On Wednesday, the New York State Public Service Commission (PSC) ruled that municipal power companies could charge higher electricity ratesto cryptocurrency miners who try to benefit from the state’s abundance of cheap hydroelectric power.
Source: arstechnica.com
For many photos taken with smartphones(and with some consumer cameras), geolocation information is saved with the image by default. The location is stored in theExif (Exchangable Image File Format) data of the photo itself unless geolocation services are turned off. If you have used Apple’s iCloud photo store or Google Photos, you’ve probably created a rich map of your pattern of life through geotagged metadata.
When the Dutch High Tech Crime Unit took over one of the world’s biggest dark web drug marketplaces, Hansa, they knew they were onto a winner. They were able to monitor anyone who came onto the site and, potentially, start determining their real locations. This week, the Dutch cops claim to have taken out a group of prolific dark web drug pushers who operated on Hansa.
Last week, Motherboard reported that the FBI had arrested the CEO of Phantom Secure, a company allegedly providing custom, security-focused BlackBerry phones to the Sinaloa drug cartel, among other criminal groups. But the feds aren’t only going after Phantom’s owner: on Thursday, the Department of Justice announced an indictment against other apparent Phantom staff too, and confirmed what one source told Motherboard before it became public knowledge—that authorities have seized Phantom’s domains used for routing messages.
According to an alert from the United States Computer Emergency Readiness Team yesterday, Russia has hacked into many of our government entities and domestic companies in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors – essentially most of what makes our country go.
Source: forbes.com
As a programmer you have a unique style, and stylometry techniques can be used to fingerprint your style and determine with high probability whether or not a piece of code was written by you. That makes a degree of intuitive sense when considering source code. But suppose we don’t have source code?
Suppose all we have is an executable binary? Caliskan et al., show us that it’s possible to de-anonymise programmers even under these conditions. Amazingly, their technique still works even when debugging symbols are removed, aggressive compiler optimisations are enabled, and traditional binary obfuscation techniques are applied!
Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of iOS with a backdoor for accessing the phone’s data. Others believed that it’s impossible to give backdoor access to law enforcement without threatening the security of law-abiding citizens.
The software, called Lightning Network, can now be used for Bitcoin payments after more than a year in which thousands of developers tested it. Lightning Labs, one of the firms developing the technology, released this initial version, which is compatible with networks being developed by other groups, such as Blockstream and Acinq.
Source: fortune.com
The problem that night for Singhal, who oversees the development of the architecture for all of Intel’s processors, was that something was wrong with the patches. Among all the millions and millions of computers in use around the world running Intel CPUs, one of the patches for Spectre was causing some computers to freeze up or spontaneously reboot. Though only affecting a tiny proportion of the market, the problems were widespread enough to spook PC makers and prompt a temporary recall of the updated software.
Mining is the extremely energy-intensive computational process that secures the Bitcoin blockchain and rewards miners with bitcoins. The Bitcoin moratorium was proposed by Plattsburgh Mayor Colin Read earlier this month after local residents began reporting wildly inflated electricity bills in January. The moratorium affects only new commercial Bitcoin operations and will not affect companies that are already mining in the city.
It’s at least the second time in two years that Google has served up a malicious ad under Amazon’s name. Over the past year, we’ve heard of several cases of bad ads that have redirected users to malicious pages, but to our knowledge have never directly served malware.
Source: zdnet.com
Throughout last year, mysterious ailments struck dozens of U.S. andCanadian diplomats and their families living in Cuba. Symptoms includeddizziness, sleeplessness, headache, and hearing loss; many of the afflictedwere in their homes or in hotel rooms when theyheard intense, high-pitched sounds shortly before falling ill. In February, neurologists who examined the diplomats concluded that the symptoms were consistent with concussion, but without any blunt trauma to the head.
For those behind GandCrab, staying profitable and staying one-step ahead of white hats means adopting a never-before-seen agile malware development approach, said Check Point.
Source: threatpost.com
Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide. Dubbed RottenSys, the malware that disguised as a ‘System Wi-Fi service’ app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain. All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign.
Researchers say a massive phishing campaign targeting Asia and Middle East regions is linked to an Iranian-based threat actorTEMP.Zagros, also known as MuddyWater. This latest attack illustrates an evolution by the threat actor, which has now adopted new tactics, techniques and procedures.
Source: threatpost.com
This new backdoor for cross-border data mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering. That law, recently reauthorized and expanded by Congress for another six years, gives U.S. intelligence agencies, including the NSA, FBI, and CIA, the ability to search, read, and share our private electronic messages without first obtaining a warrant.
Martisevs’ service was designed to keep new malware out of the hands of anti-virus makers. It didn’t report the detection of malicious files, thereby keeping anti-virus makers in the dark about new threats. The service had quite the palate: malware submitted to it included, among other types, crypters meant to hide malware from anti-virus programs, remote-access Trojans (RATs), keyloggers, and malware tool kits to create customized malicious files.
A recent malware campaign that attempted to install a resource-draining currency miner on more than 400,000 computers in 12 hours was caused by a malicious backdoor that was sneaked into a BitTorrent application called Mediaget, a Microsoft researcher said Tuesday.
Source: arstechnica.com
A recent malware campaign that attempted to install a resource-draining currency miner on more than 400,000 computers in 12 hours was caused by a malicious backdoor that was sneaked into a BitTorrent application called Mediaget, a Microsoft researcher said Tuesday.
Source: arstechnica.com
In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion.
Source: nytimes.com