News & Updates

Enlarge / The author’s Nintendo Switch, inserted into the Nyko Portable Docking Kit. (Cables aren’t inserted into its backside for this product shot.) (credit: Sam Machkovech)

Nyko had clearly been watching my Nintendo Switch coverage. The accessory maker invited me to an E3 demo this summer with promises of all kinds of new, third-party Switch accessories, but this wasn’t about carrying cases or screen protectors. The invite frontloaded one accessory above them all: the Nyko Portable Docking Kit.

Ever since I first played with a Switch, I’ve been wanting a reasonably priced, hyper-portable dock to toss into my laptop bag, to better enable an impromptu “let’s hook Mario Kart up to a TV” party. Nintendo’s official dock, as I found, is designed for nothing of the sort. Nyko demonstrated something that plain-and-simply got the job done. But that was during its flashy E3 demo—how would that translate into a final product?

The answer finally arrived in my mailbox this week, following a quiet rollout to retailers in the States. The result is modest and gets the job done, though its specific issues may very well be dealbreakers for people who want it all in a truly portable Switch dock.

Read 18 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Wikimedia Commons)

Jane Goodall is an astonishing figure in many ways. Starting with no formal training and using controversial methods, she made astonishing breakthroughs in understanding the social behavior of chimpanzees and thus understanding ourselves. She managed to become an extremely rare species: a scientist who was also a media darling. And, after dedicating many years of her life to her research (at significant personal sacrifice), she left it behind to become a global spokesperson for sustainable development and conservation.

How did that happen? That’s the subject of a new National Geographic documentary Jane. The movie is primarily based on recently rediscovered footage filmed by noted wildlife filmmaker Hugo van Lawick, who was assigned by National Geographic to film Goodall’s field work. van Lawick was there to capture a key transition in Goodall’s research and drove one in her personal life: the two would end up marrying and having a son.

While it was a pivotal time and the original footage is stunning, it provides a limited window into Goodall’s history. Other pivotal events pass by in a flash or are skipped entirely. Whether that bothers you is probably a key determinant of how much you’ll enjoy Jane.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Colorized scanning electron micrograph of Escherichia coli (E. coli), grown in culture and adhered to a cover slip. (credit: NIAID / Flickr)

On February 24, 1988, Richard Lenski seeded 12 flasks with E. coli and set them up to shake overnight at 37ºC. But he seeded them with only enough nutrients to grow until early the next morning. Every single afternoon since then, he (or someone in his lab) has taken 100 microliters of each bacterial solution, put them into a new flask with fresh growth media, and put the new flask in the shaker overnight. Every 75 days—about 500 bacterial generations—some of the culture goes into the freezer.

The starvation conditions are a strong pressure for evolution. And the experiment includes its own time machine to track that evolution.

The pivotal piece of technology enabling this experiment is the -80ºC freezer. It acts essentially, Lenski says, as a time machine. The freezer holds the bacterial cultures in a state of suspended animation; when they are thawed, they are completely viable and their fitness can be compared to that of their more highly evolved descendants shaking in their flasks. As an analogy, imagine if we could challenge a hominin from 50,000 years ago to a hackathon. (Which she would probably win, because the paleo diet.)

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Once again thank you!

·      ENISA – CTI – EU | Bonding EU Cyber Threat Intelligence
·      Flaws in Siemens Building Automation Controllers open to hack. Fix them asap
·      Hacker interview – Speaking with ICEMAN: Banks holes like in Cheese
·      Security Affairs newsletter Round 132 – News of the week
·      Swedish transport agencies targeted in DDoS cyber attacks
·      Iranian hackers compromised the UK leader Theresa Mays email account along with other 9,000 emails
·      Linux kernel affected by a local privilege escalation vulnerability
·      Pizza Hut notifies card breach while users have already reported fraudulent transactions
·      Wifi networks are vulnerable to hacking WPA KRACK attack
·      Wifi networks are vulnerable to WPA KRACK attack
·      BlackOasis APT leverages new Flash zero-day exploit to deploy FinSpy
·      Cyberespionage group stolen Microsoft vulnerabilities DB back in 2013
·      Even With The Best Email Spoofing Defences in The World, HMRC is Spoofed
·      ROCA vulnerability (CVE-2017-15361) allows attackers to recover users Private RSA Keys
·      BAE Systems report links Taiwan heist to North Korean LAZARUS APT
·      CUTLET MAKER ATM malware offered for 5000 USD on darknet forum
·      Google introduces new Advanced Protection feature to protect its users
·      South Africa – About 30-million identity numbers and other personal and financial information leaked online
·      The Necurs botnet is back spreading a downloader with new interesting features
·      Cyber espionage – China-Linked group leverages recently patched .NET Flaw
·      Microsoft provides details of a code execution vulnerability in Chrome
·      October 2017 Oracle Critical Patch Update addresses 252 Vulnerabilities
·      Threat actors started scanning for SSH Keys on websites
·      A new Mirai-Like IoT Botnet is growing in a new mysterious campaign
·      Cisco addresses a critical vulnerability in Cloud Services Platform (CSP)
·      Google launched Google Play Security Reward bug bounty program to protect apps in Play Store
·      URSNIF spam campaign expose new macro evasion tactics
·      Watch out! European Consumer Organisation warns of some kid GPS smartwatches have security flaws
·      Assemblyline – Canadas CSE intelligence Agency releases its malware analysis tool
·      Necurs botnet now spreading the Locky Ransomware via DDE Attacks
·      Proton malware spreading through supply-chain attack, victims should wipe their Macs
medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – Newsletter)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post Security Affairs newsletter Round 133 – News of the week appeared first on Security Affairs.

Source: Security affairs

The APT28 group is trying to exploit the CVE-2017-11292 Flash zero-day before users receive patches or update their systems.

Security experts at Proofpoint collected evidence of several malware campaigns, powered by the Russian APT28 group, that rely on a Flash zero-day vulnerability that Adobe patched earlier this week.

According to the experts who observed attacks on organizations across Europe and in the US, the APT28 group is trying to exploit the CVE-2017-11292 zero-day before users receive patches or update their systems.

The state-sponsored hackers focused their attacks on state departments and private-sector businesses in the aerospace industry.

“On Tuesday, October 18, Proofpoint researchers detected a malicious Microsoft Word attachment exploiting a recently patched Adobe Flash vulnerability, CVE-2017-11292. We attributed this attack to APT28 (also known as Sofacy), a Russian state-sponsored group.” states the report published by Proofpoint.

“Targeting data for this campaign is limited but some emails were sent to foreign government entities equivalent to the State Department and private-sector businesses in the aerospace industry. The known geographical targeting appears broad, including Europe and the United States. The emails were sent from free email services.”

The patch was released on Monday, October 16, at that time Kaspersky detected attacks leveraging the CVE-2017-11292 allegedly conducted by the BlackOasis APT group.

Researchers believe that APT28 was also in possession of the exploit (whether purchased, discovered on their own, or reverse engineered from the BlackOasis attack), and is trying to use it in targeted attacks.

The APT28 rushed to assemble the exploit and the distribution campaign, reusing code from past attacks, the APT28 hackers did the same in May after Microsoft patched three zero-days flaws exploited by the Russian APT group.

Back to the present, researchers believe the APT28 found a way to exploit the CVE-2017-11292, it is unclear if they purchased the zero-day or reverse engineered it from the BlackOasis attack.

The researchers noticed that the recent attacks exploiting the CVE-2017-11292 flaw employed the same old DealersChoice malware, a Flash exploit framework also used by the APT28 group against Montenegro.

When the target user opens these the weaponized files, DealersChoice contacts the remote server to download the CVE-2017-11292 exploit code and execute it.

“The document “World War 3.docx” contacts DealersChoice.B, APT28’s attack framework that allows loading exploit code on-demand from a command and control (C&C) server. DealersChoice has previously been used to exploit a variety of Flash vulnerabilities, including CVE-2015-7645, CVE-2016-1019, CVE-2016-4117, and CVE-2016-7855 via embedded objects in crafted Microsoft Word documents.” continues the report.

apt28 CVE-2017-11292

The Proofpoint researcher Kafeine, confirmed his company currently trying to take down C&C servers associated with the DealersChoice attack framework used in the CVE-2017-11292 attacks.

“APT28 appears to be moving rapidly to exploit this newly documented vulnerability before the available patch is widely deployed. Because Flash is still present on a high percentage of systems and this vulnerability affects all major operating systems, it is critical that organizations and end users apply the Adobe patch immediately. ” concluded Proofpoint.

Further technical details are available in the report published by Proofpoint, including the IOCs.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – APT28, cyber espionage)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post APT28 group is rushing to exploit recent CVE-2017-11292 Flash 0-Day before users apply the patches appeared first on Security Affairs.

Source: Security affairs

Enlarge / Robert Scoble, as seen in 2013. (credit: JD Lasica)

Robert Scoble, a longtime fixture of the Silicon Valley punditocracy, has been publicly accused of sexual harassment and assault by multiple women.

In a public Facebook post on Friday, Scoble wrote that he was “deeply sorry to the people I’ve caused pain to. I know I have behaved in ways that were inappropriate.”

“I know that apologies are not enough and that they don’t erase the wrongs of the past or the present,” he continued. “The only thing I can do to really make a difference now is to prove, through my future behavior, and my willingness to listen, learn and change, that I want to become part of the solution going forward.”

Read 14 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

An NSA leaked document about the BADDECISION hacking tool raises the doubt about National Security Agency knew the Krack attack since 2010.

Security experts are questioning the NSA about the recently disclosed Krack attack the allows an attacker to decrypt information included in protected WPA2 traffic.

Security experts believe that the National Security Agency was aware of the flaw and its arsenal included a specific exploit.

An NSA spokesperson did not comment the claims, this is normal for the US intelligence agencies, but according to ZDNet, rumors that it knew something about the vulnerability in the WPA2 protocol are circulating in the intelligence community.

In some cases, the US intelligence even is informed of a vulnerability doesn’t disclose it in the attempt to exploit it for intelligence operations.

According to a top secret document leaked by the Edward Snowden and dated back 2010, the NSA arsenal included a hacking tool called BADDECISION classified as an “802.11 CNE tool. that used a true Man-in-the-middle attack and frame injection technique to redirect a target client to a FOXACID server.”

Baddecision NSA Krack attack

The NSA exploit was designed to target wireless networks by using a man-in-the-middle attack within range of the network, according to the Top-Secret slides it works for WPA and WAP2 networks, this implies that BADDECISION could bypass the encryption.

The FOXACID platform allows NSA operators to automatically supply the best malware for a specific target.

The slide said the hacking tool “works for WPA/WPA2,” suggesting that BADDECISION could bypass the encryption.

Cue the conspiracy theories. No wonder some thought the hacking tool was an early NSA-only version of KRACK.

Is BADDECISION the Krack attack tool?

Difficult to say, but many security researchers believe BADDECISION doesn’t exploit the KRACK attack.

According to former NSA staffers cited by ZDNet the NSA BADDECISION exploit is a sort of Ettercap tool that conducts man-in-the-middle attacks to carry out address resolution protocol (ARP) spoofing or poisoning.

Anyway, even if NSA BADDECISION doesn’t rely on the Krack attack, it is impossible to totally exclude that the agency was not aware of the vulnerability recently disclosed.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – NSA, Krack attack)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post A leaked document raises a doubt about NSA knew the #Krack attack since 2010 appeared first on Security Affairs.

Source: Security affairs

The Apple iPhone 7 launch was accompanied by the launch of Apple Watch Series 2. The new smartwatch takes forward the Apple Watch, in terms of design and performance. While it sports features such as water resistance, dual-core processor, and GPS, it also happens to be a very fashionable accessory. You can choose from various […]

The post 10 Best Apple Watch Series 2 Bands: Choices Galore appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

The dreaded Proton malware was spreading through a new supply-chain attack that involved the Elmedia apps, victims should wipe their Macs

Bad news for Mac users, a new malware is threatening them of a complete system wipe and reinstall.

Crooks are distributing the malware in legitimate applications, the popular Elmedia Player and download manager Folx developed by the Elmedia Player who confirmed the threat. The latest versions of both apps came with the OSX.Proton malware.

The Proton malware is a remote access tool (RAT) available for sale on some cybercrime forums, it first appeared in the threat landscape last year. The malicious code includes many features such as the ability to execute console commands, access the user’s webcam, log keystrokes, capture screenshots and open SSH/VNC remote connections. The malicious code is also able to inject malicious code in the user’s browser to display popups asking victims’ information such as credit card numbers, login credentials, and others.

The Proton malware can hack into a victim’s iCloud account, even if two-factor authentication is used, and in March it was offered for sale at $50,000.

Experts at security firm ESET discovered that the Proton malware is spreading through supply chain attacks, hackers injected the malicious code into downloads of the applications.

“During the last hours, ESET researchers noticed that Eltima, the makers of the Elmedia Player software, have been distributing a version of their application trojanized with the OSX/Proton malware on their official website. ESET contacted Eltima as soon as the situation was confirmed. Eltima was very responsive and maintained an excellent communication with us throughout the incident.” reported ESET.

ESET promptly alerted Elmedia, hackers compromised the developer’s servers and implanted the Proton malware into the download files.

Below the timeline of the attack:

  • 2017-10-19 : Trojanized package confirmed
  • 2017-10-19 10:35am EDT: Eltima informed via email
  • 2017-10-19 2:25pm EDT: Eltima acknowledged the issue and initiated remediation efforts
  • 2017-10-19 3:10pm EDT: Eltima confirms their infrastructure is cleaned up and serving the legitimate applications again
  • 2017-10-19 10:12am EDT: Eltima publishes an announcement about the event
  • 2017-10-20 12:15pm EDT: Added references to Folx that was also distributed with the Proton malware

If you want to check your installation do a scan for the following file and directories:

/tmp/Updater.app/
/Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
/Library/.rand/
/Library/.rand/updateragent.app/

“The presence of any of the files above is an indication that your system may have been infected by the trojanized Elmedia Player or Folx application which means your OSX/Proton is most likely running. If you downloaded Elmedia Player or Folx on the 19th of October 2017, your system is likely affected.” reads the security advisory published by Eltima.

The Proton malware has already infected a computer if any of those files and directories exist. Even if the malware is recognized by antivirus software, it’s difficult to remove.

“If you have downloaded that software on October 19th before 3:15pm EDT and run it, you are likely compromised.” states ESET.

“As with any compromission with a administrator account, a full OS reinstall is the only sure way to get rid of the malware. Victims should also assume at least all the secrets outlined in the previous section are compromised and take appropriate measures to invalidate them.”

Proton malware Elmedia-Player-application

The company Eltima is also suggesting a total system OS reinstall to rid the infected systems of this malware.

“A total system OS reinstall is the only guaranteed way to totally rid your system of this Malware,” it warned. “This is a standard procedure for any system compromise with the affection of administrator account.”

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – supply chain attack, Proton malware)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post Proton malware spreading through supply-chain attack, victims should wipe their Macs appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: Patrick Shepherd/CIFOR)

It’s a common suggestion that we should just plant trees to suck CO2 out of the atmosphere, but this isn’t quite the solution it may seem. Reforestation would roughly make up for the carbon added to the atmosphere by past deforestation, but our burning of fossil fuels is another matter.

Still, that’s no argument to ignore reforestation. There is no silver bullet solution to climate change, and many things like reforestation add up to make meaningful contributions. And reforestation has a host of other benefits, including improving air quality and providing species with habitats.

So how much of a difference could efforts to save and regrow forests—together with conservation of other ecosystems—really do? That’s the question asked by a group led by Bronson Griscom, an ecologist at The Nature Conservancy. By including a broad set of possible reforestation actions, Griscom and his colleagues found a larger opportunity than we’d previously estimated.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/