that mainframes are notoriously difficult to get access to, making security testing difficult, if not impossible.
Ayoub Elaassal, a security auditor at consulting firm Wavestone, was one of the lucky few who were able to access a mainframe for an audit. It was running z/OS, a specialized operating system built by IBM for its z Series machines.
It didn’t take him too long to find a vulnerability that, if exploited, could have given him root access to a mainframe and its vital, sensitive data.