All Activity

This stream auto-updates   

  1. Earlier
  2. Google has seemingly taken another step to sanitize the browsing environment for users. Allegedly, the tech giant is now planning to regularize advertisements for optimal loading. Consequently, in the days to come, Google Chrome will block heavy ads for seamless browsing. Chrome To Block Heavy AdsAs evident from the Chrome commit, Google has made plans to block heavy ads from loading. It will supposedly filter out those ads that consume more resources. This will, in turn, facilitate users for smooth browsing experience. First caught up by 9to5Google, the report reveals about some ongoing work towards achieving fast and smooth browsing. As mentioned in Chrome commit by John Delaney, Google is working on implementing ‘Heavy Ad Intervention’. The idea is to unload ad iframes that Google identifies for higher resource consumption. https://latesthackingnews.com/2019/07/06/google-chrome-will-block-heavy-ads-from-loading-in-future/
  3. Cyber attack methods have evolved aggressively to become more targeted, more sophisticated, and more frequent. For this webinar we have distilled 5 of the most common and urgent problems that enterprises face, and will share our analysis of the issues and practical recommendations for addressing them within your own security program.  Join Jack Danahy, SVP, Security, as he outlines steps to: Track and combat the evolving threat landscapeIncrease visibility and resistance at the attack surfaceBattle alert fatigue and the security talent shortageDefine a cyber-risk baseline and process for your security programhttps://www.alertlogic.com/resources/webinars/post-rsa-insights-five-recommendations-to-strengthen-your-security-program/?utm_medium=external&utm_source=The_Hacker_News&utm_campaign=5_Recommendations_to_Strengthen_Your_Security_Program_Webinar&utm_content=On_Demand_Promo
  4. Looking for a good place to read up on the latest tech gadgets and tech updates.Look no further check this site out!! https://soniz-web.com/category/blog/
  5. Your Independence Day visits to r/technology will be short indeed -- Reddit's tech subreddit is offline as part of a stand against social media. Wikipedia cofounder Larry Sangler led the push to "demand that giant, manipulative corporations give us back control over our data, privacy, and user experience." "Following on from the announcement by Larry Sangler of a Social Media Strike," the notice reads. "/r/technology is joining the #SocialMediaStrike Click the links above for more info. Normal service will resume on the 5th." https://www.cnet.com/news/reddits-rtechnology-goes-offline-for-july-4-social-media-strike/
  6. UK businesses have reported a significant fall in cyber attacks over the last 12 months. The proportion identifying breaches or attacks in the least year was 32 per cent, compared with 43 per cent in 2018 and 46 per cent in 2017, according to a survey of 1,566 businesses by the Department for Digital, Culture, Media and Sport (DCMS) (PDF). Those figures echo the Crime Survey for England and Wales, which found that between September 2017 and September 2018, the number of computer misuse incidents among individuals fell from 1.5 million to 1 million. This was driven, according to Office for National Statistics data, by a significant reduction in computer viruses (down by 45 per cent over the same period). However, the DCMS report said other factors could be at play such as more investment in cybersecurity, better compliance due to GDPR, or a change in attack behaviour. For example, those carrying out cyber attacks could be focusing on a narrower (though still numerous) set of businesses. This fits with another broad trend in the survey showing that, among the 32 per cent of businesses that did identify breaches or attacks, the median number they recall facing has gone up, from two attacks in 2017 to six in 2019. Of those targeted, phishing attacks were the most common, with 80 per cent having been subject to email scams, while 27 per cent said they had been hit by viruses, spyware or malware. However, Ken Munro of Pen Test Partners said there are too many variables to make the findings conclusive. "Are the number of antivirus reports down because organisations (rightly) don't consider them to be attacks/breaches or incidents? Or is it because the antivirus products aren't detecting the types of malware that are being used now?" He added: "Without analysing the quality of phishing attacks, the data is also meaningless. Are untargeted phishing attempts being filtered out upstream? "I don't think anything can be concluded from the report other than that 'cyber stuff is still happening and some businesses are taking it more seriously'.
  7. t is with great pleasure that I can now announce that kiwiirc.com and its development is now sponsored by Private Internet Access. Some people may recognise the company as they have been sponsoring and helping out the IRC community for many years, such as the Freenode network. Having already shown their interest in pushing IRC forward and making sure that core IRC projects can stay afloat, it is a well suited match as a sponsor to the Kiwi IRC project as this can benefit every IRC network and community that uses the Kiwi IRC web client. So what does this mean for the project? There are no large changes being made. Kiwiirc.com and the open source project are still independent and run by volunteers. However, with the extra support, this allows me to be focusing on Kiwi IRC development much more closely and building up kiwiirc.com with new features and improvements at a faster pace. It’s not just development that’s involved in this project. Serving kiwiirc.com for an instant, always available web IRC client for any network out there has been the larger bulk of the project and has exploded in recent years, growing from hundreds to millions of users every month. This has been a personal financial drain for some time (handling IRC isn’t cheap!) since I have never wanted to start showing adverts, but we can now easily expand to be supporting the new growth and continue supporting every IRC network out there with a simple, modern IRC client for the web and mobile. What's happening next? There has been a lot of silence with progress in recent months due to the lack of time available towards this project, however with that changing now we can start to pick up the pace of development some more. Some highlights of whats currently happening: An entire re-write has been in the works with a development preview available here Amazing mobile and tablet device support The open source project and related projects has now moved into it’s own organisation, https://github.com/kiwiirc There has been some heavily requested features over time which I can now start putting resources into. I know some of these will be getting people excited so there will be another mention of these once the new release of Kiwi IRC has become generally available. More information on these will appear in the near future so be sure to be following @kiwiirc on twitter or the mailing list to be getting the updates as they happen! Or just come say hey on irc.freenode.net/#kiwiirc :) Finally, a big thanks to the new sponsor, PrivateInternetAccess, for helping not only Kiwi IRC but the IRC community as a whole. If you’re looking around for a VPN provider to keep yourself protected online, take a look at privateinternetaccess.com as they come highly recommended from many different sources and reviews! https://kiwiirc.com/
  8. Microsoft released a new Windows 10 build to the Fast ring a little earlier than usual today, after a week with no builds. Build 18932 includes some new Eye Control improvements and notification settings, but it also comes with a pretty long list of fixes issues. Most notably, Microsoft is seemingly converging settings synchronization engines into a single platform that's more reliable and less complex. For now, that means settings syncing will be disabled in 20H1 builds, but it should be good news for future releases. Here's the full list of improvements: Read More Here https://www.neowin.net/news/here039s-what039s-fixed-improved-and-still-broken-in-windows-10-build-18932
  9. The field of science communication -- the practice of informing and educating people about science-related topics -- arose just after the start of the Enlightenment when Francesco Algarotti published his first edition of Newtonianism for the Ladies in 1737. While that bit of 18th century mansplaining doesn't really hold up by today's standards, in the nearly three centuries since, the pace of scientific progress has only accelerated -- with science communication evolving alongside it. The advent of social media, in particular, is an unprecedented, powerful tool for science communicators. "It was right after the election and I noticed that there was all this energy in the community, thinking about how we could better communicate our science to the public," University of Connecticut PhD student Sarah McAnulty told Engadget. "I thought we needed some way to engage scientists, in a low time-commitment, high-impact, kind of way." The result is Skype a Scientist. Launched in 2017, it connects researchers from a broad range of fields with students, teachers and other interested groups via, well, Skype. Each meeting lasts 30 minutes to an hour and operates as an informal Q&A session. "Typically it is structured as question and answer sessions, because we want people to feel as though they've really met a scientist, not just got lectured," McAnulty continued. "We want people to get answers to what they actually want to know about. That's really important." The operation itself is fairly straightforward. Teachers and interested parties fill out a Google form with their schedule availability while researchers and scientists fill out a similar form of their own. Then, a sorting algorithm designed by bioinformatician David Jenkins, a PhD student at Boston University, matches up the two groups for a session. "It's free," McAnulty points out. "As long as you have an internet connection, you're good to go." Before the advent of the internet, this sort of interaction simply wouldn't be feasible. Similar programs do exist, such as Letters to a Pre-Scientist, but nothing on this scale. In the last two and a half years, Skype a Scientist has served 15,000 classrooms and signed up 6,000 individual researchers to participate. "I basically did this whole thing via Twitter, I tweeted about it," McAnulty said. "And then the word of mouth spread extraordinarily quickly. Without that social media aspect of scientists talking to each other on Twitter, I can't imagine I would have gotten this many teachers or scientists." Before Skype a Scientist, McAnulty launched the Squid Scientists Tumblr page in 2014. "Originally, it was just I wanted to see what what if it was possible because Tumblr, generally speaking, wasn't a place where science communication was happening too much." Still, McAnulty found Tumblr to be less hostile to women than Reddit and that it skewed towards further a younger audience than Twitter. "I get more questions from Tumblr from young women who are thinking about being a scientist or just want to know more before they make a choice about what kind of careers they think they could see themselves in," she said. "So Tumblr has been really powerful for that." Indeed, the elimination of communication barriers and the waning influence of traditional "gatekeepers" to the scientific community has enabled female, PoC, LGBTQ+, and non-binary researches a direct line to an interested public. And given that a 2018 study found that only around 30 percent of studies published in the Nature Index journals were penned by female researchers, that ability to connect with not just the public but other researchers as well, could help reduce that discrepancy. McAnulty notes that mainstream science media outlets like the Discovery Channel or NatGeo will cast their scientist hosts based on who will return the best ratings. "In the process, they are choosing scientists that they think people will view as scientists," she said, "It's a positive feedback loop of sexism." However, with the rise of social media, especially Twitter, Instagram and YouTube, researchers from underrepresented groups don't have to wait for NatGeo to come knocking. They can produce their own content, cultivate their own audiences and share their passion for science directly. "The more that we're engaging with the public -- and even engaging in our own communities -- the more representation you have of everybody, the better and the stronger our scientific community will be," McAnulty said. The podcasting community has also become a hotbed for science communication. Take This Week In Science, for example. Originally a live radio show broadcast from KDVS on the University of California, Davis campus, it now reaches listeners in 60 countries as a weekly podcast. Neurophysiologist and science communicator, Dr. Kirsten "Kiki" Sanford, founded the show in 2000. "I was a graduate student when I started it and was really interested in the idea of talking with people about the stuff I was learning," she explained to Engadget. "I would hang out with my neighbors and we would talk about things that we had learned recently, things that were cutting edge research, and just how exciting they were." She quickly realized that there wasn't much of that sort of content available. "The only radio show at the time in the area that I lived, was Science Friday, which was great, but that was it," Sanford said. "And so we approached the local college radio station to see if they wanted to have a science show." In the 19 years (and 500-plus episodes) since, TWIS has held a number of live tapings at local clubs and science festivals. "I enjoy doing live shows, because there's that instant feedback," Sanford said. "You can see people's faces, whether or not they're engaged in what you're talking about whether or not they're bored. I can up-regulate what I'm saying, I can shift the way that I'm explaining it, I can ask the audience a question and you know, get a show of hands or get a response right then and there." Sanford and her team are expanding into other areas of social media, such as their recently-launched monthly newsletter. "I'd like to be able to get the show to stable financial basis, where we can put more time into doing shorter content for YouTube, or maybe a daily show" Sanford continued. "One fun idea that have been bounced around recently: I have an eight year old son and he's getting interested in [science]. So we've been talking about having a Twitch Junior program." These sorts of conversations wouldn't have occurred without the rise of these platforms. "With the access that people have, especially social media, I am seeing so many more scientists, talking to people not just to each other, but to people who are just like, 'Oh, what is this thing you study?'' Sanford noted. "And suddenly there's a conversation happening. That didn't happen before." Science communication is having an outsized effect on the scientific job market as well, Sanford points out, with people carving out careers in a field that didn't exist a decade ago. "You had science writers, you had science journalists, but to the idea of a science communicator?" Sanford quipped, "Now people are calling themselves science communicators all over the place. It's amazing." Though social media's open access regularly serves as a double-edged sword, with conspiracy theorists intentionally spreading misinformation online, both McAnulty and Sanford remain optimistic that the scientific community will be able to minimize the damage those bad-faith actors might cause. "That's social media's equality, and that is a blessing and a curse," McAnulty said. "I guess one of the goals for my science communication, and my career, is to help people connect with sources of information that they can trust."
  10. Self-driving venture Waymo has been given permission by California authorities to transport people in its robotaxis. According to TechCrunch, the California Public Utilities Commission (CPUC) gave Waymo the green light this week, issuing a permit that will allow the company to participate in the state's Autonomous Vehicle Passenger Service pilot. This means that Waymo employees will be able to hail a self-driving vehicle and take guests on rides within the company's South Bay territory. There are some restrictions, of course. Waymo can't charge for these rides, and every vehicle must have a safety driver behind the wheel. Interestingly, the CPUC will allow Waymo to contract out its safety driver operations to a third party -- a decision prompted by Waymo's assessment that operating and scaling a "meaningful pilot" requires a large group of drivers who are "more efficiently engaged." They will still go through Waymo's proprietary driver training program. This isn't the first milestone for Waymo in its bid to roll out a nationwide service -- the company launched its first commercial ride-hailing offeringlast year in Arizona, where there's less regulatory red tape for companies to deal with. Nor is this the first permit of its kind to be issued in California -- Zoox scored that accolade in December last year. Nonetheless, the news represents an important advance for Waymo's efforts in the state, where the race is perpetually on to achieve firsts in what is essentially the tech capital of America. More Here https://www.engadget.com/2019/07/03/waymo-test-self-driving-taxis-employees-california/
  11. Hitman 2 has had its share of unusual updates and events, but its latest may be particularly appealing if you're music-minded. IO Interactive has outlined a July roadmap with a string of music-themed activities, most notably the "I'm With the Band" Challenge Pack arriving on July 11th. Finish five band-related tasks on the Santa Fortuna map and you'll unlock a violin -- you could literally bludgeon someone with your musical tastes. The rest of July shares a similar vibe. As of July 4th, there's an Escalation mission on the Isle of Sgail that has you taking out musicians through creative methods. On July 18th, Featured Contracts will revolve around the concept of "tone death." The Badboy Elusive Target returns to Sapienza a day later on July 19th for Legacy Pack owners. And on July 25th, another Escalation mission in Santa Fortuna will involve making some noise with explosives. And don't worry if you're sick of music by the end of the month. IO is giving expansion pass owners a second Sniper Assassin map, the Siberia-based Prison, on July 30th. More details are coming in the weeks ahead. For now, though, it's evident that IO has found a way to keep players busy after the novelty of the New York map has worn off.
  12. Updated YouTube, under fire since inception for building a business on other people's copyrights and in recent years for its vacillating policies on irredeemable content, recently decided it no longer wants to host instructional hacking videos. The written policy first appears in the Internet Wayback Machine's archive of web history in an April 5, 2019 snapshot. It forbids: "Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data." Lack of clarity about the permissibility of cybersecurity-related content has been an issue for years. In the past, hacking videos in years past could be removed if enough viewers submitted reports objecting to themor if moderators found the videos violated other articulated policies. Now that there's a written rule, there's renewed concern about how the policy is being applied. Kody Kinzie, a security researcher and educator who posts hacking videos to YouTube's Null Byte channel, on Tuesday said a video created for the US July 4th holiday to demonstrate launching fireworks over Wi-Fi has been removed because of the rule. "I'm worried for everyone that teaches about infosec and tries to fill in the gaps for people who are learning," he said via Twitter. "It is hard, often boring, and expensive to learn cybersecurity." The Register asked Google's YouTube for comment but we've not heard back. Security professionals find the policy questionable. "Very simply, hacking is not a derogatory term and shouldn’t be used in a policy about what content is acceptable," said Tim Erlin, VP of product management and strategy at cybersecurity biz Tripwire, in an email to The Register. "Google’s intention here might be laudable, but the result is likely to stifle valuable information sharing in the information security community." Erlin said that while it may be reasonable to block content that shows actual illegal activities, like breaking into a specific organization's systems, instructional videos play an important role in cybersecurity education. "In cybersecurity, we improve our defenses by understanding how attacks actually work," said Erlin. "Theoretical explanations are often not the most effective tools, and forcing content creators onto platforms restricted in distribution, like a paid training course, simply creates roadblocks to the industry. Sharing real world examples brings more people to the industry, rather than creating more criminals." Tyler Reguly, manager of security R&D at Tripwire, said censorship has been a concern among YouTube video makers for some time. In an email to The Register, he expressed sympathy for the challenge YouTube faces as a business. "If YouTube wants advertisers to pay, they need to be aware of the content they are allowing," he said. "We tend to forget that these websites exist to make money, not for the betterment of society." But he noted that YouTube's policies aren't easy to interpret and there may be reasons Kinze's video got flagged, such as the fact that it deals with fireworks. "The YouTube system, based on reports that I’ve seen in the past, is quite arbitrary and difficult to understand, even as a YouTuber working directly with the company, nothing is as straightforward as it seems," he said. Dale Ruane, a hacker and penetration tester who runs a YouTube channel called DemmSec, told The Register via email that he believes this policy has always existed in some form. "But recently I've personally noticed a lot more people having issues where videos are being taken down," he said. Read more here https://www.theregister.co.uk/2019/07/03/youtube_bans_hacking_videos/
  13. The security expert Barak Tawily demonstrated that opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a 17-year-old known bug in the browser. The researcher published the details of the attack through TheHackerNews website and demonstrated that his technique works against the latest version of Firefox. “Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.” reported TheHackerNews. The expert was analyzing the implementation of the Same Origin Policy in Firefox when discovered that it is vulnerable to local files theft attack. “Recently, I was performing a research on Same Origin Policy attacks, I managed to realize that the la version of Firefox (currently 67) is vulnerable to local files theft attack (on any supported OS), due to improper implementation of Same Origin Policy for file scheme URIs. Let’s go over the PoC details then I will provide an explanation of why its not patched yet.” wrote the expert. According to Tawily, Firefox didn’t fix the flawed implementation of the Same Origin Policy (SOP) for File URI Scheme over the years. The expert also shared details of its PoC and a video PoC of the attack. Tawily explained how an attacker can easily steal secret SSH keys of Linux victims if they save downloaded files in the user-directory that includes SSH keys in its subfolder. Attacker sends email to victim with attachment file to be downloaded / Victim browse to malicious website and download file The victim opens the HTML malicious file The file loading the containing folder in an iframe (so my file path is file:///home/user/-malicious.html, and the iframe source will be file:///home/user/) The victim thinks he clicks on a button on the malicious HTML, but in fact he is clicking on the malicious file html inside the iframe’s directory listing (using ClickJacking technique, in order to apply the “context switching bug” which allows me access the directory listing of my containing folder) The malicious iframe now have escalated privileges and is be able to read any file on the folder contains the malicious file, (in most cases downloads folder, in my case is file:///home/user/). The malicious file is able to read any file on it’s containing folder (file:///home/user/), such as SSH private key by simply fetching the URL file:///home/user/.ssh/ida_rsa and stealing any file by 1 more fetch request to the attacker’s malicious website with the files’ content. The attacker gains all files in the folder containing the malicious file exploit this vulnerability An attacker could successfully carry out the attack by tricking victims into downloading and opening a malicious HTML file on the Firefox web browser and into clicking on a fake button to trigger the exploit. “Tawily told The Hacker News that all the above-mentioned actions could secretly happen in the background within seconds without the knowledge of victims, as soon as they click the button place carefully on the malicious HTML page.” continues The Hacker News The expert reported the flaw to Mozilla, but the company seems to have no intention to fix the issue soon. “Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders.” reads the reply from Mozilla.
  14. A Georgia state agency confirmed that a cyberattack has brought offline some court websites. According to local media, hackers infected the systems of the Georgia Administrative Office of the Courts with ransomware, “News outlets report hackers demanding a ransom infected computers with malware at the Georgia Administrative Office of the Courts.” reported the Associated Press. “Agency spokesman Bruce Shaw said Monday that officials have “quarantined our servers and shut off our network to the outside.” The Georgia Administrative Office of the Courts provides services to some local probate and municipal courts. The website of the agency (www.georgiacourts.org) was offline earlier this week, while the websites for the Georgia Supreme Court and court clerks in the larger counties of the state were up and running. “Hackers have infected computers at a Georgia courts agency, demanding a ransom payment and causing officials to shut down court websites.” reported the AJC website. “The Administrative Office of the Courts was offline Monday as the state government tried to contain the hack.” At the time of writing, it wasn’t clear the extent of the attack in term of impacted Georgia courts and interference with ordinary operations. Agency spokesman Bruce Shaw pointed out that users’ data were not exposed because the Georgia Administrative Office of the Courts doesn’t users details apart from information in public court documents. “Personal information wasn’t compromised because the agency doesn’t keep that information, said Michelle Barclay, a division director for the Administrative Office of the Courts.” concludes the AJC website. “Everything is shut down until they tell us to turn it on,” Barclay said. “We’re definitely inconveniencing folks who rely on our applications.” The attack was discovered during the weekend, experts believe it was launched from a foreign country. The attackers sent an email to the agency with instructions to contact them, the message didn’t specify a ransom amount. This incident follows other similar attacks on government systems, such as the one that hit the city of Atlanta and the Georgia Department of Agriculture. County and state courts were operational, but they were unable to access information provided by the Administrative Office of the Courts, Allen said. He didn’t know how long it will take to recover from the attack.
  15. The government of Singapore has announced its third bug bounty program aimed at assessing the level of security implemented for government systems exposed online. The bug bounty program sees the involvement of the Cyber Security Agency of Singapore (CSA) and the Government Technology Agency of Singapore (GovTech). Like previous programs, this bug bounty initiative program will be operated through the HackerOne platform. The bug bounty program will run from July to August and will see the participation of 200 international hackers and 100 local hackers. The organization will offer payouts between $250 and $10,000 for each vulnerability reported by the experts. The Government will present the results of the program in September. “The Singapore Government’s latest bug bounty program is part of a strategic initiative and commitment to build a secure and resilient Smart Nation by strengthening collaboration with the cybersecurity industry and community.” reads the press release. “GovTech’s bug bounty program will run from July to August 2019 and will cover nine Internet-facing government digital services and information and communication technology systems with high user interaction.” In December 2017, Singapore’s Ministry of Defence (MINDEF) invited roughly 300 white hat hackers from around the world to participate its first bug bounty program. The hackers found 35 vulnerabilities that were paid a total of $15,000. The second program run earlier in 2019 and resulted in the discovery of 26 security flaws that were paid a total of $12,000.
  16. Government officials from Germany and the Netherlands signed an agreement for the building of the first-ever joint military Internet, so-called TEN (Tactical Edge Networking). The agreement was signed this week in Brussels, during a meeting of NATO defense ministers. “The accord was signed on Wednesday in Brussels, Belgium, where NATO defense ministers met this week.” reads the post of ZDnet that first reported the news. “The name of this new Dutch-German military internet is the Tactical Edge Networking, or TEN, for short.” The Tactical Edge Networking (TEN), is the first-ever project that allows states to merge their military networks. Military and defense analysts believe that in the future, the NATO alliance will create for all its members a unique military network. The TEN will be located in Koblenz, Germany, while a design and prototype center will be located at the Bernard Barracks in Amersfoort, the Netherlands. In the first phase of the project, TEN will unify communications between the German army’s (Bundeswehr) land-based operations (D-LBO) and the Dutch Ministry of Defence’s ‘FOXTROT’ tactical communications program. Under the TEN project, soldiers from both governments will use the same equipment (i.e. Computers, radios, tablets, and telephones). The cost for the overall project will be very high, analysts believe it will reach millions of euros. TEN’s deployment is expected to cost the two countries millions of euros in costs to re-equip tens of thousands of soldiers and vehicles with new compatible equipment. According to German newspaper Handelsblatt, both governments aim at a full integration of the defense netwotks. “The digitization of their land forces will tackle the Netherlands and Germany together. The goal: At the latest in the 2030s, the armies of both countries should be networked at all levels and communicate with each other electronically without any restrictions.” reported the Handelsblatt “It’s a really big step, we’ve never done so before,” said Dutch Defense Minister Ank Bijleveld-Schouten on Tuesday to Handelsblatt on the sidelines of the meeting of the Nordic NATO defense ministers in Berlin.” Even if Dutch and German army have already conducted joint foreign missions, they have never exchanged information across national borders. “Today we cannot even communicate across borders with our radios,” said Bijleveld-Schouten.
  17. Maps just got a lot more useful for commuters. The company today announced a pair of updates for its mapping application — one that will offer live traffic delays for buses in the cities where it didn’t already provide real-time updates, and another that will tell you how crowded your bus, train, or subway car will be. The latter is perhaps the more interesting of the two, as it represents a new prediction technique Google has been perfecting for over half a year. Starting in October, the company began to ask Google Maps users to rate their journey if they had traveled during peak commuting hours of 6 am to 10 am. Google asked about how many seats were available or if it was standing room only, in order to identify which lines had the highest number of crowdedness reports. Over time, it was able to model this data into a new prediction capability designed to tell transit riders how packed their bus or train would be. It also used this data to create rankings of the most crowded routes and stops around the world. Buenos Aires and Sao Paulo dominated the rankings for the most-crowded transit lines, as each city had 3 lines in the top 10. Meanwhile, New York’s L train is the only one in the U.S. to rank in the top 10. This isn’t the first time Google has used its massive Maps footprint to make predictions about crowds. The company had already introduced similar features for predicting the size of the crowd at restaurants and other retail locations. In addition, Google today expanded its ability to alert bus riders to delays. In December 2017, the company began offering real-time information provided by local transit agencies to transit riders. But this data wasn’t available in all cities. To address the problem, Google is launching live traffic delays in those markets where the information has been lacking — like Atlanta, GA. To make its predictions, Google is combining the bus route details with the data it’s collecting from users who have consented to anonymized data sharing. This is the same data collection mechanism it uses to predict the crowds at local businesses today. Essentially, the company is turning Google Maps into a powerful tool to understand the movement of people in the world. But many users may not know they’ve been opted into this data-sharing by default. In fact, they probably will think the transit data is coming from the city — not from the app installed on their phone and millions of others. In any event, users will now be able to see the bus delays, how long the delay will be, and adjusted travel times based on these live conditions. Google says the new features are rolling out on Google Maps in nearly 200 cities worldwide on both Android and iOS today.
  18. Twitter  didn’t name any names with today’s new feature news, but one extremely online user loomed large over the announcement. The company took to its Safety blog to announce the addition of a new “abusive behavior” label that users will have to click through to access content. This isn’t just any content warning, though. It applies to a pretty exclusive club of users whose writing breaks the company’s anti-abuse rules, but whose comments are still deemed part of “the public conversation.” In order to apply, they must, Granted, the state of public discourse in 2019 and in the lead up to next year’s election will almost certainly ensure that a number of people fall squarely in the center of that Venn diagram, but Twitter probably could have saved a few paragraphs by just calling this one “Trump’s Law.” Jack Dorsey and other execs have clearly been extremely uncomfortable with the position the President has placed them in by regularly saber rattling and name calling on the site. The new feature will look like other sensitive material notices on the platform, with the option to click through to read the content. It will show up in safe search, Top Tweets, push notifications and a few other places. Tweets sent before today will not be subject to the new feature. The move is sure to stir up feelings amongst politicians already crying foul against perceived social media bias, and Twitter says it will “continue to evaluate how our rules and enforcement actions can be clearer and keep working to make our decision-making easier to understand.” Republican politicians have regularly called out Twitter, Facebook and other sites for “shadow banning” and other instances and what they believe to be a liberal Silicon Valley bias.
  19. Google today announced a slew of improvements to the way video recommendations are presented on YouTube. Acknowledging that no one knows a user's tastes better than the user, YouTube is implementing some changes that give users more control over what videos are shown in the Homepage and the Up Next section in video pages. The most interesting of these enhancements is the ability to remove specific channels from the recommendations altogether. This way, if you're interested in a certain topic, but don't care for a particular channel about that topic, you won't have to see it anymore. This capability is available starting today on iOS and Android, and it's coming to the desktop experience later. When you get video suggestions from a new channel, YouTube will also now tell you why that video is being recommended. For example, a channel may be recommended to you because other users who follow the channels you follow also follow that one. This feature is now available on iOS, with Android and desktop support coming soon. Finally, you can now tailor the recommended videos page by showing only specific topics that YouTube has determined you're interested in. At the top of the Homepage and the Next Up section under a video, you'll see a list of topics based on your interests, and you can individually select one of those topics so that the recommended videos are only directly related to that topic. This feature will debut on the YouTube app for Android for English users, and support for iOS, desktop, and other languages is coming soon.
  20. A week ago, Microsoft finally launched its Chromium-based Edge browser for older versions of Windows, including Windows 7, 8, and 8.1. It was only available from the Canary branch though, which is updated daily. Today, Edge Dev is now available for the older operating systems. Edge Dev is updated weekly, and that means that it's less likely to break. There's also an Edge Beta branch that's coming soon; that will be updated every six weeks like the stable channel will be. Of course, the stable channel is still a long way off. You'll get the same builds as users do on Windows 10 and macOS, and they come out on Tuesdays. One feature that you'll find is missing is dark mode, as that automatically matches your system settings. Obviously, there's no native dark mode on Windows 7 or 8.1. Luckily, the Edge team mentioned on the Windows Insider podcast today that it may be adding manual controls. If you want to check out Edge Dev for older versions of Windows, you can find it here. Just pick the platform you're looking for at the bottom.
  21. A few days ago, Riviera Beach City agreed to pay $600,000 in ransom, now less than a week later, another city in Florida opted to do the same to recover its data after a ransomware attack. The victim is Lake City, Florida, that during an emergency meeting of the city council held on Monday, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. Lake City is a small city in Florida with a population of 65,000 that was hit by ransomware earlier on June 10. “On Monday June 10th, 2019, the City of Lake City was targeted by a malware attack known as ‘Triple Threat.'” states the press release published by the city. “This ransomware program combines three different methods of attack to target network systems. As a result of this attack, many City systems are currently out of order. City personnel are working diligently to establish alternate methods of providing city services.” The systems were hit by so-called Triple-threat attack, a ransomware attack that involves three different malware. In the past Triple Threat attacks involved the QUERVAR ransomware, the SIREFEF, and ZACCESS.  At the time of writing, all City of Lake City email systems are out of order, such as most land-linephones. Other City networks are currently disabled as precautionary measure and the IT staff as isolated the Public Safety networks. In a few minutes after the initial infection, the ransomware compromised almost all the City computer systems, except the systems operated by the police and fire departments that are hosted on a separate network. Most City departments are operating using Emergency Operations cell phones. The activities of the small city have been blocked for nearly two weeks because of the ransomware attack. Crooks made a request of a ransom a week after the initial infection, they contacted the Lake City’s insurance provider, the League of Cities, which negotiated a payment of 42 bitcoins. The city’s IT staff is now working to restore operations after receiving the key to decrypt its data. In July 2018, another Palm Beach suburb, Palm Springs, decided to pay a ransom, but it was not able to completely recover all its data. In March 2019, computers of Jackson County, Georgia, were infected with ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.
  22. Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Akamai researcher Larry Cashdollar discovered a new piece of the Silex malware that is bricking thousands of IoT devices, over 2,000 devices have been bricked in a few hours and the expert is continuing to see new infections. Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system. The only way to recover infected devices is to manually reinstall the device’s firmware. Silex is not the first IoT malware with this behavior, back in 2017 BrickerBot bricked millions of devices worldwide. According to ZDnet that interviewed the malware’s creator, the attacks are about to intensify in the coming days. “The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later.” reported ZDnet. “Attacks are still ongoing, and according to an interview with the malware’s creator, they are about to intensify in the coming days.” The researcher Ankit Anubhav was also able to trace the attacker and confirmed that the bot was developed to brick the infected IoT devices. Anubhav believes that the Silex malware was developed by a teenager using the online moniker of Light Leafon. The same guy has also created the ITO IoT botnet, According to Cashdollar, the Silex malware uses a list of known default credentials for IoT devices in the attempt to log in and perform malicious actions. The malware writes random data from /dev/random to any mounted storage it finds. “I see in the binary it’s calling fdisk -l which will list all disk partitions,” Cashdollar told ZDNet. “It then writes random data from /dev/random to any partitions it discovers.” The malware also deletes network settings and any other data on the device, then it flushes all iptables entries before halting or rebooting the device. The IoT malware is targeting any Unix-like system with default login credentials, according to Cashdollar it leverages a Bash shell version to target any architecture running a Unix like OS. The malware could brick Linux servers having Telnet ports open that use known credentials. The IP address (185[.]162[.]235[.]56) behind the attacks observed by the experts is hosted on a VPS server owned by novinvps.com, which is operated out of Iran. According to Ankit Anubha who spoke with the author of the malware, the developer has definitively abandoned the HITO botnet for Silex and plans to implement other destructive features (SSH hijacking capability, add exploits into Silex). At the time it is not clear the Light’s motivation for these attacks, let’s hope he will use his talent for legal and good projects.
  23. JUNNYs ScRipT

  24. New Chat Server & Radio Station Outlaw Radio

    Hello Everyone, Please stop by and visit any time, if you have any questions or issues stop by the Help Desk and we will be happy to assist you. Merlin
  25. Just Arrived back from vacation to hear there's a new chat Server called Evolution ChatThey also have a Radio station called Outlaw Radio. http://www.outlaw-radio.net http://www.evolutionchat.co Owner's of chat Merlin & DarkAngel
  26. Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys.Researchers have uncovered a new side-channel attack that could be exploited by attackers to extract sensitive data from Qualcomm secure keystore, including private keys, and passwords. The attack potentially impacts most of the modern Android devices that use Qualcomm chips,  including popular Snapdragon models 820, 835, 845 and 855 The attack leverages a flaw in the Qualcomm Secure Execution Environment (QSEE), designed to securely store cryptographic keys on devices. “A side-channel attack can extract private keys from certain versions of Qualcomm’s secure keystore. Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware.” reads a blog post published by NCC Group. “On some devices, Qualcomm’s TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. “ According to NCC, the Hardware-backed keystores rely on ARM TrustZone to protect sensitive data, it splits execution on many devices into a secure world (used to manage sensitive data) and a normal world (used by processes of the Android OS). Experts pointed out that the two worlds have the same underlying microarchitectural structures, meaning an attacker could carry out a side-channel attack to access protected memory. The experts used a memory cache analyzer called Cachegrab to carry out  side-channel attacks on TrustZone. The experts tested a rooted Nexus 5X device using the Qualcomm Snapdragon 808 and discovered that the QSEE that leaking data that could be used to recover 256-bit ECDSA keys. The attacker must have root access to the device to launch the attack. Qualcomm has released a security patch to address the flaw tracked as CVE-2018-11976, while Android disclosed a patch for the flaw in its April update. Below the timeline of the flaw: March 19, 2018: Contact Qualcomm Product Security with issue; receive confirmation of receiptApril, 2018: Request update on analysis of issueMay, 2018: Qualcomm confirms the issue and begins working on a fixJuly, 2018: Request update on the fix; Qualcomm responds that the fix is undergoing internal reviewNovember, 2018: Request update on the timeline for disclosure; Qualcomm responds that customers have been notified in October, beginning a six-month carrier recertification process. Agree to April 2019 disclosure date.March, 2019: Discuss publication plans for April 23April, 2019: Share draft of paper with QualcommApril 23, 2019: Public Disclosure“Providing technologies that support robust security and privacy is a priority for Qualcomm,” a Qualcomm spokesperson told Threatpost. “We commend the NCC Group for using responsible disclosure practices surrounding their security research. Qualcomm Technologies issued fixes to OEMs late last year, and we encourage end users to update their devices as patches become available from OEMs.”Technical details of the vulnerability are available in the paper published by the expert. Source: https://securityaffairs.co
  1. Load more activity