News & Updates

Enlarge / Someone is (thankfully) missing here, and his name rhymes with “hot-mud-sand.” (credit: Warner Bros.)

This week’s feature-length Justice League film benefits as much as it suffers from a “can’t get any worse” reputation. Between the diminishing returns of Zack Snyder as a filmmaker, a crowded cast of new-to-film DC characters, and the incredibly stinky shadow of Batman V Superman, you’d be foolish to go into the latest (and likely final) Snyder DC film with high hopes. Like, even if it’s adequate, that might seem monumental.

With that in mind, Justice League lands almost exactly where I predicted: as a mostly tolerable, occasionally fun, often ponderous, rarely logical attempt to unify the DC Comics film universe. It doesn’t unseat Wonder Woman as the best DC Comics film in recent memory. It’s certainly no Avengers, and, gosh, it isn’t even Avengers: Age of Ultron. But it also won’t live in infamy as another one of DC’s midnight-movie laugh-a-ramas. It’s just acceptably subpar.

Two outta three origins ain’t bad

If you’re desperate to have your pro-DC bias acknowledged, Justice League does kick butt at a couple of things. The film has to juggle a whopping three film-universe origin stories, and it surprisingly succeeds at two of those.

Read 16 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / The pull of the Force is strong with things like an impeccably rendered Millennium Falcon. (I mean, gosh, that’s purty.) But Star Wars: Battlefront II can’t paint over most of its failings. (credit: EA / DICE)

I’ve tried to give the new video game Star Wars: Battlefront II a fair shake, and I tried to do so through three types of fandom, at that. I really dig Star Wars—and I’ve generally appreciated when the series has expanded its universe in video game form. I’m a big fan of DICE as a creator of high-polish, massively multiplayer online shooters. And I thought 2015’s reboot of the Star Wars: Battlefront game series was perfectly satisfactory as an accessible online action game.

I kept all of these optimistic angles in mind as I booted the new game—and as I used my lightsaber of fandom to try to carve through its confusing economies. But that has been Scarif-massacre levels of difficult. Battlefront II ultimately lands as an adequate-but-forgettable combination of polish, bombast, and been-there-done-that shooter tropes. Even after EA’s last-minute about-face, little about the total package makes me eager to recommend it to anybody looking for a family-friendly blaster, a Star Wars-worthy story, or a month-after-month dive into online team combat.

One step forward, how many steps back?

Read 32 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

JoltandBleed – Oracle issued an emergency patch for vulnerabilities affecting several of its products that rely on the proprietary Jolt protocol.

Oracle issued an emergency patch for vulnerabilities affecting several of its products that rely on the proprietary Jolt protocol.

The vulnerabilities were reported by experts at ERPScan who named the set of five vulnerabilities JoltandBleed.

The most critical flaw was rated with the highest CVSS base score of 9.9 and even 10.0, according to the experts it may be exploited over a network without the need for a valid username and password.

The JoltandBleed issues affect the Jolt server within Oracle Tuxedo that is used by numerous Oracle’s products, including Oracle PeopleSoft. An attacker can exploit the vulnerabilities to gain full access to all data stored in the following ERP systems:

  • Oracle PeopleSoft Campus Solutions
  • Oracle PeopleSoft Human Capital Management
  • Oracle PeopleSoft Financial Management
  • Oracle PeopleSoft Supply Chain Management, etc.

Below the complete list of the JoltandBleed vulnerabilities discovered by the expert:

  1. CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server.
  2. CVE-2017-10267 is a vulneralility of stack overflows.
  3. CVE-2017-10278 is a vulneralility of heap overflows.
  4. CVE-2017-10266 is a vulnerability that makes it possible for a malicious actor to bruteforce passwords of DomainPWD which is used for the Jolt Protocol authentication.
  5. CVE-2017-10269 is a vulnerability affecting the Jolt Protocol; it enables an attacker to compromise the whole PeopleSoft system.

The flaw ties the way Jolt Handler (JSH) processes a command with opcode 0x32

“This error is originated with that how Jolt Handler processes a command with opcode 0x32. If the package structure is incorrect, a programmer has to provide a Jolt client with a certain Jolt response indicating there is an error in the communication process,” continues ERPScan.

Oracle made the patches available Tuesday for Oracle Fusion Middleware, which address all vulnerabilities.

JoltandBleed

The vulnerability was caused by a coding mistake in a function call that was responsible for packing data to transmit.

“The confusion was between 2 functions, jtohi and htoji. Consequently, packing of a constant package length that must be 0x40 bytes is actually 0x40000000,” said ERPScan.

“Then a client initiates the transmission of 0x40000000 bytes of data. Manipulating the communication with the client, an attacker can achieve a stable work of a server side and sensitive data leakage. Initiating a mass of connections, the hacker passively collects the internal memory of the Jolt server,”

The vulnerability causes the leakage of credentials when a user enters them through the web interface of PeopleSoft systems.

Technically, the flaw is a memory leakage vulnerability similar to HeartBleed so it can be used to retrieve a user password and other sensitive data.

“One of the possible attacks besides an obvious theft of employees data is for students to hack Campus Solutions and modify or delete payment orders for their education or gain financial aid. This attack as well as other details was demonstrated today at the DeepSec Security conference in Vienna.” said ErpScan.

Below the video PoC published by ErpScan:

According to Oracle the CVE-2017-10272 memory disclosure vulnerability is easy to exploit and allows a low privileged attacker with network access via Jolt to compromise Oracle Tuxedo.

“Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo.” wrote Oracle. “While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo.”

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini 

(Security Affairs – JoltandBleed, hacking)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post Oracle issues emergency patches for JOLTANDBLEED flaws appeared first on Security Affairs.

Source: Security affairs

Kaspersky Lab publishes a full technical report related to hack of its antivirus software to steal NSA hacking code.

In October, anonymous source claimed that in 2015 the Russian intelligence stole NSA cyber weapons from the PC of one of its employees that was running the Kaspersky antivirus.

Kaspersky denies any direct involvement and provided further details about the hack, but it wasn’t a good period for the firm.

In September, the US Government banned the Russian security firm from all federal government systems.

The PC was hacked after the NSA employee installed a backdoored key generator for a pirated copy of Microsoft Office.

Kaspersky Lab, published in October a detailed report on the case that explains how cyber spies could have easily stolen the software exploits from the NSA employee’s Windows PC.

In October many media accused Kaspersky of helping the Russian intelligence for the detection of the US cyber-weapons on the PC via its security solutions, but according to the security firm the situation is quite different.

According to the telemetry logs collected by the Russian firm, the staffer temporary switched off the antivirus protection on the PC, and infected his personal computer with a spyware from a product key generator while trying to use a pirated copy of Office.

On September 11, 2014, Kaspersky antivirus detected the Win32.GrayFish.gen trojan on the NSA employee’s PC, some time later the employee disabled the Kaspersky software to execute the activation-key generator

Then the antivirus was reactivated on October 4, it removed the backdoored key-gen tool from the NSA employee’s PC and uploaded it to Kaspersky’s cloud for further analysis.

Kaspersky offered to hand over the source code of its solution to the US experts, to prove it wasn’t up involved in any cyber espionage operation.

Back to the present, Kaspersky published a new report that sheds the light on the investigation conducted by the firm on the NSA-linked Equation Group APT.

Kaspersky began running searches in its databases since June 2014, 6 months prior to the year the alleged hack of its antivirus, for all alerts triggered containing wildcards such as “HEUR:Trojan.Win32.Equestre.*”. The experts found a few test signatures in place that produced a LARGE amount of false positives.

The analysis revealed the presence of a specific signature that fired a large number of times in a short time span on just one system, specifically the signature “HEUR:Trojan.Win32.Equestre.m” and a 7zip archive (referred below as “[undisclosed].7z”). This is the beginning of the analysis on the system that was found containing not only this archive, but many files both common and unknown that indicated this was probably a person related to the malware development.

“In total we detected 37 unique files and 218 detected objects, including executables and archives containing malware associated with the Equation Group. Looking at this metadata during current investigation we were tempted to include the full list of detected files and file paths into current report, however, according to our ethical standards, as well as internal policies, we cannot violate our users’ privacy.” states the new report published by Kaspersky.

“This was a hard decision, but should we make an exception once, even for the sake of protecting our own company’s reputation, that would be a step on the route of giving up privacy and freedom of all people who rely on our products. Unless we receive a legitimate request originating from the owner of that system or a higher legal authority, we cannot release such information.”

kaspersky

The analysis of the computer there the archive was found revealed that it was already infected with malware. In October of that year the user downloaded a pirated copy of the Microsoft Office 2013, but the .ISO was containing the Mokes backdoor.

“What is interesting is that this ISO file is malicious and was mounted and subsequently installed on the system along with files such as “kms.exe” (a name of a popular pirated software activation tool), and “kms.activator.for.microsoft.windows.8.server.2012.and.office.2013.all.editions”. Kaspersky Lab products detected the malware with the verdict Backdoor.Win32.Mokes.hvl.” continues Kaspersky.

Kaspersky was able to detect and halt Mokes, but the user turned off the Russian software to execute the keygen.

Once the antivirus was turned on again, it detected the malware. Kaspersky added that over a two month its security software found 128 separate malware samples on the machine that weren’t related to the Equation Group.

Kaspersky found that the Mokes’ command and control servers were apparently being operated by a Chinese entity going by the name “Zhou Lou”, from Hunan, using the e-mail address “[email protected]

Kaspersky explained that it’s also possible that the NSA contractor’s PC may have been infected with a sophisticated strain of malware developed by an APT that was not detected at the time.

“Given that system owner’s potential clearance level, the user could have been a prime target of nation states,” Kaspersky said. “Adding the user’s apparent need for cracked versions of Windows and Office, poor security practices, and improper handling of what appeared to be classified materials, it is possible that the user could have leaked information to many hands.”

Further details are included in the technical report.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini 

(Security Affairs – Kaspersky Lab, Cyber espionage)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post Kaspersky provided further details on NSA Incident. Other APTs targeted the same PC appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: Sergi Reboredo/VW PICS/UIG via Getty Images)

A New York state judge has concluded that a powerful police surveillance tool known as a stingray, a device that spoofs legitimate mobile phone towers, performs a “search” and therefore requires a warrant under most circumstances.

As a New York State Supreme Court judge in Brooklyn ruled earlier this month in an attempted murder case, New York Police Department officers should have sought a standard, probable cause-driven warrant before using the invasive device.

The Empire State court joins others nationwide in reaching this conclusion. In September, the District of Columbia Court of Appeals also found that stingrays normally require a warrant, as did a federal judge in Oakland, California, back in August.

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo, are affected by the Blueborne flaws.

A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in
Millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo, are affected by the recently discovered Blueborne vulnerabilities.
The recently discovered BlueBorne attack technique was devised by experts with Armis Labs. Researchers discovered a total of eight vulnerabilities in the Bluetooth design that expose devices to cyber attacks.
Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new remote attack, even without any user interaction and pairing. The unique condition for BlueBorne attacks is that targeted devices must have Bluetooth enabled.
blueborne attack

Once an attacker compromises a Bluetooth-enabled device, he can infect any other device on the same network.

The IoT security firm Armis now reported that an estimated 15 million Amazon Echo and 5 million Google Home devices are vulnerable to BlueBorne attack.

“Following the disclosure of the BlueBorne attack vector this past September, Armis discovered that critical Bluetooth vulnerabilities impact the Amazon Echo and Google Home. These new IoT voice-activated Personal Assistants join the extensive list of affected devices.” reads the blog post published by Armis.

“Personal Assistants are rapidly expanding throughout the home and workplace, with an estimated 15 million Amazon Echo and 5 million Google Home devices sold. Since these devices are unmanaged and closed sourced, users are unaware of the fact their Bluetooth implementation is based on potentially vulnerable code borrowed from Linux and Android.”

The Amazon Echo devices are affected by the following two vulnerabilities:
  • Remote code execution vulnerability in the Linux Kernel (CVE-2017-1000251)
  • Information leak vulnerability in the SDP Server (CVE-2017-1000250)

The researchers highlighted that other Echo devices running Linux or Android operating systems are affected by other Blueborne vulnerabilities.

Google Home devices are affected only by the CVE-2017-0785 vulnerability that is an information disclosure flaw in Android’s Bluetooth stack.

The voice-activated personal assistants are constantly listening to Bluetooth communications, an attacker within the range of the vulnerable IoT device can easily hack them.

“These devices are constantly listening to Bluetooth communications. There is no way to put an agent/antivirus on these devices. And given their limited UI, there is no way to turn their Bluetooth off” continues the blog post.

Experts from Armis published a video proof-of-concept (PoC) to show how to hack an Amazon Echo device.

Armis reported the issues to both Amazon and Google that have released patches and issued automatic updates for the affected problems.

Amazon Echo users can check that their devices are using a version that is newer than v591448720.

“The Amazon Echo and Google Home are the better examples as they were patched, and did not need user interaction to update. However, the vast bulk of IoT devices cannot be updated. However, even the Echos and the Homes will eventually be replaced by new hardware versions (as Amazon and Google recently announced), and eventually the old generations will not receive updates – potentially leaving  them susceptible to attacks indefinitely.” concluded Armis.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – Bluetooth hacking, BlueBorne attack)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post 20 Million Google Home and Amazon Echo devices are affected by the Blueborne flaws appeared first on Security Affairs.

Source: Security affairs

Tesla

HAWTHORNE, CALIF.—At tonight’s Tesla Semi event we got a lot more than a vague truck design. After a short presentation of the Semi’s intended specs, one of the trucks backed onto the stage and a new red Roadster rolled out.

“The foundation of the whole company was the Roadster,” Musk told the crowd of employees. “People kept asking ‘When are you gonna make a new roadster?'”

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Tesla

HAWTHORNE, CALIF.—On Thursday evening, a couple of months later than originally promised, Tesla showed the world its first proper look at the company’s heavy duty electric vehicle, the Tesla Semi. The tractor can hook up with any trailer; no brand-specific trailer is necessary.

But let’s get some statistics on what those 2019 electric trucks will look like:

Read 18 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Perhaps Star Wars: Battlefront II won’t go down in flames after a major EA about-face. (credit: Electronic Arts)

Just hours before Star Wars Battlefront II‘s retail launch Friday, Electronic Arts and developer DICE announced that they are “turning off all in-game purchases… and all progression will be earned through gameplay.” The surprise announcement promises the ability to purchase in-game crystals (used to purchase randomized loot boxes filled with in-game items) will return “at a later date,” but “only after we’ve made changes to the game.”

“As we approach the worldwide launch, it’s clear that many of you feel there are still challenges in the design,” DICE General Manager Oskar Gabrielson writes. “We’ve heard the concerns about potentially giving players unfair advantages. And we’ve heard that this is overshadowing an otherwise great game. This was never our intention. Sorry we didn’t get this right.”

Venturebeat cites “sources familiar with the situation” in reporting that the major change comes after Electronic Arts CEO Andrew Wilson conducted a phone call with Disney CEO Bob Iger about the game. EA acquired the lucrative exclusive rights to publish Star Wars-based games in 2013, a year after Disney purchased Lucasfilm for $4 billion.

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Samuel Axon)

Apple released iOS 11.1.2 for iPhones and iPads this afternoon. It’s a minor, bug-fix update that benefits iPhone X users who encountered issues after acquiring the new phone just under two weeks ago.

iOS 11.1.2’s patch notes are short and sweet. The update fixes just two problems. The first is “an issue where the iPhone X screen becomes temporarily unresponsive to touch after a rapid temperature drop.” Last week, some iPhone X owners began reporting on Reddit and elsewhere that their touchscreens became temporarily unresponsive when going outside into the cold.

Apple shared the following statement with The Loop:

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/